Android | Linux | MacOS/iOS | Mobile | Networking | Security | Windows |
Android Internals | 5 Days | This course, modeled after Jonathan's Levin's seminal works of the same name, discusses the architecture of Android - covering both its design and its implementation. We examine the features of the Android Operating System, and highlight exactly what it inherits from its Linux core, as well as how it diverges with its idiosyncrasies and "Android-isms". Every nook and cranny of the architecture is explored, with modules discussing specific subsystems, such as the Dalvik Virtual Machine, Android RunTime (ART), the Binder IPC mechanism, Hardware Abstraction Layer (HAL), the Media Framework and Android Power Management.
Click here for detailed syllabus |
Dalvik and Art | 1 Days | Developers write code using Java, but deep under the hood their code is twice compiled - first, into Dalvik ByteCode (DEX), and then into Native Code (as of Lollipop), with the "Android RunTime" (ART). Most developers remain entirely oblivious to these next steps - but reverse engineers (and those who combat them) need to know the nooks and crannies of these processes. This intense one day course is designed for these people - who find themselves dumping classes.dex and reversing .oat files more often than they would like.
Click here for detailed syllabus |
Internals-I:Linux To Android | 3-4 Days | For experienced Linux kernel developers, this course is a great introduction to the Android systems. We examine the features of the Android Operating System, and highlight exactly what it inherits from its Linux core, as well as how it diverges with its idiosyncrasies and "Android-isms". We talk about the modifications to the Linux kernel, that help Android optimize for embedded and tightly constrained hardware. Additional modules discuss specific Androidisms, such as the Hardware Abstraction Layer (HAL), the Media Framework and Android Power Management.
Click here for detailed syllabus See sample |
Internals-II:Framework Internals | 3 Days | Understand the inner workings of the Android core frameworks, and how they interact with overhead Dalvik and underlying kernel. Versions Froyo (2.2) through Lollipop (5.0.2) are discussed in detail. Emphasis on Android's media architecture and frameworks. This course is meant as a followup to "Android Internals" (or "Linux to Android")
Click here for detailed syllabus |
Mobile Architectures (seminar) | 1 Days | A one-day seminar comparing and contrasting the two leading mobile architectures of 2014: Android and iOS. The two systems, light years apart yet closer than one would expect, are shown side by side, focusing on aspects of system design, usability, power management, the runtime environment, and security. Presented by the people who wrote the definitive book on OS X/iOS internals - and will soon do the same for Android.
Click here for detailed syllabus |
Embedded Linux | N/A Days | An add-on to either the Kernel Programming course or the Administration course, this course focuses on architecture-specific concerns and idiosyncrasies, in maintaining or programming in an embedded Linux environment. Issues such as building and maintaining an embedded system, from the boot loader to the Kernel installation, are covered. Click here for detailed syllabus |
Debugging Techniques in Linux (Workshop) | 3 Days | This course introduces debugging tools in Linux. Powerful utilities ubiquitous in Linux distributions, such as strace/ltrace, proc, and - the built-in debugger, gdb. We discuss how to develop and use debugging skills to deal with common bugs, such as memory corruptions, erroneous usage of pointers, multi-threaded code and race-conditions, socket bugs, and more. Special consideration is given to analyzing core dumps and crashes. The techniques shown are applicable across all flavors of Linux - including Android distributions (at the CLI level)
Click here for detailed syllabus |
Linux Administration | 3 Days | This course is meant to transform the novice Linux user into a knowledgeable administrator. Get a deeper insight into the Linux operating system through related administrative tasks, such as user management, software installation and maintenance, network administration, backups and more.
This course focuses on Linux, but variants are offered for Solaris and other flavors of UNIX Click here for detailed syllabus |
Linux Kernel - Advanced Topics: Filesystems | 2 Days | Go deeper into the Linux Kernel - by getting to know its Virtual File System layer and its block I/O layer. Discussing how Linux interprets the UNIX file system standard, and implements block devices, buffering, and various other features. Examples from real file systems, like FAT and HFS.
