| Instructor: | Tim Blazytko | |
| Capacity: | 20 Participants | |
| Dates: | June 15-18, 2026 | |
| Location: | REcon Montreal, Canada | |
| Price: | $5,500 CAD (before May 1) / $6,000 CAD (after May 1) | |
| Register: | REcon 2026 |
Modern reverse engineering increasingly relies on automation, custom tooling, and agent-assisted workflows. But these approaches quickly run into limits when binaries actively resist analysis through control-flow obfuscation, virtualization, mixed Boolean-arithmetic, and other transformations. This training teaches the practical deobfuscation workflows needed to break such protections and to make automated reverse-engineering workflows effective on real-world targets.
Participants first learn how modern obfuscation techniques complicate reverse engineering, and then gradually build the deobfuscation techniques needed to attack them in hands-on sessions. Along the way, they deepen their understanding of program analysis and learn when and how to apply different techniques in practice.
First, we have a look at important code obfuscation techniques and discuss how to attack them. Afterwards, we analyze a virtual machine-based (VM-based) obfuscation scheme, learn about VM hardening techniques and how to tackle them.
In the second part, we cover SMT-based program analysis. In detail, students learn how to solve program analysis problems with SMT solvers, how to prove characteristics of code, how to deobfuscate mixed Boolean-Arithmetic and how to break weak cryptography.
Before we use symbolic execution to automate large parts of code deobfuscation, we first introduce intermediate languages and compiler optimizations to simplify industrial-grade obfuscation schemes. Following, we use symbolic execution to automate SMT-based program analysis and break opaque predicates. Finally, we learn how to write disassemblers for virtualization-based obfuscators and how to reconstruct the original code.
The last part covers program synthesis, an approach to simplify code based on its semantic behavior. After collecting input-output pairs from binary code, we not only learn how to simplify large expression trees, but also how we can verify the correctness of simplifications. Then, we use program synthesis to deobfuscate mixed Boolean-Arithmetic and learn the semantics of VM instruction handlers.
Note that the training focuses on hands-on sessions. While some lecture parts provide an understanding of when to use which method, various hands-on sessions teach how to use them to build custom-purpose tools for one-off problems. The trainer actively supports the students to successfully solve the given tasks. After a task is completed, we discuss different solutions in class. Furthermore, students receive detailed reference solutions that they can use during and after the course.
While the hands-on sessions use x86 assembly, all tools and techniques can also be applied to other architectures such as MIPS, PPC or ARM.
The training orientates at the following outline:
Introduction to Code (De)obfuscation
Code Obfuscation Techniques
Code Deobfuscation Techniques
Compiler Optimizations
SMT-based Program Analysis
Symbolic Execution
Program Synthesis
“My objective to take this training is learning fuzzing related techniques such as symbolic execution and obfuscation techniques for creating payload for red teaming. I feel this training met my requirement, so this training is can be recommended to offensive side security engineers.”
“It is very difficult to fault any component of this course, its appears as a very mature and well refined project. Tim is clearly very passionate on the subjects and that is portrayed through the material and delivery.”
“This course is very polished. I can’t think of anything that could be improved.”
“I would definitely recommend this class to any reverse engineers wanting to advance their skills, and I would attend other classes by this trainer.”
“I found the background given on the first day to be very useful. I very much enjoyed learning about the SMT solvers and symbolic execution, and I thought it was very good that we were shown how to use them together to solve problems. I found all the tasks and code examples very helpful too.”
“He’s still young and already very knowledgeable on the subject.”
“I would absolutely recommend others take this class or any other classes taught by Tim.”
“I found all of it very interesting. The most useful parts to me were the coding/reversing exercises. That really helps to cement my understanding of the topics discussed.”
The participants should have basic reverse engineering skills. Furthermore, they should be familiar with x86 assembly and Python.
Students should have a disassembler of their choice (e.g., IDA, Ghidra, or Binary Ninja) and a working Docker installation. A Docker image with all required tools and course material will be provided.
Tim Blazytko is a well-known binary security researcher and reverse-engineering expert with a PhD in program analysis. He focuses on independent consulting and hands-on work across reverse engineering and software protection. He regularly contributes to the reverse engineering community through trainings, international conference talks, research papers, and open-source tools. Furthermore, he supports clients with advanced binary analysis, malware investigations, and security audits. Tim also serves as Chief Scientist at Emproof.