top of page

Course Description

Dive deep into the expansive world of cybersecurity with our "Automated Reverse Engineering and Exploitation" course. Designed for cybersecurity professionals and personnel within the US military, this course provides a unique blend of theory, practical exercises, and visualizations. In this majority hands-on course, we'll be working within Linux and VxWorks environments, and exploring various architectures such as MIPS, PowerPC, and ARM.

As the cyber threat landscape continues to evolve, understanding the intricacies of embedded systems is of paramount importance. We aim to equip you with the skills to identify vulnerabilities, recommend mitigations, and develop proof-of-concept exploits using both manual and automated techniques.

Automation

In the Automated Reverse Engineering and Exploitation course, a significant focus will be placed on the role of automation in reversing. Automation plays a pivotal role in the modern cyber security landscape, allowing us to expedite processes, enhance accuracy, and manage complex tasks with relative ease. This is particularly relevant in the field of reverse engineering, where automation can be a game-changer.

 

The automation aspect of this course empowers you to handle complex reversing tasks more efficiently, allowing you to focus more on strategic decision-making and less on time-consuming manual analysis. By the end of the course, you'll be equipped with the knowledge and skills to integrate automated reversing techniques into your cybersecurity practices, enhancing your overall effectiveness and efficiency.

Exploitation

Exploitation, a critical component in the world of cybersecurity, refers to the act of leveraging vulnerabilities in a system to gain unauthorized access or control. In the "Automated Reverse Engineering and Exploitation" course, we emphasize the practical application of exploitation techniques to understand and mitigate cyber threats.

Here's a glimpse into what you'll learn about exploitation:

1. Understanding Exploitation: Delve into the principles of exploitation, the types of vulnerabilities that can be exploited, and the implications of successful exploits. We'll explore real-world examples to enhance your understanding of how exploits function in different contexts.

2. Exploit Development: Develop practical skills in creating proof-of-concept exploits. You'll learn how to use both manual and automated techniques to develop exploits, providing a comprehensive toolkit for assessing system vulnerabilities.

3. Exploitation in Different Architectures: Understand how exploitation varies across different architectures such as MIPS, PowerPC, and ARM. This will equip you with the knowledge to handle a wide range of systems and technologies.

4. Mitigating Exploits: Learn effective strategies to mitigate potential exploits. By understanding how exploits work, you'll gain the ability to devise robust strategies to prevent them, enhancing your organization's cybersecurity posture.

 

Who should take this Automated Reverse Engineering and Exploitation course?

The course is designed to cater to a wide array of cybersecurity professionals and organizations. This includes, but is not limited to:

  1. Cybersecurity Analysts and Engineers: If you're involved in the technical aspect of protecting systems and networks, this course will equip you with the skills to identify vulnerabilities in embedded systems and recommend mitigations. You'll gain the practical know-how to create proof-of-concept exploits, enhancing your ability to defend your organization's digital infrastructure.

  2. Penetration Testers: This course is ideal for penetration testers looking to expand their skills in automated reversing and exploitation. It provides a deeper understanding of working with various architectures like MIPS, PowerPC, and ARM, and using both manual and automated techniques for system exploitation.

  3. Information Security Managers: Information security managers can benefit from understanding the technical aspects of vulnerabilities and exploits. This can lead to improved decision-making when overseeing teams, setting strategies, and communicating risk to other stakeholders within the organization.

  4. Military Cyber Operations Personnel: As the digital warfare landscape evolves, this course offers a solid foundation for military personnel engaged in cyber operations. Understanding how to assess vulnerabilities and develop proof-of-concept exploits can be vital in ensuring national security.

  5. IT Auditors: While traditionally less technical, IT auditors with an understanding of automated reversing and exploitation can provide more comprehensive audits, better comprehend potential risks, and suggest more effective controls.

 

Example Course Schedule:

Day 1 - Introduction and Foundation

  • Course Introduction: Overview and Expectations

  • Cybersecurity Landscape: Current Trends and Challenges

  • Understanding Various Architectures: MIPS, PowerPC, ARM

  • Introduction to Linux and VxWorks Environments

  • Introduction to Embedded Systems: Basics and Importance

Day 2 - Reversing Techniques

  • Manual Reversing Techniques: Basics and Applications

  • Introduction to Automated Reversing: Importance and Applications

  • Automated Disassembly and Analysis

  • Hands-on Exercise: Manual and Automated Reversing

Day 3 - Exploitation Techniques

  • Understanding Exploitation: Principles and Real-World Examples

  • Exploit Development: Manual Techniques

  • Exploit Development: Automated Techniques

  • Hands-on Exercise: Developing Proof-of-Concept Exploits

Day 4 - Automation in Depth

  • Scripting for Automation: Basics and Best Practices

  • Automated Exploit Development

  • Integration of Automation into Cybersecurity Workflow

  • Hands-on Exercise: Scripting for Automated Reverse Engineering and Exploit Development

