Binary instrumentation is an invaluable skill across all platforms, yet it is often under-appreciated on Windows specifically. In this course you will learn how to use the Frida framework on Windows. You will master function hooking and binary instrumentation and apply those skills in a wide variety of scenarios. You'll gain the ability to discover Black Box application functionality using static and dynamic techniques. These learnings will empower you to understand what an application is doing, modify its functionality and augment its operation.
This expertise is invaluable in Defence, Offense, and Research. Whether you're aiming to develop a novel detection method, assess the viability of a post-exploitation strategy, or do Windows internals research, this course is designed to equip you with the necessary, real-world, practical, skills.
We start from the ground up, assuming no prior knowledge, allowing you to build your capabilities step-by-step. Through 27 practical labs, you'll solidify your understanding and gradually refine your skill set, gaining experience that will seamlessly integrate into your professional workflow. Although the primary focus is on native code applications for Windows, the techniques and skills you'll learn are equally applicable to native code applications on other platforms.
Moreover, this course also includes some specials learnings and benefits. You will receive a Binary Ninja personal license and will become familiar with the use of Binary Ninja for static analysis. Other domain specific tools are also used extensively, like API Monitor.
Labs partners with Vector35 on the Windows Instrumentation with Frida course. When you sign up, you will receive access to a complementary Non-Commercial (Personal) license for Binary Ninja valued at $299. This entitles you to permanent use of Binary Ninja in addition to 12 months of software updates. After one year you will have the option to renew your license to continue to receive product updates. A discounted upgrade path to a Commercial license is also available, further details are provided in the course.
All courses on Labs provide a certificate of completion. At Labs we understand that you may need to prove completion to third parties. To facilitate this all our courses also offer custom, verifiable badges based on the IMS Open Badge Ecosystem. These badges are issued by us and can be validated in real-time.
Course badges are issued through Canvas Badges, you can view the public course badge page at the link below.
Labs courses are taught by industry professionals with a proven track-record in their field. Your trainers will guide you through your course to ensure you successfully complete all learning objectives.
Curriculum Vitae
Ruben Boonen has over a decade of industry experience in the United Kingdom and the USA. He has a broad background in Security Consulting, Research & Development and Defence. He previously achieved a number of industry recognized certifications like CREST CCT and OSEE. Additionally, he has presented or delivered training at many international conferences, including, Black Hat, DefCon, BlueHat IL, HackInParis, and DerbyCon.
Currently Ruben works on the Adversary Services team at IBM as CNE Capability Development Lead. He is mostly focused on post-exploitation capability development, vulnerability research and all things Windows.
We are covering a lot of ground. We will learn to use the tools-of-the-trade, do some light reverse engineering, hook native code functions, perform in-memory function calling, traverse data structures, analyse Black Box behaviours and hack a video game!
Labs has established a dedicated Discord channel where you can engage with peers and seek guidance from instructors. Email support is also available, ensuring you have the assistance you need to navigate the course successfully. At Labs we are excited to make you sweat, push you to do the hard work, and watch you acquire the professional aptitudes you were looking for!
The course is made up of two general categories of content. The first category is video lectures accompanied by slides and the second category is labs accompanied by written lab instructions and full lab solutions. There is also a dedicated VMWare virtual machine that is configured with all necessary tools to complete the course work.
12 hours of video
27 practical labs
Course content may be updated over time. Please make sure you check back, even if you have completed all course modules.
Syllabus