Overview
The need for reverse engineering binary software components arises in more and more contexts every day. Common cases include analysis of malicious software such as viruses, worms, trojans and rootkits, analyzing binary drivers in order to develop open source drivers for alternate platforms, analyzing closed source software for security flaws, and source code recovery in legacy systems. The first step in such an analysis is generally the acquisition of a high quality disassembly of the binary component. Ida Pro is touted as the premier disassembler available today. Ida Pro is capable of disassembling machine languages for a large number of microprocessors and microcontrollers and is particularly strong when used on Windows and LinuxÆ executables. This course will cover essential background material for effective reverse engineering before diving into the features of Ida Pro that set it apart from other disassemblers.
Course Structure
This is a two-day course that combines lectures with increasingly difficult hands-on exercises designed to familiarize the student with the capabilities of Ida Pro and its uses in analyzing various types of binary files.
What You Will Learn
The course will provide an overview of disassembler theory followed by a review of the structure of compiler-generated code. Armed with that background information, students will be introduced to the features of Ida Pro that set it apart from other disassemblers and learn how it can assist them in determining the behavior of various binary files. The course will cover the basics of the Ida Pro interface including the many informational displays it contains. Students will be introduced to the scripting capabilities of Ida Pro as well as its plugin architecture. Finally, students will be presented with techniques for dealing with statically linked, stripped, and obfuscated binaries.
How It Will Work
Each student will be provided with many example binaries that will be used throughout the course to demonstrate IDA Pro's many features. The binaries run the range from simple demonstrations to real world examples of obfuscated malicious code. These binaries will be used in both instructor-led discussions and individual exercises to reinforce disassembly concepts and familiarize the student with a wide range of IDA Pro capabilities. In addition to sample binaries, students will be provided with valuable reverse engineering reference material including many IDA Pro sample scripts and plugins.
Who Should Attend?
Information security officers, anti-virus vendors, vulnerability researchers, security consultants, software developers and other nice people will all benefit from the techniques presented in this class. Remember that this course is practical and of an extremely technical nature, so a basic understanding of assembly language (preferably x86), C/C++ programming, networking, and security is a course prerequisite.
Course Length: Two days. All course materials, lunch and two coffee breaks will be provided. A Certificate of Completion will be offered. You must provide your own laptop.
Because the class requires that a version of IDA Pro 4.9 or greater be installed on the participant's laptop, you must purchase the software directly from DataRescue.
is the Associate Chairman of the Computer Science Department at the Naval Postgraduate School (NPS) in Monterey, CA. A computer engineer/scientist for 20+ years, his research interests include computer network operations, computer forensics and reverse/anti-reverse engineering. He has been a speaker at conferences such as Black Hat, CodeCon, and ShmooCon and is a co-author of the book "Gray Hat Hacking". In his spare time he is the Dean of Hacking for the Sk3wl of r00t, past and future champions of the capture the flag competition at DEFCON
Early:
Ends Jan 1 |
Regular: |
Late: |
Onsite: |
$2250 |
$2450 |
$2750 |
$2950 |
Black Hat USA 2009
July 25-30
Caesars Palace
Las Vegas, NV
Training July 25-28
Briefings July 29-30
Black Hat USA Briefings Main page is online now.
Find out about our 2009 venue, Caesars Palace.
Black Hat Webcasts
On the third Thursday of every month, Black Hat does a free infosec webcast. Meet security thought leaders and get your questions answered.
Can't make it to our live webcast events? Subscribe to the Black Hat Webcast RSS feed and take the webcasts with you in podcast form.
Upcoming Topics
Black Hat Social
LinkedIn
LinkedIn members can join our Black Hat Group and post news articles of interest to the community, make connections and discuss security topics.
Facebook
We have a Facebook fan page now. Please check us out there - share your ideas, your photos, and your videos with us.
Flickr
Check out our Black Hat photostream. Comment. Contribute. Got great pix? Share with the community.
Twitter
Find out what's going on with Black Hat in real time by following us on Twitter. Meet other Black Hat speakers and attendees, share what matters to you.
Delicious
When something in the news catches our eye at Black Hat HQ, we post the link on Delicious.