HEXORCISM - Reverse Engineering Malware Training by nicolas brulez

Reverse Engineering Malware : Hexorcism Method

As a Malware Analyst or a Reverse Engineering enthusiast, you understand how frustrating it is when you feel lost watching assembly code, not knowing where to start, how to unpack/decrypt a file, or which functions to analyze in priority?

You are desperately trying to become faster and efficient at code analysis ...

The problem is when you are attempting to do it, here is what happens:

  • You do not understand where and what to look for in the code.
  • You do not manage to analyze samples thoroughly or fast enough.
  • You are going in every direction and get frustrated.
  • You would like to automate simple analysis tasks, but you do not know how to do it
  • You spend too much time decrypting or unpacking the sample

I very often hear the following from people who wish to learn Reverse Engineering:

  • "I know how to use most of the tools like IDA, xdbg64, I know programming, and it helps to understand, but I still get easily lost."

  • "I know the basics of assembly like "MOV, XOR, CMP, CALL", but it is hard for me to follow the flow of the actual code, and I spend hours looking around without managing to do anything."

  • "I am going in every direction, not knowing where to look and how to start"

  • "This file is packed; I don't know how to unpack it."

  • "This file uses code obfuscation; I don't know how to unobfuscate it to make it more readable."

Struggling for hours with code

As a result, your analyses are incomplete and missing critical pieces of information in the best cases. 

More often than not, you simply spend a few hours single-stepping code, not knowing what is going on.
You are looking at strings that could be potentially interesting and trying to make sense of it inside of IDA.

Maybe you are doing great as long as it is not obfuscated or packed, and then you are struggling.

 I know it is frustrating.

Even if you are a hard worker and spend countless hours, at the end of the day, your results are not necessarily the best, if any.

I want you to think for a minute, did you encounter such difficulties?

Chances are that yes - like me - you did.

My Frustrations as a Reverse Engineer

Let me tell you a story.

I started reverse-engineering 25 years ago, and I did not speak English, I did not understand assembly, and I did not even have internet access at home. I was just a teenager.

I visited an internet cafe regularly to hunt for tutorials on how to reverse engineer. Everything was in English, and the number of available tools was limited. 

I would download everything I could find: Crackmes, tutorials, tools, and save it on floppy disks.

Back then, I was using Soft ICE on Windows 95. IDA did not even have a GUI yet.

I learned English just to understand those tutorials. Most of them were written by hobbyist reverse engineers. There were mistakes sometimes, and a lot of what I studied was useless. 

My understanding of the assembly language was just as low as my English skills.

If I were to start again, the only thing I would focus on at the beginning would be learning x86 Assembly. It slowed me down for years.

This is the most critical bit of advice I can give to someone who is getting started.

I struggled for three years because I did not know what to study first.

I did not know any method, and nobody was around to help me.
I spent countless hours on my own to get valuable knowledge and experience and finally knew both Assembly and English.

I created my own techniques to tackle different problems.

Fast forward 20 years later,  we have the opposite of the problem I had: Too much information.

There are tons of video tutorials and articles in every language and dozen of tools to reverse engineer.

IDA free, Ghidra, xdbg64, Radare to list a few.

With all the overwhelming information available today:
  • Where do we start?
  • What should I learn first? What knowledge is critical to have?
  • Should we watch every free video on youtube? Some of them are excellent, and many of them aren't leading anywhere.

In other words, it is difficult to identify where to focus our time to learn the fundamentals and become a skilled reverse engineer.

I have been teaching reversing at RECON since 2005 and spent the past 15 years polishing my training methods.

Learning software reverse engineering without going in every direction requires a well-defined plan to follow.

Introducing HEXORCISM

I named that method HEXORCISM.  

The biggest mistake people make is jumping immediately into malware reversing.
You first need to build foundations and methodology before you dive into malware analysis.

The first part of the method focuses on learning techniques that you will later apply in malware analysis thanks to the hexorcism labs, which are gradually increasing in difficulties.
 
Students will work on Crackmes and Packers wrote by the instructor to learn how to solve real-life problems progressively to gain strong reverse engineering skills, which will be later used to do malware analysis.

For example, I wrote my own packers to explain IAT Redirection, Nanomites (remember Armadillo?), VM obfuscations, and the like. And of course, how to take care of them. 
All those tasks make the learning process a lot more fun and actionable. It is similar to a CTF, except that the exercises are teaching essential skills.

The second part of the training is applying the learned techniques to real-world malwares. Once the student learned how to write unobfuscating plugins, decrypt blocks of code, and automate reverse engineering tasks, malware analysis makes significantly more sense.

As I did, you can spend a few years studying random malware samples without any learning value or bounce from youtube videos to videos hoping to learn something new.

OR,
 
You can watch the training videos at your own pace and do the exercises I created, with EVERYTHING you need to know to reverse-engineer malicious applications quickly and efficiently.
 
