Reverse Engineering


Reverse Engineering is a technique used to analyze software to identify and understand its components and its flows. It is a process of understanding code infringement processes and analyzing software weaknesses. Reverse Engineers analyze systems to create system representations in another form of abstraction.

Duration: 40 Hours

Target Audience

  • Cybersecurity practitioners
  • Cyber forensics analysts
  • Security engineers/researchers
  • Incident responders
  • Junior reverse engineers
  • Software developers
  • IT security administrators


  • ThinkCyber Level-1 Courses


  • Become familiarized with the concept of reverse engineering and applications
  • Analyze various file formats to uncover the hidden codes within them
  • Identifying Control flows
  • Understand Assembly
  • Conducting open-source intelligence
  • Exploiting server, database, and application software


Module 1: Methods of Counting & Representing Information on a Computer

This stage aims to cover necessary theories and concepts which reverse engineering is based on, starting from the base structure of files and its source.

  • Calculation of Bases
    o Hexadecimal Base
    o Binary Base
    o Transition Between Bases
    o Transition Between Hexadecimal to Binary and vice Versa
    o Numerical Actions on Numbers in Different Representations
    o Negative Numbers

Module 2: Computer systems structure – Assembly language

During this stage, students will practice an in-depth analysis of the program codes using Assembly principles. Students will be able to recognize the effect of software and codes before their initial execution.

  • Assembly
    o Registries
    o Processor Architecture
    o PE Format – Portable Executable
  • Installing a Workspace
    o Linux syscall Table
    o File Descriptor
    o The Connection to Files
    o Start of Program Construction
    o Debugging Process
    o IDA
  • Professionalization in GDB
    o Jumps & Conditions
    o Manipulation on a Processor
    o Loops
    o Activating Number-Detonation on the Processor
    o Ordering Bytes
    o Maintaining Flags Mode using a Stack
    o Stack
    o Calling Conventions
    o Build printf Functions using Assembly
    o Call to Functions

Module 3: Exploitation

In This module, Students will gain the knowledge of memory management and controlling code flows while utilizing it to replicate and exploit software; students will be focusing on using code and memory flows to use and develop exploits.

  • Buffer
    o Protostar
    o Buffer Overflow
  • Writing Exploits to Bypass Protections
    o Processes in Computer Science
    o Pseudo-terminal
    o Race Condition
    o Apport Service
    o How Debugger Works
    o Anti-Reversing
    o Return Oriented Programming (ROP)
  • Memory Management policy
    o W^X
    o NX bit
    o DEP
    o Ret2libc
    o Format String
    o Overcoming the ASLR Mechanism Through the Format String Attack
    o The Process of Adding the Addresses to a Written Code
  • Memory Management
    o Heap
    o How a Process Gets Memory From the System
    o Heap Overflow
  • Preparing a Windows Workspace
    o Visual Studio
    o OllyDbg
  • Exploitation Over the Internet
    o Buffer Overflow Over the Internet
    o Tracer Browser Detection
    o Fuzzing
    o SPIKE
    o Debug Using OllyDbg to Restore Crash
    o Shellcode
    o Manually Create Shellcode
    o Create Shellcode Using Metasploit
  • Bad Characters
    o Encoding
    o From Python to Metasploit
    o Mixins
    o SLmail
    o Immunity Debugger
  • Preparing crack for the game “mine-sweeper”
    o The Crack Making Process
    o The dll Analysis