Trainer Name: Sudhakar Verma

Title: Slaying the RE dragon: Mastering Reverse Engineering

Duration: 4 days (4 hrs each day)

Dates: Dec. 19, 2022 To Dec. 22, 2022

Time: 10 a.m. To 2 p.m. IST

Training Objectives

Have you ever looked at programs and wondered how they function? How do analyze and debug the operating system and malware? Found a bug, got infected by malware?

We will try to answer these questions with fun tasks while learning the methods, and tools we need in the process.

Training level: Intermediate; Basic

Training Outline

Day 1 - Basics

This day focuses on bringing each participant to the same level of comfort and understanding of the underlying systems

  • Introduction and recap of the homework
  • binary/file format internal
  • linkers/loaders
  • os internals
  • virtual address space
  • general assembly gotchas, basic x86{64}, trivia, and jargons
  • Familiarising with the tools of the trade

Day 2 - Warmup

  • Mapping assembly to a higher level code in C/C++, Common pitfalls in C++ reversing
  • Putting theory into practice, Reconnaissance to understand the target.
  • System monitoring techniques
  • Working with your favorite disassemblers and various static analysis tools to understand program properties
  • Understanding control and data flow - basic blocks, cfg, and other program elements
  • Tracing program execution, basic debugging, and tracing

Day 3 - Analysis - Static and Dynamic

This day focuses on solving various tasks involved during day-to-day malware/vulnerability analysis and acquiring intermediate skills needed to reverse engineer complex software.

This day will focus on tracing, scripting, automating the analysis, and writing your own tools.

  • Case study 1: Crash analysis to understand the vulnerability root cause.
  • Understanding the reason for the application crash? Backtracking to understand the entry of the application
  • How do analyze crashes?
  • Fixing symbols
  • Source-to-symbol mapping
  • Figuring out data structures
  • Fix?

Day 4 - Malware Analysis - Static and Dynamic

Working up from normal Reversing to bypassing novel techniques used by Malware. We will use the knowledge, tools, and techniques from the last day to figure out common traits of some malware.

Who Should Attend?

Cyber Security Experts, Penetration Testers, Cyber Security Analysts, Malware Analysts

What to Bring?

  • Laptop with admin privileges
  • VMware Workstation or VMPlayer
  • Minimum 50 GB of storage
  • Minimum 4 GB RAM for virtual machines

Training prerequisites

  • Knowledge of assembly and file formats is preferred
  • A combination of C/C++ and Python to write tools

What attendees will be provided?

  • A book with notes, scripts, lab solutions, and sample code snippets

What to Expect?

Expect your doubts about asm, memory, OS, linking, loading, and some compilers
Trainees can expect to learn about scripting various tools such as IDA, gdb, frida, etc.

What not to expect?

Kernel Debugging, Software Development, Fuzzing

About the Trainer

Sudhakar is an Engineer with the Spotlight team at CrowdStrike. He has 5+ years of experience in reversing, exploitation, CTFs, and software development. He is passionate about all things exploitation and maths. He is currently the chapter lead for Null - The Open Security Community Pune chapter. In the past, he has given talks at local Null meetups and BSides Delhi.