Computer Science
Subject Area
Learning Resources
Learn more by checking out these great sites.
File Formats
learning-resource
This module is part of the CLARK Undergraduate Reverse Engineering course. File formats allow the organization of binary content. In the case of Windows executables (EXE) or shared libraries (DLL), this allows the operating system to parse the binary content and load into memory for execution. In this module you will learn the basics of the PE file format, what information can be gleaned from analyzing it and how a disassembly tool such as IDA Pro finds executablel code for disassembly. Learning outcomes: differentiate between different PE parsing utilities to select the correct one based on desired analysis objectives, interpret output from PE parsing utilities to understand program behavior, demonstrate working knowledge of the PE file format. This module by Josh Stroschein, NSA Funded Curriculum is licensed under CC BY-NC-SA 4.0.
Visit WebsiteIntermediate Intel x86: Architecture, Assembly, Applications, & Alliteration
learning-resource
Building upon the Introductory Intel x86 class, this class goes into more depth on topics already learned, and introduces more advanced topics that dive deeper into how Intel-based systems work. Example applications include showing how hardware and memory mechanisms are used for software exploits, anti-debug techniques, rootkit hiding, and direct hardware access for keystroke logging.
Visit WebsiteIntroduction To Trusted Computing
learning-resource
This course is an introduction to the fundamental technologies behind Trusted Computing. You will learn what Trusted Platform Modules (TPMs) are and what capabilities they can provide both at an in-depth technical level and in an enterprise context. You will also learn about how other technologies such as the Dynamic Root of Trust for Measurement (DRTM) and virtualization can both take advantage of TPMs and be used to enhance the TPM's capabilities.
Visit WebsiteIntroduction to ARM
learning-resource
ARM processors are becoming ubiquitous in mobile devices today with RISC processors making a comeback for their applications in low power computing environments. With major operating systems choosing to run on these processors including the latest Windows RT, iOS and Android, understanding the low level operations of these processors can serve to better understand, optimize and debug software stacks running on them. This class builds on the Intro to x86 class and tries to provide parallels and differences between the two processor architectures wherever possible while focusing on the ARM instruction set, some of the ARM processor features, and how software works and runs on the ARM processor.
Visit WebsiteIntroductory Intel x86: Architecture, Assembly, Applications, & Alliteration
learning-resource
Intel processors have been a major force in personal computing for more than 30 years. An understanding of low level computing mechanisms used in Intel chips as taught in this course serves as a foundation upon which to better understand other hardware, as well as many technical specialties such as reverse engineering, compiler design, operating system design, code optimization, and vulnerability exploitation. 25% of the time will be spent bootstrapping knowledge of fully OS-independent aspects of Intel architecture. 50% will be spent learning Windows tools and analysis of simple programs. The final 25% of time will be spent learning Linux tools for analysis.
Visit WebsiteNumber Systems
learning-resource
This module is part of the CLARK Undergraduate Reverse Engineering course. The ability to efficiently convert between base 10, base 2 and base 16 number systems is important for any reverse engineering, cyber security analyst or computer scientist. In this course, students will learn the base 10, base 16 and base 2 number systems and how to convert numeric values between them. At the end of the course is a hands-on lab that allows students to apply what they have learned. Learning outcomes: examine how negative values are stored and interpreted in computing systems, examine how negative values are stored and interpreted in computing systems and differentiate between different number systems used by computing systems. This module by Josh Stroschein, NSA Funded Curriculum is licensed under CC BY-NC-SA 4.0.
Visit WebsiteProcesses and Virtual Memory
learning-resource
This module is part of the CLARK Undergraduate Reverse Engineering course. Processes form the core structure that contains executable code within an operating system. In this course, you will learn what a process is, what it is composed of and key elements needed to aid in reverse engineering activities. Learning outcomes: operate tools such as Process Hacker 2 to analyze a programs use of virtual memory, interpret program memory allocations to assess program functionality, define the differences between a process and a program. This module by Josh Stroschein, NSA Funded Curriculum is licensed under CC BY-NC-SA 4.0.
Visit WebsiteThe Life of Binaries
learning-resource
Topics include: Scanning and tokenizing source code; parsing a grammar; different targets for x86 assembly object files generation; linking object files together to create a well-formed binary; detailed descriptions of the high level similarities and low level differences between the Windows PE and Linux ELF binary formats; how an OS loads a binary into memory and links it on the fly before executing it.
Visit WebsiteVideo Playlist: Intermediate Intel x86
learning-resource
A Youtube playlist of the OpenSecurityTraining.info 'Intermediate Intel x86' course being delivered. Building upon the Introductory Intel x86 class, this class goes into more depth on topics already learned, and introduces more advanced topics that dive deeper into how Intel-based systems work. Example applications include showing how hardware and memory mechanisms are used for software exploits, anti-debug techniques, rootkit hiding, and direct hardware access for keystroke logging.
Visit WebsiteVideo Playlist: Introduction To Trusted Computing
learning-resource
A Youtube playlist of the OpenSecurityTraining.info 'Introduction To Trusted Computing' course being delivered. This course is an introduction to the fundamental technologies behind Trusted Computing. You will learn what Trusted Platform Modules (TPMs) are and what capabilities they can provide both at an in-depth technical level and in an enterprise context. You will also learn about how other technologies such as the Dynamic Root of Trust for Measurement (DRTM) and virtualization can both take advantage of TPMs and be used to enhance the TPM's capabilities.
Visit WebsiteVideo Playlist: Introduction to ARM
learning-resource
A Youtube playlist of the OpenSecurityTraining.info 'Introduction to ARM' course being delivered. ARM processors are becoming ubiquitous in mobile devices today with RISC processors making a comeback for their applications in low power computing environments. With major operating systems choosing to run on these processors including the latest Windows RT, iOS and Android, understanding the low level operations of these processors can serve to better understand, optimize and debug software stacks running on them. This class builds on the Intro to x86 class and tries to provide parallels and differences between the two processor architectures wherever possible while focusing on the ARM instruction set, some of the ARM processor features, and how software works and runs on the ARM processor.
Visit WebsiteVideo Playlist: Introductory Intel x86: Architecture, Assembly, Applications, & Alliteration
learning-resource
A Youtube playlist of the OpenSecurityTraining.info 'Introductory Intel x86' course being delivered. Intel processors have been a major force in personal computing for more than 30 years. An understanding of low level computing mechanisms used in Intel chips as taught in this course serves as a foundation upon which to better understand other hardware, as well as many technical specialties such as reverse engineering, compiler design, operating system design, code optimization, and vulnerability exploitation. 25% of the time will be spent bootstrapping knowledge of fully OS-independent aspects of Intel architecture. 50% will be spent learning Windows tools and analysis of simple programs. The final 25% of time will be spent learning Linux tools for analysis.
Visit WebsiteVideo Playlist: The Life of Binaries
learning-resource
A Youtube playlist of the OpenSecurityTraining.info 'The Life of Binaries' course being delivered. Topics include: Scanning and tokenizing source code; parsing a grammar; different targets for x86 assembly object files generation; linking object files together to create a well-formed binary; detailed descriptions of the high level similarities and low level differences between the Windows PE and Linux ELF binary formats; how an OS loads a binary into memory and links it on the fly before executing it.
Visit Website