• Home
• Bootcamps
• Certification
• Consulting
• Contact
• Damn Vulnerable
• Imprint/AGB
• Jobs
• University
• RSS

Certified Binary Auditing Professional according to ISO/IEC 17024 now available!

An information technology audit, or information systems audit, is an examination of the controls within an Information technology (IT) infrastructure. An IT audit is the process of collecting and evaluating evidence of an organization’s information systems, practices, and operations. The evaluation of obtained evidence determines if the information systems are safeguarding assets, maintaining data integrity, and operating effectively and efficiently to achieve the organization’s goals or objectives.

The Certified Binary Auditing Professional according to ISO/IEC 17024 now available!

It is located at our certification server or directly here!

Debugger and Sandboxes in Windows

It is not always possible or desirable to set up a Virtual Machine for debugging an application. While useful, it can be boring to work within a VM, and on the other hand it can become an useless complexity.

However, you need administrator’s privilege to debug (seDebugPrivilege turned on). And this means your debuggee will run as administrator too. So? In Windows XP, a good solution is to perform a full sand-boxing of the Debuggee, but there are other solutions too.

One is to make the debuggee and the debugger run on different accounts. So, the debugger runs as administrator and the debuggee as a limited user.

A limited user cannot install drivers, alter executables, Windows stuff, and better- it stays away from our private document folder.

Yes, but how obtain this? A simple yet effective solution is to hook the function responsible for launching the debuggee, and force it to start under another account.

Damn Vulnerable Linux Strychnine+605 1.4 final - Mirrors contacted!

The mirrors for Damn Vulnerable Linux Strychnine+605 1.4 final have been contacted. Over the weekend we might release the download links.

Certified IDA Pro Professional (CIDAP) according to ISO/IEC 17024

During the next few weeks (2 or 3) we go for the Certified IDA Pro Professional (CIDAP). Again, as certification according to ISO 17024, we provide a high quality certification for the Binary Auditor and Reverse Code Engineering professional - proven by a certification committee. The certification is a practical certification including exercises and assessments in a sequence.

For those who are in need to get prepared for the CIDAP, IITAC offer an IDA Pro bootcamp every 2 months. More information can be found this weekend at the IITAC bootcamp calendar. The bootcamp is no prerequisite for the certification trail.

More information soon as a blog entry…

Decompilation with IDA Pro - For free!

Decompilation is the reverse process of compilation i.e. creating high level language code from machine/assembly language code. At the basic level, it just requires to understand the machine/assembly code and rewrite it into a high level language, but things are not as simple as they seem, particularly when it comes to implementing a decompiler. Read more

Types of Exception Handling - SEH vs. VEH

At its heart, Win32 structured exception handling is an operating system-provided service. All the docs you’re likely to find about SEH describe one particular com-piler’s runtime library wrapping around the operating system implementation. Under Windows, there are currently two types of exception handling: Read more

3 days IDA Pro bootcamp as offline or online Training - Preparation for the Certified IDA Pro Professional according to ISO/IEC 17024

This course is by no means a 3-day powerpoint presentation. Instead, you will be engaged in a number of individual and group hands-on exercises to reinforce and solidify everything that is taught in the class.

Some of the exercises are held in a competitive nature, followed by class discussion to pin point elegant approaches and solutions that various individuals or groups may have used. Despite the fact that the course is held in Italy, Germany and Canada, take home exercises will be available for the type-A personalities attending the course. Read more

Remote Debugging a DVL crackme by TiGa (Team+)

TiGa (Team+) just has finalized his second training video. In this video he uses the IDA Pro Remote Debugging capabilities to analyze a crackme located at DVL remote from a Windows box.
Team+ consists of people working to receive the famous + sign - the most recognized reputation in Reverse Code Engineering. The + sign is by invitation only and free without any fee.
The video will be published soon.
With this we will open the revamp of the Reverse Code Engineering Portal located at www.reverse-engineering.net. Using several subdomains we will extend our portfolio with a Team+ information website, a training video website and more.
Stay tuned!
Peace! Kind Regards,
Univ.-Doz. Dr. Thorsten Schneider Managing Director / CEO

• News

  • RECON2008 talk: 64-bit Imports Rebuilding and Unpacking by Sébastien Doucet (IITAC)
    
  • IITAC - Sponsor of the RECON conference! Free IDA Pro training!
    

• Security Labs Blog

  • Microsoft Security Risk Management Guide - Worth a look?
    

• Damn Vulnerable Linux

  • Download DVL Strychnine+e605 1.4
  • Damn Vulnerable Linux Strychnine+E605 1.5 Alpha started
  • Video: How to setup your own language settings in Damn Vulnerable Linux
  • DVL 1.4 - first mirror up!
  • Damn Vulnerable Linux Strychnine+605 1.4 final - Mirrors contacted!

• Upcoming Bootcamps

  • 10 July:
    • BOOTCAMP: Debugging with IDA Pro Bootcamp (9:00 am)
    • BOOTCAMP: Reverse Code Engineering / Binary Analysis Fundamentals Bootcamp (9:00 am)
  • 14 July:
    • BOOTCAMP: Delphi Development Advanced (9:00 am)
  • 17 July:
    • BOOTCAMP: Debugging with IDA Pro Bootcamp (9:00 am)
    • BOOTCAMP: Relational Database Design (9:00 am)
  • 24 July:
    • BOOTCAMP: Reverse Code Engineering / Binary Analysis Advanced Bootcamp (9:00 am)
    • BOOTCAMP: C++ Fundamentals Bootcamp (9:00 am)
  • 7 August:
    • BOOTCAMP: Delphi Development Fundamentals (9:00 am)

• Get in touch

  Get in touch with our sales team! sales@iitac.org

• Get your free copy!

  

• Security Consulting

  IITAC offers additional services such as Secure Software Development, Binary Auditing, Copy Protection, Digital Rights Management, Security Concepts and Security Consulting!

  Scientific Hacking^™

  Go far beyond classical ethical hacking! Instead of using tools only look under the hood, instead of making multiple choice tests only get certified by true practical assessments!

  IDA Pro Training

  Get trained to analyze malware, vulnerability or copy protections with the no. 1 binary analysis tool IDA Pro!

  Cognitive Debugging^™

  The debugging skill of the programmer is probably the biggest factor in the ability to debug a problem, but the difficulty of software debugging varies. Cognitive Debugging^™ trains debugging with respect to brain and mental abilities! Both combined result is most powerful debugging results!

  Action-based Training^™

  IITAC professional bootcamps enhances your qualification. We provide courses, seminars, trainings and workshops in the field of IT Security, Secure Software Engineering and Software Engineering. Online training activities are supported by training videos or live online events.

  Certification acc. ISO 17024

  Get certified according to ISO/IEC 17024 100% online! No need to travel around! Learn whenever you want, where you want! Get certified home exercise like… without time pressure!