What to bring:
Students must bring their own laptop with a full version of IDA Pro 4.9 installed. Failure to do so will make participation impossible.
A decent knowledge of x86 assembly language and good knowledge of C is required. It is helpful to have experience with C++ and Python (for the automation part).
Several other tools will be provided on the CD (IDA Plugins, C Compiler, Source Analysis Helpers, IDC Scripts).
|
The C programming language gives the programmer a lot of rope to hang himself with - and C++ just adds to the featurelist. Both languages have an impressive number of subtle pitfalls, and many of these can be leveraged by a skilled attacker to execute code on a computer on which these vulnerable programs run. But while almost everybody seems to understand the significance of these programming mistakes, few actually sit down and analyze code from the security analysis perspective. This workshop focuses on teaching security-specific code-analysis, both in source and in binary form.
Day One: Basics
The first day will start out with a thorough review of common (and not so common) security-critical bugs in C, and discuss a number of methodologies used for finding such mistakes. A few problems specific to C++ code will be covered, and tools that can help in the process of code analysis will be discussed.
As a next step, the connection between C/C++ and the generated assembly code will be treated: How do high-level-language features such as switch()-statements, conditionals, class inheritance etc. translate to the assembly level? How can a reverse engineer reconstruct parts of them?
Day Two:
Automation
The second day is dedicated to semi-automation of the analysis process: Visualisation tools will be used to faciliate program understanding, IDAPython-scripts for structure/object reconstruction and other repetitive tasks will be created and used. Once we have a decent toolkit, we will start the analysis of a closed-source application in the hope of finding security bugs.
|
Trainer:
|
Halvar Flake is SABRE Labs' founder. Originating in the fields of copy protection and digital rights management, he gravitated more and more towards network security over
time as he realized that constructive copy protection is more or less fighting windmills. After writing his first few exploits he was hooked and realized that reverse engineering experience is a
very handy asset when dealing with COTS software. With extensive experience in reverse engineering, network security, penetration testing and exploit development he a coveted speaker and trainer.
|