InfoSec Institute (ISI) Reverse Engineering Course Plagiarism

Sat Nov 26 01:37:21 CST 2011

After plagiarism was discovered in one ISI class, we received a tip that the Reverse Engineering course they offer also contains plagiarized material. ISI (@InfoSecEdu) responded saying that the book was distributed with the class (Tweet since removed). We reminded ISI that there is a difference between distributing a book with a class, and using material from it without authorization. ISI quickly replied that they had a license to use portions of the book in their course (Tweet since removed).

The copy of the course we received had no date. We emailed Jack Koziol who told us depending on the revision, it was either 2010 or 2011. After a cursory review of the Reverse Engineering course, we determined that material appeared in it that had been posted on the net in 2006 and 2007. The book they distribute, "Reversing: Secrets of Reverse Engineering" by Eldad Eilam was printed in 2005. This created a concern that the blogs we found may have plagiarized the book, something we had seen before during other reviews. Courtesy of our Twitter followers, we received a searchable PDF copy of Eilam's book so that we could examine it to make sure we knew the true origin of the material. The sections we originally identified as potentially plagiarized, did not appear in the book. Based on all evidence available to us, and after mailing Koziol asking for his opinion and for additional information (both went unanswered), we have to assume that the ISI Reverse Engineering contains plagiarism.

The Reverse Engineering course we received has a title page identifying it as:

InfoSec Institute
IACRB Information Assurance Certification Review Board
Reverse Engineering: Malware & Binary Analysis
Official Lab Manual

The Plagiarism

The following table details the Reverse Engineering course material that was taken from other sources, making up a sizable portion. Given the variety of sources used, it is clear that whoever drafted this course willfully infringed copyright and plagiarized most of the material. Several pages appear to be written by ISI, but contain poor grammar and formatting issues.

Pages / total Description Original Source
2-13 Lab #1: Assembler Basics Assembler Basic Guide Tutorial (2006-04-13 or earlier). See Note #1 below table.
37 Lab #4: Runtime Patching with a Debugger Verbatim from
38-52 Lab #4 ~ 98% of content from cityofdevil1 blog (2007-10-22)
147 Lab #14: Deobfuscating Encrypted Binaries Half of the page from ASProtect page

Note #1: This material was also found on different thread on the same host (2006-10-13) as well as on The original post says "This is a Tutorial my Programming Teacher gave to me at School ... I couldnt find the name of the original author so sorry :(." This suggests the material had likely been around for many months, if not a year or more before it was posted here. An volunteer spent time trying to track it down further. He found it reposed on, with a reply that said it was originally posted to That site is no longer available and not mirrored on Via an IRC chat, he learned that the original post was in the 'user area' and was a user's published tutorial on, but an archive of that site isn't available, even by the owner.

main page ATTRITION feedback