What to bring:
Students must bring their own Laptop with a full version of IDA Pro 4.7 Standard or Advanced installed.
Failure to do so will make participation impossible. Software is available for purchase online via the registration page.
A general knowledge of x86-assembly language is required to follow the course, as is a good knowledge of C/C++.
Several other tools will be provided on the CD (IDA Plugins, C Compiler, Source Analysis Helpers, IDC Scripts).
The C programming language gives the programmer a lot of rope to hang himself with - and C++ just adds to the featurelist. Both languages have an impressive number of subtle pitfalls, and many of these can be leveraged by a skilled attacker to execute code on a computer on which these vulnerable programs run. But while almost everybody seems to understand then significance of these programming mistakes, few actually sit down and analyze code from the security analysis perspective. This workshop focuses on teaching security-specific code-analysis, both in source and in binary form.
Day One: Open-Source Day
The first day ("Open-Source day") will attempt to thoroughly review most common (and not so common) security-critical bugs in C (if that is possible) and to teach guidelines & methodologies for code review. Problems specific to C++ code will be covered, and various tools that are supposed to assist in source code review will be discussed. After the theoretical/demonstration part is finished, the remainder of the day will be used to practice hands-on auditing on some open-source server software.
Although we are dealing with open-source-software during the first day, IDA Pro will be used to generate Function Flowgraphs etc. to aid in understanding, and to verify the existence of certain bugs. IDA's built-in scripting language will help us in eliminating some of the more boring parts of the analysis process.
Day Two: Closed-Source Day
The second day ("Closed-Source day") will transfer the principles of source-code analysis to the closed-source world: By using IDA Pro and a few home-brewn plugins the students will be introduced into the specific problems when dealing with the analysis of commercial closed-source software. Specific focus will be put on both the automation of some of the more annoying tasks and on repairing & understanding some of the things that modern C++ compilers generate in the binary. Again, after the theoretical part of the day is finished, the students will be given a lot of opportunity to collect hands-on experience in the process of auditing binaries.
Cost: 1350 EUR before 1 March 2005 or 1550 EUR after 1 March 2005
NOTE: this is a two day course. A Black Hat Certificate of Completion will be offered. You will be need to provide your own laptop configured to the specifications as described below.
Because the class requires that a version of IDA Pro 4.7 Standard or Advanced edition be installed on the participant's laptop, Black Hat is pleased to offer both IDA Pro Standard and IDA Pro Advanced for purchase online. Simply select the IDA Pro Software on the registration page when you register for the event.
This class has a 16 student limit.
Halvar Flake is Black Hat's resident reverse engineer. Originating in the fields of copy protection and digital rights management, he gravitated more and more towards network securityover time as he realized that constructive copy protection is more or less fighting windmills. After writing his first few exploits he was hooked and realized that reverse engineering experience is a very handy asset when dealing with COTS software. With extensive experience in reverse engineering, network security, penetration testing and exploit development he recently joined BlackHat as their main reverse engineer.