Click here for detailed syllabus |
Linux Kernel Debugging (Workshop) | 3 Days | This course, a companion course to "Debugging Techniques in Linux" focuses on debugging and tracing in the kernel environment. Using Linux's own interfaces and built in tools , it provides techniques to analyze crash dumps, as well as intercept potential errors in kernel module code before they result in crashes.
Click here for detailed syllabus |
Linux Kernel Programming | 5 Days | Understand the inner workings of the Linux Kernel and its various subsystems, from an architectural perspective, as well as through driver writing. The course explains the components, and focuses on them using a sample device driver coded and expanded by the students. The students will become familiar with the Linux source code of the latest kernels (3.14 at the time of writing), with thorough review of the sources, as well as detailed discussions of the various features introduced in each minor Kernel version.
Click here for detailed syllabus |
Linux Survival Guide | 3 Days | This course is meant to enable UNIX or Linux users to gain familiarity with their system. A basic course, it presents the fundamentals of working in a UNIX environment: From the command line and terminal settings, through filesystem navigation commands, editing, basic networking commands, and scripting.
See sample |
Linux System Programming | 5 Days | This course helps programmers familiarize and adapt themselves to the various UNIX operating systems - Solaris, BSD, MacOS and - Linux. Explaining the standard POSIX API in depth, we discuss how to perform common tasks, such as file I/O, network socket programming, multithreaded programming and more on UNIX and specifically Linux. |
Debugging Techniques in OS X (Workshop) | 3 Days | This course introduces debugging tools in OS X. Powerful utilities ubiquitous in OS X, such as dtrace, heap, leaks, Instruments, Shark, and - the built-in debugger, gdb. We discuss how to develop and use debugging skills to deal with common bugs, such as memory corruptions, erroneous usage of pointers, multi-threaded code and race-conditions, socket bugs, and more. Special consideration is given to analyzing core dumps and crashes.
Click here for detailed syllabus |
OS X System Programming | 3-5 Days | This course covers the architecture of OS X from the ground up. OS X is the operating system behind Apple's Macs, iPhones, and iPads. Students will become familiar with OS X's layered architecture, from the core of Darwin (including an overview of the XNU kernel), through the POSIX interfaces and BSD system calls, and up to the various core frameworks. This course also introduces Objective-C, the language of choice for framework-enabled development.
Note: This code does not discuss GUI development in depth, and only touches upon it. It does, however, cover most other aspects of programming, applicable to OS X in both its Mac and iPhone ("iOS") flavors
Click here for detailed syllabus |
OS X and iOS Internals - The Reverse Engineer's Perspective | 5 Days | This course accompanies Jonathan Levin's highly praised trilogy, "*OS Internals" with deeper discussions and hands-on examples. The focus is on MacOS High Sierra (10.13) and Mojave (10.14) as well as iOS 11 and 12, with a focus on the significant changes put into the later versions. This is your chance to learn about the nooks and crannies of Apple's operating systems - from the man who literally wrote the book. The course will also present the book's tools with in depth coverage, as well as introduce more bonus materials and updates.
Click here for detailed syllabus |
*OS - Security & Insecurity Workshop | 2 Days | This course, modeled after Jonathan Levin's "*OS Internals: Volume III", takes a practical approach to explaining the security of Apple's operating systems, by explaining the various mechanisms employed by Apple to secure the system - and yet demonstrating how they fail, time and time again. Through case studies of jailbreaks and Pegasus (the only weapons-grade malware caught in the wild), the techniques for protecting the OS integrity - as well as measures used to bypass them - are detailed.
Code samples detailing usage of each mechanism are provided as actual examples for discussion in class. Actual jailbreak code, including the latest iOS 11.1.2 Liber* family of jailbreaks, is presented. Advanced tools - such as Xn00p, our live kernel inspection/debugging tool - allow unprecedented visualization of what happens behind the scenes in every step of the jailbreak process.
