Overview
Reverse engineering has evolved from a "dark art" traditionally restricted to the elite few, to a learnable methodology using public and commercial tools. Vulnerability researchers utilize the art to go beyond the reachable depth of traditional fuzzer technology and locate the more obscure finds. Because of advancements in today's malicious code, analysts can no longer rely solely on live-analysis techniques for mapping the internal workings of malware. In general, more and more researchers are finding the need to peek "under the hood". This class is meant to impart cutting-edge understanding of malicious code analysis upon attendees, ultimately taking them to an advanced level of reverse engineering skills applicable to other security domains.
What You Will Learn
This course was designed for students who have an introductory / basic understanding of x86 assembly and reverse engineering as well as
more advanced students wishing to refresh their skills and learn new approaches to familiar problems. The course will cover the basics
of x86 assembly and pattern recognition, Windows process memory layout, tools of the trade (such as IDA Pro and OllyDbg), the PE file
format and basic exploitation methodologies abused by worms to penetrate a target system (stack/heap overflows). As this course is focused
on malicious code analysis, students will be given real-world virus samples to reverse engineer. The details of executable packing,
obfuscation methods, anti-debugging and anti-disassembling will be revealed and re-enforced with hands-on exercises.
Toward the end of the course more advanced reverse engineering techniques with applications to malicious code analysis will be taught—including:
Course Structure
This is a two-day course where the notion of "rapid response" is taken into consideration with each aspect, focusing on techniques and methodologies that can be applied in a timely and effective manner. We will force you to learn shortcuts and put your mouse to rest. At the completion of this course, students will walk away with applicable real world knowledge that can be directly applied to various reverse engineering related tasks, especially with regards to malicious code analysis.
How the Course is Run
This course is by no means a two-day lecture. Instead, you will be engaged in a number of individual and group hands-on exercises to reinforce and solidify everything that is taught in the class. Some of the exercises are held in a competitive nature, followed by class discussion to pin point elegant approaches and solutions that various individuals or groups may have used. Despite the fact that the course is held in Vegas, take home exercises will be available for the type-A personalities attending the course.
Who Should Attend
If you are interested in the field of reverse engineering, want to learn how to dissect unknown code faster, want to discuss cutting edge technologies, techniques and ideas, or simply want to impress your friends ... then this class is for you.
Learning Environment
Aside from direct class materials, slides and hands-on exercises, students will have many opportunities to engage in one-on-one questions with instructors. Furthermore, students will be divided into groups by experience to foster student-student knowledge transfer as well.
Prerequisites
Prospective students should be comfortable operating Microsoft Windows and have a basic understanding of x86 assembly and high level programming and OS concepts.
Course Length: Two days. All course materials, lunch and two coffee breaks will be provided. A Certificate of Completion will be offered. You must provide your own laptop.
currently leads the security research and product security assessment team at TippingPoint, a division of 3Com. Previous to TippingPoint, he was the assistant director and one of the founding members of iDEFENSE Labs. Despite the fancy titles he spends much of his time in the shoes of a reverse engineer- developing automation tools, plug-ins and scripts for software like IDA Pro and OllyDbg.
In conjunction with his passion for the field, he launched OpenRCE.org, a community website dedicated to the art and science of reverse engineering. He has previously presented at DEFCON, RECon, ToorCon and taught a sold out reverse engineering course at Black Hat US 2005. Pedram holds a computer science degree from Tulane University.
is currently a reverse engineering automation researcher at SABRE Security, home of BinDiff and BinNavi. Ero has previously spent several years as a Virus Researcher at F-Secure where his main duties ranged from reverse engineering of malware to research in analysis automation methods. Prior to F-Secure, he was involved in miscellaneous research and development projects and always had a passion for mathematics, reverse engineering and computer security.
While at F-Secure he advanced the field of malware classification introducing a joint paper with Gergely Erdelyi on applying genomic methods to binary structural classification. Other projects he's worked on include seminal research on generic unpacking.
Additionally, Ero is a habitual lurker on OpenRCE and has contributed to miscellaneous reverse engineering tools such as pydot, pype, pyreml and idb2reml.
Early:
Ends Jan 1 |
Regular: |
Late: |
Onsite: |
$1800 |
$2200 |
$2300 |
$2500 |
Black Hat USA 2009
July 25-30
Caesars Palace
Las Vegas, NV
Training July 25-28
Briefings July 29-30
Black Hat USA Briefings Main page is online now.
Find out about our 2009 venue, Caesars Palace.
Black Hat Webcasts
On the third Thursday of every month, Black Hat does a free infosec webcast. Meet security thought leaders and get your questions answered.
Can't make it to our live webcast events? Subscribe to the Black Hat Webcast RSS feed and take the webcasts with you in podcast form.
Upcoming Topics
Black Hat Social
LinkedIn
LinkedIn members can join our Black Hat Group and post news articles of interest to the community, make connections and discuss security topics.
Facebook
We have a Facebook fan page now. Please check us out there - share your ideas, your photos, and your videos with us.
Flickr
Check out our Black Hat photostream. Comment. Contribute. Got great pix? Share with the community.
Twitter
Find out what's going on with Black Hat in real time by following us on Twitter. Meet other Black Hat speakers and attendees, share what matters to you.
Delicious
When something in the news catches our eye at Black Hat HQ, we post the link on Delicious.