Overview:
The C programming language gives the programmer a lot of rope to hang himself with - and C++ just adds to the featurelist. Both languages have an impressive number
of subtle pitfalls, and many of these can be leveraged by a skilled attacker to execute code on a computer on which these vulnerable programs run. But while almost
everybody seems to understand the significance of these programming mistakes, few actually sit down and analyze code from the security analysis perspective. This
workshop focuses on teaching security-specific code-analysis, both in source and in binary form.
Day One: Basics
The first day will start out with a thorough review of common (and not so common) security-critical bugs in C, and discuss a number of methodologies used for
finding such mistakes. A few problems specific to C++ code will be covered, and tools that can help in the process of code analysis will be discussed.
As a next step, the connection between C/C++ and the generated assembly code will be treated: How do high-level-language features such as switch()-statements, conditionals, class inheritance etc. translate to the assembly level? How can a reverse engineer reconstruct parts of them?
Day Two: Automation
The second day is dedicated to semi-automation of the analysis process: Visualisation tools will be used to faciliate program understanding, IDAPython scripts
for structure/object reconstruction and other repetitive tasks will be created and used. Once we have a decent toolkit, we will start the analysis of a
closed-source application in the hope of finding security bugs.
Course Length: Two days. All course materials, lunch and two coffee breaks will be provided. A Certificate of Completion will be offered. You must provide your own laptop.
is SABRE Labs' founder. Originating in the fields of copy protection and digital rights management, he gravitated more and more towards network security over time as he realized that constructive copy protection is more or less fighting windmills. After writing his first few exploits he was hooked and realized that reverse engineering experience is a very handy asset when dealing with COTS software. With extensive experience in reverse engineering, network security, penetration testing and exploit development.
Early:
Ends Feb 1 |
Regular: |
Late: |
Onsite: |
1725 EUR |
1925 EUR |
2125 EUR |
2325 EUR |
Black Hat USA 2009
July 25-30
Caesars Palace
Las Vegas, NV
Training July 25-28
Briefings July 29-30
Black Hat USA Briefings Main page is online now.
Find out about our 2009 venue, Caesars Palace.
Black Hat Webcasts
On the third Thursday of every month, Black Hat does a free infosec webcast. Meet security thought leaders and get your questions answered.
Can't make it to our live webcast events? Subscribe to the Black Hat Webcast RSS feed and take the webcasts with you in podcast form.
Upcoming Topics
Black Hat Social
LinkedIn
LinkedIn members can join our Black Hat Group and post news articles of interest to the community, make connections and discuss security topics.
Facebook
We have a Facebook fan page now. Please check us out there - share your ideas, your photos, and your videos with us.
Flickr
Check out our Black Hat photostream. Comment. Contribute. Got great pix? Share with the community.
Twitter
Find out what's going on with Black Hat in real time by following us on Twitter. Meet other Black Hat speakers and attendees, share what matters to you.
Delicious
When something in the news catches our eye at Black Hat HQ, we post the link on Delicious.