Day 5 - Mitigation Strategies and Course Conclusion

  • Understanding and Developing Mitigation Strategies

  • Ethical Considerations in Exploitation

  • Course Recap and Review of Key Concepts

  • Final Hands-on Exercise: Complete Vulnerability Assessment and Mitigation Proposal

  • Course Conclusion and Next Steps

 

 

By completing this course, all participants will gain a greater understanding of embedded systems, their vulnerabilities, and how to mitigate these threats. This is not merely an opportunity for professional development; it's a strategic investment in the robustness and resilience of your organization's defense against cyber threats. Join us for this transformative learning journey and let's build a safer digital future, together.

About Boston Cybernetics Institute

Boston Cybernetics Institute, PBC was created by former MIT Lincoln Lab cybersecurity researchers to give meaningful niche cyber instruction to a new generation of cybersecurity professionals.

 

We avoid the normal style of teaching with PowerPoint and lectures, opting to provide instead real-life engaging instruction that takes place in a customized environment. We have given our style of instruction to multiple DoD agencies, US commercial companies, and international companies.

BCI_LOGO_FINAL_Seal_Black-MOD2.png

Instructors at Boston Cybernetics Institute

Jeremy Blackthorne.png

Jeremy Blackthorne

President of the Boston Cybernetics Institute

Jeremy Blackthorne is a Lead Instructor at the Boston Cybernetics Institute (BCI). Before BCI, he was a researcher in the Cyber System Assessments group at MIT Lincoln Laboratory. Blackthorne is the co-creator and instructor for the Rensselaer Polytechnic Institute (RPI) courses: Modern Binary Exploitation, Spring 2015 and Malware Analysis, Spring 2013. ​Jeremy has published research at various academic and industry conferences. He served in the U.S. Marine Corps and is an alumnus of RPISEC. He holds a BS and MS in computer science. ​ Blackthorne was an active member of the Student Security Club and CTF team, RPISEC, from 2012 to 2015, where he taught seminars on Reverse-Engineering, Exploitation, and various other Cybersecurity topics.

Clark-Wood.jpg

Clark Wood

security researcher and instructor

Clark Wood is a security researcher and instructor at the Boston Cybernetics Institute (BCI), focusing on Reverse Engineering, Exploitation, and CI/CD. He recently built a Reverse-Engineering and Exploitation platform for a DoD customer and is the Lead Engineer for BCI’s Government Services. Clark was formerly on the technical staff at MIT Lincoln Laboratory where he was a member of the Cyber System Assessments Group. ​Clark holds a BA in Economics from the University of Florida, a BS and MS in Computer Science from Florida State University, and a Master’s in Technology and Policy from MIT. ​

Rodolfo.png

Rodolfo Cuevas

security researcher and instructor

Rodolfo Cuevas is a security researcher and instructor at BCI, where he focuses on understanding how design constraints can be used to limit the impact of an attacker on a system. His research combines the adversarial mindset with approaches influenced by Systems and Control Theory. ​ Rodolfo was a staff member at MIT Lincoln Laboratory and began his career as a RADAR and Ballistic Missile Defense System (BMDS) analyst. Later, Rodolfo transitioned to evaluating and Red-Teaming tactical and commercial cyber systems in support of DoD and other government programs. ​ Rodolfo holds a BS, M.Eng., and M.S. in Electrical and Computer Engineering from Cornell University.

Reed-Porada.jpg

Reed Porada

security researcher and instructor

Reed Porada is a security researcher and instructor at BCI, focused on getting to the "so what" of both defensive and offensive cyber measures. Reed also leads BCI training in Cyber Systems Analysis, focusing on developing systems-thinking skills of developers up to managers. ​Reed was a staff member at MIT Lincoln Laboratory for ten years, where he was responsible for Test and Evaluation, Test Automation Research, Red-Teaming of Cyber Systems, and Blue System Architectures. Reed was a computer scientist at the Naval Research Laboratory focused on wireless communication systems. He holds a BS in Computer Science from the University of Maryland, College Park and an MS in Software Engineering from Carnegie Mellon University.

Automated Reverse Engineering and Exploitation

Unravel the Code: Automate. Reverse. Exploit.

Cyber-security-course.png

COURSE PRICE

Upon request

COURSE LENGTH:

5 days

What happens after I click the button?

Your default e-mail client will pop up and you'll be asked to write us a short message. Please let us know which course you are interested in and what dates would work for you.

Anchor 1
bottom of page