|What to bring:
Students should bring a Laptop with a recent version of IDA Pro installed (4.21 or higher). A text/source code editor would be useful as well.
All other tools (Custom IDA Plugins, compilers, source analysis tools) will be provided on the CD
The C programming language gives the programmer a lot of rope to hang himself with - and C++ just adds to the featurelist. Both languages have an impressive number of subtle pitfalls, and many of these can be leveraged by a skilled attacker to execute code on a computer on which these vulnerable programs run. But while almost everybody seems to understand the significance of these programming mistakes, few actually sit down and analyze code from the security analysis perspective. This workshop focuses on teaching security-specific code-analysis, both in source and in binary form.
Day One: Open-Source Day
The first day ("Open-Source day") will attempt to thoroughly review most common (and not so common) security-critical bugs in C (if that is possible :) and to teach guidelines & methodologies for code review. Problems specific to C++ code will be covered, and various tools that are
supposed to assist in source code review will be discussed. After the theoretical/demonstration part is finished, the remainder of the day will be used to practice hands-on auditing on some open-source server software.
Day Two: Closed-Source Day
The second day ("Closed-Source day") will transfer the principles of source-code analysis to the closed-source world: By using IDA Pro and a few home-brewn plugins the students will be introduced into the specific problems when dealing with the analysis of commercial closed-source software. Specific focus will be put on both the automation of some of the more annoying tasks and on repairing & understanding some of the things that modern C++ compilers generate in the binary. Again, after the theoretical part of the day is finished, the students will be given a lot of opportunity to collect hands-on experience in the process of auditing binaries.
Course Length: 2 days
NOTE: this is a two day course.
Halvar Flake is Black Hat's new resident reverse engineer. Originating in the fields of copy protection and digital rights management, he gravitated more and more towards network securityover time as he realized that constructive copy protection is more or less fighting windmills. After writing his first few exploits he was hooked and realized that reverse engineering experience is a very handy asset when dealing with COTS software. With extensive experience in reverse engineering, network security, penetration testing and exploit development he recently joined BlackHat as their main reverse engineer.