You don't need to waste years struggling with your tools to become a better reverse engineer.

Watch the lessons to discover the techniques and methodology revealed in the training program.

No useless theoretical power points. This training is a goldmine of practical methods showing static analysis, debugging, scripting, unpacking, etc.

The lessons are dripped every week, so students don't get overwhelmed by information. Exercises are provided with their solutions in videos.

Here is a small selection of what you are going to learn

Favor static analysis to better understand the code without using a debugger unless strictly necessary (or more efficient).

Master the professional reverse engineering tool IDA Pro, and perceive how it can leverage your reverse engineer work.

Automate Analysis with IDA Python Scripts and Plugins.

Script xdbg64 to write semi-auto unpackers.

Stop being intimidated by encrypted or obfuscated samples.

Identify Cryptography algorithms used in Ransomwares (or any kind of malware) and understand how files are encrypted.

Learn how to unpack PE files correctly and handle IAT protection, instruction emulations, etc.

Pinpoint the code to reverse engineer in priority so you not get lost, not knowing what and where to look for.

Brute force algorithms: You can save a lot of time.

Generate tools for DGA without recoding the entire algorithms

And much more
On top of this, Our students get an exclusive offer:

10% Discount when purchasing IDA Pro or IDA home 

Testimonials

One of the best course, i have taken so far where i gain a good understanding on reversing PE files. The courses are well organized with samples to practice on so that we are able to gain a better understanding after watching the video on reversing them. Strongly recommending this course.

YueMeng
I've been working thru the hexorcism courses for awhile now. I can attest that the content is great and he does a solid job releasing a good deal of content to keep you busy regularly. If you havent looked at yet its well worth the money.
Ethan Marshall
The lessons in the hexorcist training are very well crafted, they start with a warmup then they dive into complexities of reverse engineering blocks of code and how to deal with them the training shows you the true power of IDA Pro,how to automate decoding parts of a binary, how to make assembly blocks more readable then they were, and how to adjust data context to reveal API functions that would only show up during runtime of a binary.
Anonymous Student
This training is delivered via very high quality and detailed videos. This allowed me to review the many techniques and information required to make me a better malware reverse engineer. Having access to the video allowed me to learn at my own pace. There are many custom-made binaries to act as challenges to help me understand the tricks to defeat the many evasions found in advanced malware samples. Finally, the most essential component of the training is the online slack channel that allows me to access the trainer, Nicolas. Nicolas is ever ready to answer every question I have on malware analysis in an amazing amount of detail. This is no doubt the best training I have ever taken on malware reverse engineering.
Mark Lim

Who am I to teach you?

My name is Nicolas Brulez, and I am the CEO of HEXORCIST and your instructor.

Over the past 25 years, I have been passionate about Reverse Engineering and Malware Analysis.

I worked as a Principal Malware Researcher at Kaspersky Lab for 8 years in the Global Research And Analysis Team.

I have been teaching Reverse Engineering for 15 years at RECON, but also in private courses.

Last, but not least, I am the co-programmer of the infamous Armadillo protection system. (more than 17 years ago)

Read what other Experts say about me

Hexorcist is definitely a course I can recommend without any second thought. Besides, online courses are the way to go.
Ilfak Guilfanov, The author of IDA Pro and Hex-Rays Decompiler

It is time to make a choice

This Reverse Engineering Training will guide you to become a better reverse engineering and malware analyst

I use Techniques learned during the first month on a daily basis

I give trainings at conference. They cost 4000 euros for 4 days.  With hexorcism, you can have an entire year for that price.

Not just four days, and you can watch the videos as often as you want and at your own pace with ability to ask me questions at any time.


I created this program to increase your skills massively and fast. 
 
I was in your case, and it took me years before I had any results. 

If I had such an opportunity in the past, it would have saved me the first years I spent losing my time reading code in the disassembler randomly.
 
You are at the point of decision. You can either continue to the path of frustrations and struggles to get the same results or choose the road leading to knowledge and efficiency. If you want something different to happen, you're going to have to do something different. Make a new choice, and become the reverse engineer you want to be.

Select your Spell below and Get your access NOW!

Choose Your Spell

SILVER

Access to the Training
Access to Member Area
Monthly Online Group Lesson
3% OFF on Physical Trainings

10% OFF for IDA Pro and IDA Home

297 € /Month 
(Without VAT)

GOLD

Access to the Training
Access to Member Area
Weekly Online Group Lesson 
5% OFF on Physical Trainings

10% OFF for IDA Pro and IDA Home

397 € / Month
(Without VAT)

GET ACCESS NOW!

MULTI USERS

For company who wants to train several students at once

Contact us

HEXORCISM - Reverse Engineering Malware Training

What are you waiting for ? 
a Context Switch ?
IDA Pro Tricks - One Video Per Week

Enter your email address to receive the video link