| Event: | REcon 2026 | |
| Dates: | June 15-18, 2026 | |
| Location: | REcon Montreal, Canada | |
| Price: | $5,500 CAD (before May 1) / $6,000 CAD (after May 1) | |
| Register: | REcon 2026 |
| Event: | Hexacon 2026 | |
| Dates: | October 12-15, 2026 | |
| Location: | Hexacon, Paris, France | |
| Price: | 4800 EUR | |
| Register: | Hexacon 2026 |
Modern reverse engineering increasingly relies on automation, custom tooling, and agent-assisted workflows. But these approaches quickly run into limits when binaries actively resist analysis through control-flow obfuscation, virtualization, mixed Boolean-Arithmetic (MBA), and other transformations. This training teaches the practical deobfuscation workflows needed to break such protections and to make automated reverse-engineering workflows effective on real-world targets.
Participants first learn how modern obfuscation techniques complicate reverse engineering, and then gradually build the deobfuscation techniques required to attack them in hands-on sessions. Along the way, they deepen their understanding of program analysis and learn when and how to apply different techniques in practice.
We begin with core obfuscation patterns and practical ways to attack them. Participants learn how to recognize common protection mechanisms, understand how they interfere with static analysis and decompilation, and gain traction through careful manual analysis and targeted cleanup. From there, the course builds toward more powerful reasoning with SMT-based analysis to prove properties of code, reason about complex computations, and verify whether MBA-heavy expressions are equivalent to simpler rewrites.
To scale the analysis, the training introduces intermediate representations and compiler-style simplification passes that help normalize protected code and expose higher-level control-flow structures. On top of this, participants use symbolic execution to automate larger parts of deobfuscation, combine symbolic reasoning with SMT solving to attack opaque predicates, and explore feasible execution paths through protected code.
Building on these foundations, the course then returns to virtualization-based obfuscation. Participants learn how to use symbolic execution to identify virtual machine components, reason about instruction handlers, and write custom disassemblers and analysis helpers to reconstruct original program semantics. From there, we cover program synthesis as a way to simplify code based on behavior, recover the semantics of obfuscated expressions and handlers, and verify the correctness of the resulting simplifications.
By the end of the training, participants will understand how manual analysis, SMT solving, intermediate representations, symbolic execution, program synthesis, and custom tooling fit together in end-to-end deobfuscation workflows. The course closes with a module on agent-assisted deobfuscation, where we cover the setup of analysis environments, the orchestration of disassemblers, decompilers, symbolic tooling, and custom scripts, and the partial automation of iterative deobfuscation loops. Participants also learn how to steer these systems with reusable skills or playbooks and validation checks. Finally, we examine the limits of agent-assisted deobfuscation on protected binaries and discuss practical strategies for cases that still require deeper analysis and careful human guidance.
The training has a strong focus on hands-on exercises. Short lecture segments provide the background needed to understand when a method is useful, how it works, and where it reaches its limits. The exercises then show how to apply these methods to real deobfuscation problems, build small, purpose-built tools, and combine individual techniques into practical workflows. The trainer actively supports participants during the exercises, and after each task we discuss different solutions in class. Participants also receive detailed reference solutions that they can use during and after the course.
While the hands-on sessions primarily focus on x86 assembly, the underlying tools and techniques also transfer to other architectures such as MIPS, PPC, and ARM.
The training roughly follows the outline below:
Introduction to Code (De)obfuscation
SMT-Based Program Analysis
Intermediate Representations and Compiler-Style Simplification
Symbolic Execution Foundations
Symbolic Execution for Attacking Virtualization-based Obfuscation
Program Synthesis
Automation and Agent-Assisted Deobfuscation
“My objective to take this training is learning fuzzing related techniques such as symbolic execution and obfuscation techniques for creating payload for red teaming. I feel this training met my requirement, so this training is can be recommended to offensive side security engineers.”
“It is very difficult to fault any component of this course, its appears as a very mature and well refined project. Tim is clearly very passionate on the subjects and that is portrayed through the material and delivery.”
“This course is very polished. I can’t think of anything that could be improved.”
“I would definitely recommend this class to any reverse engineers wanting to advance their skills, and I would attend other classes by this trainer.”
“I found the background given on the first day to be very useful. I very much enjoyed learning about the SMT solvers and symbolic execution, and I thought it was very good that we were shown how to use them together to solve problems. I found all the tasks and code examples very helpful too.”
“He’s still young and already very knowledgeable on the subject.”
“I would absolutely recommend others take this class or any other classes taught by Tim.”
“I found all of it very interesting. The most useful parts to me were the coding/reversing exercises. That really helps to cement my understanding of the topics discussed.”
The participants should have basic reverse engineering skills. Furthermore, they should be familiar with x86 assembly and Python.
Students should have a disassembler of their choice (e.g., IDA, Ghidra, or Binary Ninja) and a working Docker installation. A Docker image with all required tools and course material will be provided.
Tim Blazytko is a well-known binary security researcher and reverse-engineering expert with a PhD in program analysis. He focuses on independent consulting and hands-on work across reverse engineering and software protection. He regularly contributes to the reverse engineering community through trainings, international conference talks, research papers, and open-source tools. Furthermore, he supports clients with advanced binary analysis, malware investigations, and security audits. Tim also serves as Chief Scientist at Emproof.