Exploit Development & Reverse Engineering

Module 1: Introduction to Reverse Engineering

• Reverse engineering goals: Malware analysis, vulnerability research, CTF
• Legal and ethical considerations
• RE environment setup: IDA Free, Ghidra, x64dbg, Binary Ninja
• File formats: PE (Windows), ELF (Linux), Mach-O (macOS)
• Static vs. dynamic analysis approach

Module 2: x86/x64 Assembly Language

• CPU registers and flags
• Instruction set fundamentals: MOV, PUSH, POP, CALL, RET, JMP
• Stack and calling conventions: cdecl, stdcall, fastcall, System V
• Recognising C constructs in assembly: if/else, loops, functions
• Reading compiler-generated assembly

Module 3: Static Analysis with Ghidra

• Ghidra installation and project setup
• Navigating Ghidra: Code browser, decompiler
• Function identification and renaming
• Data type recovery
• Scripting in Ghidra with Python and Java

Module 4: Static Analysis with IDA Pro/Free

• IDA Pro interface and navigation
• Graph view and proximity browser
• IDA FLIRT signatures
• IDA Python scripting
• Comparing Ghidra vs. IDA analysis workflows

Module 5: Dynamic Analysis and Debugging

• x64dbg: Interface, breakpoints, stepping
• GDB and pwndbg for Linux
• Dynamic analysis workflow: Setting breakpoints at key functions
• Anti-debugging techniques and bypass
• Patching binaries during debugging

Module 6: Malware Reverse Engineering

• Malware classification: Ransomware, RAT, loader, dropper
• Unpacking packed malware
• Analysing network communication
• String obfuscation and de-obfuscation
• Malware behaviour documentation

Module 7: Buffer Overflow Exploit Development

• Stack-based BOF: x86 and x64
• Finding crash offset with cyclic patterns
• Bad character analysis
• Shellcode selection and execution
• Writing a full stack BOF exploit with pwntools

Module 8: Advanced Exploit Mitigations Bypass

• ASLR bypass: Information leaks, brute force
• NX/DEP bypass: ret2libc, ROP chains
• Stack canary bypass: Leak canary value
• PIE bypass: Base address leak
• RELRO and GOT overwrite techniques

Module 9: Return-Oriented Programming (ROP)

• ROP gadgets and chains
• Building ROP chains with pwntools
• ROPgadget and ropper
• ret2libc and ret2plt
• 64-bit ROP challenges

Module 10: Heap Exploitation

• glibc malloc internals: Chunks, bins, tcache
• Heap overflow exploitation
• Use-after-free (UAF) exploitation
• tcache poisoning
• Heap challenges from CTF and HackTheBox

Module 11: Windows Exploit Development

• Immunity Debugger and mona.py
• SEH-based buffer overflows
• Egghunter shellcode
• Windows x64 exploit development differences
• Bypass of Windows Defender Exploit Guard

Module 12: Capstone Projects

• Reverse engineer a crackme challenge end-to-end
• Analyse a real-world malware sample (sanitised)
• Develop a working stack BOF exploit
• Build a ROP chain exploit
• Certification preparation: OSED (EXP-301), GREM, RE-oriented CTF portfolio

Experience in the Industry Learn from exploit developers and malware analysts with hands-on reverse engineering research experience, including CTF competition wins and CVE discoveries.

Backgrounds at the Top Our instructors hold OSED, GREM, and OSCP certifications, with backgrounds in vulnerability research at security firms, malware analysis at CERTs, and advanced CTF coaching.

Clear & Effective Teaching Assembly language, debugging workflows, and exploitation techniques are taught step by step with annotated code, live debugging sessions, and incremental lab challenges.

Hands-On Learning Focus Students analyse real binary challenges, reverse engineer malware samples in sandboxed environments, write working exploits, and build CTF-ready reverse engineering skills.

Up-to-Date Knowledge Instructors stay current with glibc heap exploitation updates, new Ghidra releases, latest OSED exam format changes, and emerging exploit mitigation bypass research.