Click here for detailed syllabus |
OS X Driver Programming Workshop | 3 Days | This course takes a practical approach to device driver construction in OS X. Focusing on aspects of driver architecture, IOKit APIs, and just enough of the overall kernel structure required in order to interface correctly and create a stable, functional device driver.
Click here for detailed syllabus See sample |
Cross Platform Mobile Apps with HTML5 | 3 Days | HTML5 and its supporting technologies offer vast capabilities that make development of full fledged applications in a browser environment a viable prospect. Add to that environments like PhoneGap, which can turn HTML5/CSS3 and JS code into fully native, offline capable apps, and you get the first true cross-platform development capability for all mobile environments, present and future.
This course provides you with the tools and knowhow necessary to both optimize web pages to take advantage of mobile capabilities - from touch to geolocation - as well as create cross platform apps with offline capabilities.
Click here for detailed syllabus |
Mobile Operating Systems | 5 Days | This course, based on a course of the same name offered at Harvard University, aims to tackle mobile operating systems and applications from a comparative view. Rather than follow other courses, which take on one OS at a time, this course pits the three leading OSes against eachother in parallel, comparing and contrasting their implementations of mobile design principles.
Click here for detailed syllabus |
AAA (seminar) | 2 Days | A two-day seminar dealing with the myriad protocols making up Authentication, Authorization and Accounting: Focusing on the common protocols and implementations of Active Directory (LDAP/Kerberos), NIS, RADIUS, Diameter, as well as legacy methods likely to be supported in various enterprise deployments. A primer on encryption is discussed as well, along with packet level dumps and analyses.
Click here for detailed syllabus |
Application Layer Protocols | 3 Days | This course discusses the main application protocols of the Internet: DNS (Domain Name Service), FTP (File Transfer Protocol), E-Mail protocols, HTTP (HyperText Transfer Protocol) and SSL (Secure Socket Layer). In-depth detail is provided down to the packet level with live captures using the WireShark sniffer. Each protocol is examined from both its perfomance and security aspects.
Meant as a followup to the "Network Protocols" course, this further explores the OSI model, moving from the network and transport layers - to the application layer. Click here for detailed syllabus |
IPv6 | 1-2 Days | IPv6 is the protocol that will eventually inherit "traditional" IP (IPv4) in providing the address space of the future Internet. This seminar discusses IPv6 in depth, providing students with hands-on experience of IPv6 through a special lab setup and exercises. Implementations of IPv6 and ICMPv6 on common operating systems such as Windows, Linux and MacOS are shown. Optionally, the course goes on to discuss the security framework of IPSec.
Click here for detailed syllabus |
MPLS (seminar) | 1 Days | A one-day seminar dealing with the MultiProtocol Label Switching (MPLS) design and implementation. MPLS along with its supporting protocols (LDP, OSPF-TE and RSVP-TE) are discussed, with actual packet captures analyzed using WireShark.
See sample |
Network Layer Protocols | 3(4) Days | This course discusses the TCP/IP protocol stack - the driving force behind the Internet. Detailed discussions of layer II protocols (primarily Ethernet), the Internet Protocol (IPv4 and IPv6), Internet Control Messaging Protocol (ICMP), and the routing protocols RIPv2 and OSPF. This course also touches on advanced aspects of networking, such as QoS (Quality of Service) and Multicasting. In essence, this course is a journey up the OSI model - focusing on the Data Link, Network, and Transport layers.
Detailed examples with a network analyzer (WireShark) provide students with a comprehensive view of all networking concepts, both basic and advanced. Additional hands on exercises allow the students to get a direct exposure to what goes on in the wire and air.
