Black Hat USA 2009 Weekday Training Session

July 27-28

Finding Security Bugs in Closed-source Software: Advanced

Halvar Flake

Overview:

Due to the ever-expanding nature of the topic, and to balance skill levels in the class better, the course has been split into two halves. This is the advanced half. It is recommended for practitioners with more than 2 years experience in this field, or those who have taken the 'beginner' course.

The course assumes the following:

• You are comfortable using IDA Pro and OllyDbg - you can navigate and use most of the functionality
• You can spot complicated integer issues both in source and binary
• You are confident in your abilities to read disassembly that was generated from standard C code
• You "understand bugs", e.g. you can review code for nontrivial security issues

The course will cover the following:

• Automation of IDA Pro through the use of IDAPython
• Code constructs that C++ compilers generate, and methods of dealing with them from the reverse engineering perspective
• RTTI information and how to extract it to generate class hierarchies/diagrams from binary
• Patch analysis with BinDiff - understanding security fixes by analyzing the updated executables
• Differential Debugging with BinNavi - targeted extraction of specific features from executables
• Automation of BinNavi using NaviPython and REIL

The course will spend both days on binary review.

Trainer:

Halvar Flake

Founder, Zynamics

Halvar Flake is Zynamics' founder. Originating in the fields of copy protection and digital rights management, he gravitated more and more towards network securityover time as he realized that constructive copy protection is more or less fighting windmills. After writing his first few exploits he was hooked and realized that reverse engineering experience is a very handy asset when dealing with COTS software. With extensive experience in reverse engineering, network security, penetration testing and exploit development he recently joined Black Hat as their main reverse engineer.

Super Early: Ends Mar 15	Early: Ends May 1	Regular: Ends Jul 1	Late: Ends Jul 22	Onsite:
$2000	$2100	$2300	$2500	$2800