RE//verse 2026 Training - Firmware Reverse Engineering with Brandon Miller

RE//verse 2026 Training - Firmware Reverse Engineering with Brandon Miller

$4,800.00 Sale

Badge Info

Registration Info

This course provides a comprehensive deep-dive into firmware reverse engineering using Binary Ninja and Firmware Ninja, designed for vulnerability researchers and reverse engineers targeting embedded systems. Through a series of hands-on modules and practical exercises, students will learn to navigate the unique challenges of firmware analysis.


  • TRAINING:  March 2-5th, 2026
  • CONFERENCE: March 5th-7th, 2026 (requires separate purchase, begins the evening of the 5th)
  • LOCATION: Caribe Royale, Orlando, FL (discounted group rate link)
  • NOTE: Conference admission purchased separately.  Conference tickets can be purchased here.

Participants will learn how firmware interacts with hardware and develop expertise in static analysis of raw binaries and common real-time operating systems. The course emphasizes real-world problem solving and equips students to load and triage firmware consisting of unknown memory maps, unknown base addresses, and missing symbol information. Students will learn how to overcome these hurdles and implement tailored solutions to improve firmware decompilation. Additionally, students will explore powerful tooling like the Firmware Ninja plugin to accelerate analysis through entropy inspection, memory insights, board descriptions, and automated workflows.

The training also includes advanced topics such as automated analysis techniques using the Binary Ninja Python API, signature matching with WARP, and advanced program analysis concepts. By the end of the course, participants will be able to reverse common embedded real-time operating systems and custom microcontroller ROMs across numerous platforms with confidence and efficiency.

Prerequisites

Experience reverse engineering using Binary Ninja or other static analysis frameworks. Experience with ARM assembly is helpful. Familiarity with Python and C is helpful, but not required.

Course Agenda

  • Overview of Binary Ninja
  • Migration from other tools
  • What firmware really is (and isn't)
  • Challenges of firmware static analysis
  • How embedded systems boot
  • Identifying the load base address manually and with BASE
  • Constructing memory maps for raw binaries
  • Identifying code and data regions in raw binaries
  • Understand the relationship between firmware and hardware
  • Handling interrupts and control flow redirection
  • Data Buses (SPI, I2C, UART, CANBUS, etc.)
  • Sensors and Analog-to-Digital Converters (ADCs)
  • Recognizing MMIO and static memory interactions
  • Using Binary Ninja's ILs to simplify complex code
  • Creating and extending custom BinaryViews
  • Using WARP to generate signatures and identify functions
  • Improve your workflow with Firmware Ninja
  • Writing scripts to automate analysis across firmware corpora
  • Integrating with Sidekick for AI-assisted RE
  • Develop a custom architecture plugin
  • RE common flavors of firmware:
  • Microcontroller / DSP ROMs
  • Vehicle Electronic Control Units (ECU)
  • Boot Firmware (U-Boot, UEFI, aboot)
  • Real-time Operating Systems (VxWorks)
  • Baseband

 

Trainers

Brandon Miller (@zznop) has a background in embedded development, reverse engineering, and vulnerability research with over 15 years of experience. He started his career in military intelligence before transitioning to a government contractor role where he worked in cyber R&D. He is now a software developer at Vector 35 focused primarily on improving Binary Ninja for firmware analysis.