What to bring:
Students must bring their own Laptop with a full version of IDA Pro 4.7 or greater installed.
Failure to do so will make participation impossible. Black Hat offers discount pricing for this software to registered students. Please contact store<a>blackhat.com
A general knowledge of x86-assembly language is required to follow the course, as is a good knowledge of C/C++.
Several other tools will be provided on the CD (IDA Plugins, C Compiler, Source Analysis Helpers, IDC Scripts).
The C programming language gives the programmer a lot of rope to hang himself with - and C++ just adds to the featurelist. Both languages have an impressive number of subtle pitfalls, and many of these can be leveraged by a skilled attacker to execute code on a computer on which these vulnerable programs run. But while almost everybody seems to understand then significance of these programming mistakes, few actually sit down and analyze code from the security analysis perspective. This workshop focuses on teaching security-specific code-analysis, both in source and in binary form.
Day One: Open-Source Day
The first day ("Open-Source day") will attempt to thoroughly review most common (and not so common) security-critical bugs in C (if that is possible) and to teach guidelines & methodologies for code review. Problems specific to C++ code will be covered, and various tools that are supposed to assist in source code review will be discussed. After the theoretical/demonstration part is finished, the remainder of the day will be used to practice hands-on auditing on some open-source server software.
Although we are dealing with open-source-software during the first day, IDA Pro will be used to generate Function Flowgraphs etc. to aid in understanding, and to verify the existence of certain bugs. IDA's built-in scripting language will help us in eliminating some of the more boring parts of the analysis process.
Day Two: Closed-Source Day
The second day ("Closed-Source day") will transfer the principles of source-code analysis to the closed-source world: By using IDA Pro and a few home-brewn plugins the students will be introduced into the specific problems when dealing with the analysis of commercial closed-source software. Specific focus will be put on both the automation of some of the more annoying tasks and on repairing & understanding some of the things that modern C++ compilers generate in the binary. Again, after the theoretical part of the day is finished, the students will be given a lot of opportunity to collect hands-on experience in the process of auditing binaries.
ISC2 CISSP/SCCP CPE Credits
Students are eligible to receive 16 Continuing Professional Education (CPE) credits upon completion of class. Black Hat will automatically forward your information to ISC2.
Course Length: 2 days
Cost: US $2000 by July 1, 2005 or US $2200 after July 1, 2005
All course materials, lunch and two coffee breaks will be provided. NOTE: A Certificate of Completion will be offered. You must provide your own laptop.
Because the class requires that a version of IDA Pro 4.7 or greater be installed on the participant's laptop, Black Hat is pleased to offer IDA Pro Standard and IDA Pro Advanced. In order to purchase the software, you must
- 1) be a fully paid and registered student for this class
2) select the IDA Pro Software on the registration page
Halvar Flake is Black Hat's resident reverse engineer. Originating in the fields of copy protection and digital rights management, he gravitated more and more towards network securityover time as he realized that constructive copy protection is more or less fighting windmills. After writing his first few exploits he was hooked and realized that reverse engineering experience is a very handy asset when dealing with COTS software. With extensive experience in reverse engineering, network security, penetration testing and exploit development he recently joined BlackHat as their main reverse engineer.