Replace references to obsoleted software

[noita-player]

Immunity debugger is completely obsoleted. x64dbg+scylla/titanhide is what should be taught in courses desiring a GUI debugger w/ anti-anti-debug.

win7 is also end of life and declining in market share.

[ckane]

I've been following the x64dbg project for awhile, and I probably will migrate the course to it after a stable release version is established. Right now the project appears under heavy development, even if a lot of features work really well.

Immunity Debugger isn't "completely obsoleted", or obsoleted at all. The company that publishes it is still active, and the project itself is very stable and maintained, even though it is largely feature-frozen. It is still used in many courses, including SANS, while Offensive Security's CTP course is still taught even using OllyDbg. I mainly picked it for a few reasons for this course:

1. It is actively maintained by an author, and Olly is no longer maintained,
2. It is feature-stable - releases are published that have stable interfaces and features, so 10 years from now anyone using my material can still follow along pretty easily, even with a newer version of the tool
3. It is what I have used for the past 6-7 years, since I decided to move away from reliance on OllyDbg (due to it seeming to be abandonware)

That said, Immunity offers all of the capabilities I need to teach the students for the course. As it stands today (and I've followed x64 for awhile, as it looked promising in alpha, though it wasn't clear if the ambitious would make it to a final release) x64dbg is still publishing daily or weekly development snapshots, and hasn't published a final release yet. When the project matures a bit more I'll have some time to re-work some material for it, and validate that the topics I am trying to incorporate into the course can be achieved with it, as I generally prefer the open source alternative in most cases. It's a project that I do keep up with and will likely pivot to once I feel it is stable enough to provide a good learning experience for students on the foundational use cases I teach, and after I have some time to pivot my own malware analysis work to it.

As for Win7 -> when more Win10-compatible code execution vulns come out, I'll update to Windows 10. I have found, however, that it is often more beneficial to do malware analysis using older versions of Windows because there are a lot less features in them that block execution of some malicious actions. Remember: this course isn't how to harden an Windows system - this is how to use testlab VMs and analysis tools to extract as much knowledge from an unidentified malware sample - old & vulnerable versions of Windows come in handier for this task than the latest & greatest.

[mrexodia]

Just found this repo and wanted to comment on this: there will most likely never be an official 'stable' release of x64dbg. For the past few years I started working full-time and almost all the work I do is bugfixes and stability improvements. Courses like SANS are simplify choosing a snapshot on a specific date and stick with that.

If you have any specific features you feel are missing, please let me know and I'll see what I can do. I see that there isn't a lot of new content about debugging, but wanted to comment anyway.

[ckane]

Thanks, I haven't updated the course as I have been focused on other stuff, and also the Univ. has since hired full-time faculty to cover this and other material as the cyber program has matured. I had largely stuck with Immunity above as that seemed to also be what SANS and OffSec were using. I would definitely like to use x64dbg in future content, though, so I'll keep that in mind - thanks for the details.