Click here for detailed syllabus |
VoIP | 2 Days | This course introduces the myriad protocols used to convey voice and video over the Internet Protocol. It explains both the legacy H.323 protocol stack and the SIP standard, as well as the RTP protocol common to both. This course also discusses SCCP ("Skinny"), a proprietary protocol used in legacy Cisco IP telephony. Students obtain hands-on experience using custom H.323 and SIP capable software.
Click here for detailed syllabus See sample |
Cryptography - from A to Omega | 5 Days | This course undertakes to lay the foundations of both classic and modern-day cryptography over the span of 5 days. Beginning with the principles, and quickly moving on to discussion of modern ciphers such as RC4, DES and the present-day standard of AES (Rijndael). PKI methods such as Diffie-Hellman, RSA and ECC (Elliptic Curves) are explained in mathematical detail. Digital signature techniques and principles, including hash functions such as MD5 and SHA-1 are discussed as well. Finally, the course concludes by taking the algorithms discussed and showing their incorporation in protocols - both secure (SSL, IPSec, Kerberos) and insecure (NTLM, WEP).
Click here for detailed syllabus |
Know Thy Enemy | 3 Days | This course focuses on application security - but from the hacker's perspective. Hacker tools and techniques are explained with many practical examples. Students obtain hands-on experience not just in using the tools, but working to defend against them. Common and widely used exploits are analyzed and ways to remediate them are explained.
Click here for detailed syllabus |
Secure Coding Seminar | 2-3 Days | This seminar focuses on aspects of secure programming - writing applications that are not only performant, but resilient in the face of hacker attacks and tampering. Common vulnerabilities such as buffer overflows, format string attacks, directory traversals and others are explained in detail. For each, we discuss the programming anti-pattern that can lead to the error occurence, its exploitation, and ways to remediate it. This course is available in two flavors - either C/C++ or Java/.Net. The course not only shows the errors and their remediation, but also presents principles of Secure Design - which, if applied a priori, can often counteract and mitigate errors that may lurk in code.
Click here for detailed syllabus See sample |
Secure Coding in Java | 2 Days | This seminar focuses on aspects of secure programming - writing applications that are not only performant, but resilient in the face of hacker attacks and tampering. Common vulnerabilities such as buffer overflows, format string attacks, directory traversals and others are explained in detail. For each, we discuss the programming anti-pattern that can lead to the error occurence, its exploitation, and ways to remediate it. The course not only shows the errors and their remediation, but also presents principles of Secure Design - which, if applied a priori, can often counteract and mitigate errors that may lurk in code.
Click here for detailed syllabus See sample |
Debugging Techniques in Windows (Workshop) | 3 Days |
In many cases, debugging a program does not involve using a full-fledged debugger - tools such as process monitor can often be successfully used to pinpoint and resolve problems. In some cases, however, a debugger is mandatory. These cases are the ones we cover in this course.
This course is designed for experienced developers wishing to understand the internals of their programs - and what *really* happens after the program is compiled. Going back to basics (assembly) the course focuses on the lowest level of program operations, at the primitive level of the CPU, cache lines and registers. It then focuses on the Microsoft Windows Debugger, WinDBG, demonstrating powerful techniques to trace through and bypass program logic.
Click here for detailed syllabus See sample |
Windows Kernel | 4-5 Days | Understand the inner workings of the Windows Kernel and its various subsystems, from an architectural perspective, as well as through driver writing. The course explains the components, and focuses on them using a sample device driver coded and expanded by the students. Additional hands-on demonstrations using Windows Debugger (WinDBG) are presented, debugging the various kernel structures and APIs. The course has recently been updated to delve deeper into Windows 7 specific enhancements, as well as the upcoming features in Windows 8.
Click here for detailed syllabus See sample |
Windows System Programming | 5 Days | This course helps programmers familiarize and adapt themselves to the wonderful world of Windows. Explaining the Win32 API in depth, we explain the basics of process and thread creation, handling Windows messages, file I/O and - in great depth - Windows Sockets. |