New dates/times TBD
Learn disassembly, execution history reconstruction, and binary reversing techniques for better software diagnostics, troubleshooting, debugging, memory forensics, vulnerability and malware analysis on the ARM64 macOS platform. The course uses a unique and innovative pattern language approach to speed up the learning curve. The training consists of practical step-by-step, hands-on exercises using LLDB and macOS core memory dumps. Covered more than 25 ADDR patterns originally introduced for the x64 Windows platform and later expanded to x64 and ARM64 Linux, and many concepts are illustrated with Memory Cell Diagrams. The course builds upon and extends the basic patterns introduced in Practical Foundations of macOS Debugging, Disassembling, Reversing book.
Slides from the simialr Linux-based training
Prerequisites: Working knowledge of C and C++. Operating system internals and assembly language concepts are explained when necessary.
Audience: Software technical support and escalation engineers who analyze core dumps from complex software environments and need to go deeper in their analysis of abnormal and malicious software structure and behavior. The course is also useful for software engineers, quality assurance and software maintenance engineers who debug software running on diverse endpoint computer environments, security and vulnerability researchers, malware and memory forensics analysts who have never used LLDB for analysis of computer memory.
The training consists of 3 two-hour sessions. Before the training, you get:
- Access to Software Diagnostics Library
- Practical Foundations of macOS Debugging, Disassembling, Reversing PDF book (January 2023)
After the training, you also get:
- The PDF book version of the training
- Personalized Certificate of Attendance with unique CID
- Optional Personalized Certificate of Completion with unique CID (after the tests)
- Answers to questions during training sessions