Jump to content
caneacsu

ARES course and eCRE exam review

Recommended Posts

caneacsu

Hello guys,

 

I wanted to post this here so that everyone can see it, maybe it will be the decision factor in their next course purchase :)

If this is not allowed, I apologize and please move it to the correct section.

 

I just received confirmation that I passed the eCRE examination and I thought of writing a small review.

 

First things first, prerequisites. The course doesn't expect you to be a programmer or have hardcore assembly knowledge, far from it. It assumes that the student has an understanding of programming concepts (variables, loops, functions, statements etc). It helps if you also grasp the notion of pointers. Basic assembly knowledge is also required. The most common instructions will suffice to get you started with this course. There are tons of free resources on the subject, I recommend going through https://wiki.skullsecurity.org/Assembly and http://www.cs.virginia.edu/~evans/cs216/guides/x86.html . These are more than enough to be able to start the course. Remember to have a copy of the Intel Developers Manual available for fast reference. You can find it here: http://www.intel.com/content/www/us/en/processors/architectures-software-developer-manuals.html

 

The course itself is fast paced, especially if you never used a debugger before. The first chapters lay the theoretical foundation that you will build upon. This section talks about CPU architecture, registers, stack, PE file format etc. Some of these concepts are hard to really understand and visualize without having a debugger open. I had to revisit these notions once I started the technical chapters. The technical part of the course if what probably got me hyped to enroll in the course. You will learn different notions while having a debugger open and analyzing an application. I loved how much I learned during these chapters, I learned a lot about the stack, windows API's, anti reversing tricks and much more. In particular I found I was able to read assembly much faster and be able to spot different code patterns more quickly.

 

After going through the course I ended up signing on http://crackmes.de/ . The challenges there are of different levels and some of them can be really tough, but I cracked a few of the easier ones. One of the most interesting challenges I found is actually the one that eLS put up when this course launched. You can find more details here:

https://www.ethicalhacker.net/features/special-events/reverse-engineering-101-newbie-contest-webcast-elearnsecurity and the solution here: https://www.ethicalhacker.net/features/special-events/reverse-engineering-101-contest-solution .

I definitely recommend going through it before the exam. 

 

The exam was fun. I almost failed the written part, but that's because I underestimated the importance of the theoretical knowledge. Everything you need to pass the exam (both written and practical) is in the course.

 

Going forward there are lots of materials just waiting to be digested and different paths available that have RE in common (exploit dev, malware analyst, vulnerability research etc). Out of all the resources available on the Internet, I would like to point out a paper that I found very interesting and really helpful. It talks about anti-RE mechanisms and how to bypass them. You can find it here: https://www.blackhat.com/presentations/bh-usa-07/Yason/Whitepaper/bh-usa-07-yason-WP.pdf

 

Hope you will find this helpful.

I'll be happy to answer if you have any questions.

  • Like 4
  • Thanks 1

Share this post


Link to post
Marek

That's a great review, and it certainly made the course more interesting for me.

Share this post


Link to post
Francesco

Thanks for the review and congratulations! :)

Share this post


Link to post
Saqib

Thanks for the review. It is surely gonna help me and others in preparing for the exam. Excited already :)

Share this post


Link to post
n.alodhaibi

Thank you so much for the review! ^^

Is it possible to get the exe from the contest? because the link is invalid.

 

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
×