Slaying the RE dragon: Mastering Reverse Engineering

Trainer Name: Sudhakar Verma

Title: Slaying the RE dragon: Mastering Reverse Engineering

Duration: 4 Days

Dates: Sept. 23, 2021 To Sept. 26, 2021

Time: 10 a.m. To 2 p.m.


Overview

Have you ever looked at programs and wondered how do they function? How to analyze and debug the operating system and malware? Found a bug, got infected by malware?

We will try to answer these questions with fun tasks while learning the methods, tools we need in the process.

Course Outline

Day 1 - Basics

This day focuses on bringing each participant to the same level of comfort and understanding of the underlying systems

  • Introduction and recap of the homework
    • binary/file format internals
    • linkers/loaders
    • os internals
    • virtual address space
    • general assembly gotchas, basic x86{64}, trivia, and jargons
  • Familiarising with the tools of the trade

Day 2 - Warmup

  • Mapping assembly to a higher level code in C/C++, Common pitfalls in C++ reversing
  • Putting theory into practice, Reconnaissance to understanding target.
  • System monitoring techniques
  • Working with your favorite disassemblers and various static analysis tools to understand program properties
  • Understanding control and data flow - basic blocks, cfg, and other program elements
  • Tracing program execution, basic debugging, and tracing

Day 3 - Analysis - Static and Dynamic

This day focuses on solving various tasks involved during day-to-day malware/vulnerability analysis, acquiring intermediate skills needed to reverse engineer complex software.
This day will focus on tracing, scripting, automating the analysis, and writing your own tools.

  • Case study 1: Crash analysis to understand vulnerability root cause?
    • Understanding the reason for the application crash? Backtracking to understand entry of the application
    • How to analyze crashes?
    • Fixing symbols
    • Source-to-symbol mapping
    • Figuring out data structures
    • Fix?

Day 4 - Malware Analysis - Static and Dynamic

Working up from normal Reversing to bypassing novel techniques used by Malware. We will use the knowledge, tools and techniques from the last day to figure out common traits of some malware.

What to Expect?

An interesting and functional solution to challenges involved in the reverse engineering workflow.

Who should attend

Cyber Security Experts, Penetration Testers, Cyber Security Analyst

Prerequisites

  • Knowledge of assembly and file formats is preferred
  • A combination of C/C++ and Python to write tools

What to Bring

  • Laptop with admin privileges
  • VMware Workstation or VMPlayer
  • Minimum 50 GB of storage.
  • Minimum 4 GB RAM for virtual machines.

About the Trainer

Sudhakar is an Engineer with the Spotlight team at CrowdStrike. He has 4+ years of experience around reversing, exploitation, CTFs and software development. He is passionate about all thing’s exploitation and maths. He is currently the chapter lead for Null - The Open Security Community Pune chapter. In the past he has given talks at local Null meetups and BSides Delhi.