• Goa'19
  • Training
  • Black Belt in Reverse Engineering

Black Belt in Reverse Engineering

Nitay Artenstein & Anna Dorfman

Register Now
Nitay Artenstein Anna Dorfman

Trainer Name: Nitay Artenstein & Anna Dorfman
Title: Black Belt in Reverse Engineering
Duration: 3 Days
Dates: 26th - 28th Feb 2019

Preview

Reverse engineering is a fundamental skill in cyber-security. It is essential for offensive cyber-security - the art of attacking an adversary through the electronic devices that connect him to the world - as well as for defensive cyber-security, which involves protecting an organization’s staff and assets from a determined opponent.

Reversing is the art of understanding a complex program when its source code is not available. Reverse engineers use their skills in a wide variety of fields: Vulnerability research, exploit development and malware analysis are only some of the security-critical tasks that require a proficiency in reversing.

Reverse engineering is a difficult subject to master, because it requires both a breadth of knowledge in computing, as well as in-depth understanding of several specific topics. Proficient reverse engineers are experts in operating system architecture, machine language and low-level programming. Reversers also need a good detective instinct, and the ability to piece together a complicated puzzle even when they don’t have all the pieces.

These are just some of the tasks that a skilled reverse engineer can accomplish: 

  • Finding vulnerabilities in software
  • Analyzing malware
  • Understanding and interfacing with undocumented, closed-source systems

In this course, students will acquire the essential skills required to become good reverse engineers. They will obtain the knowledge that will enable them to continue to develop themselves in the field, and gain proficiency in the main tools of the trade. Students who will finish the course will have the ability to immediately start working on offensive or defensive projects, and will have a firm grasp of the fundamentals of reverse engineering.

Course Syllabus

Day One:

Assembly Language & Windows Internals

  • The architecture of an operating system
  • How is a program run in Windows?
  • The architecture of the x86 microprocessor
  • The main instructions used in x86 assembly
  • Registers of the x86 microprocessor
  • The memory space. Virtual and physical memory
  • Data structures and abstractions: the stack, the heap and the code section
  • An introduction to compilers
  • Translating from Assembly to C and vice-versa
  • Overview of the OS kernel
  • System calls
  • Dynamic loading and system libraries
  • Privilege levels in Windows
  • Attacking and Defending Windows

Day Two:

Tools of the Trade

  • Static analysis
  • Dynamic analysis
  • IDA Pro: The reverser’s best friend
  • Radare2: The open-source alternative to IDA
  • Immunity Debugger: The swiss army-knife of dynamic analysis
  • Windbg: Supercharged debugging
  • Combining static and dynamic analysis
  • Crackme 1: Obtaining a secret password using IDA
  • Crackme 2: Removing copy protection with a patch
  • Crackme 3: Decrypting a secret message with a debugger

Day Three:

Practical Applications - Introduction to Malware Research and Vulnerability Research

  • Malware: What is it?
  • Different types of malware
  • Advanced Persistent Threats and RATs
  • How malware is protected: Obfuscators, packers and crypters
  • Overcoming malware protection mechanisms
  • Practical exercise 1: Reverse engineering banking malware
  • Introduction to vulnerability research: Finding and understanding a stack overflow
  • Initial exploitation: Controlling the instruction pointer
  • Introduction to modern exploit mitigations

Trainer Bios:

Nitay Artenstein is a security researcher in the fields of reverse engineering, exploit development and vulnerability research. His fields of interest include reverse engineering embedded systems and bug hunting in the Linux kernel. For the past seven years, he has been working mainly on exploiting Android devices. He has previously presented at Black Hat, Recon and other security conferences. He suffers from a severe addiction to IDA Pro, and generally gets a kick out of digging around where he's not supposed to.

Anna Dorfman is a security researcher who’s also a cryptography enthusiast. In her previous roles at Versafe (now F5 networks), Kaspersky Labs and as an independent researcher, she carried out a variety of projects focusing on reverse engineering X86 and ARM, malware research and embedded systems vulnerability research. She gave talks at ReCon, VirusBulletin and other conferences.

Copyright © 2019-20 | Nullcon India | International Security Conference | All Rights Reserved