Binary reverse engineering is a critical skill in the infosec world, from verifying crypto algorithms to finding and analyzing vulnerabilities and writing exploits. This often requires a balance of experience and intuition that only comes from practice. Our workshop will delve into the dark art of disassembly and provide participants with the tools and techniques required to practice it and develop the perceived "sixth sense" that accompanies expert reverse engineers.
All examples in the workshop will be implemented in 32-bit x86 assembly, and some experience programming in a high-level language is assumed (preferably C/C++). Examples will be performed on the Linux operating system, although many techniques will convey to any platform. It is also assumed that participants understand the legal risks associated with reverse engineering.
Participants must bring a laptop capable of running a Linux virtual machine via VirtualBox or VMWare (Player, Workstation, or Fusion).
Topics
Intro
Intro to the Intel Architecture Overview of the 32-bit instruction set Calling conventions Reversing high-level language constructs from disassembly Lab Exercises
Binary Recon with binutils and debuggers
Binary recon with strings, objdump, ldd and other binutils
How does a debugger work?
gdb usage
Lab Exercises
Disassemblers
What does a disassembler do?
Intro to IDA Pro - walk through first 3 levels of bomb
Lab Exercises
64-bit Intel (time permitting)
Overview of the 64-bit instruction set
Where to go next?
Language features (C++, etc.)
Structure analysis
What to do if your tools don't work (binwalk!)
Emulation
Symbolic Execution
Semantic analysis, intermediate representation
Ben Demick is a Senior Lead Engineer at Booz Allen Hamilton with over 6 years of experience reversing embedded systems and doing embedded development. He holds a B.S. in Electrical Engineering and Physics from Clarkson University, an M.S. in Electrical and Computer Engineering from Johns Hopkins University, and has been an instructor with Booz Allen's internal software reverse engineering program for the last 3 years.
Mike Schroeder is a Senior Lead Engineer with Booz Allen Hamilton and has over 7 years of experience reverse engineering embedded systems. He holds a B.S. in Computer Engineering from the University of Maryland in College Park, an M.S. in Electrical Engineering from Johns Hopkins University, and is an instructor with Booz Allen's internal reverse engineering training program.
Malachi Jones is a Lead Engineer at Booz Allen Hamilton and has over 3 years of experience reversing embedded systems and embedded software development. He holds a B.S. in Computer Engineering from the University of Florida, an M.S. and PhD from Georgia Tech, and is an instructor with Booz Allen's internal reverse engineering training program.
Allen Hazelton is a Chief Engineer at Booz Allen Hamilton and has 10 years of experience reverse engineering. Since 2008, Mr. Hazelton has led Booz Allen's internal reverse engineering training program and has taught over 250 of his colleagues. Since 2009, Mr. Hazelton has lectured at the A. James Clark School of Engineering at the University of Maryland College Park where he teaches a 3 credit undergraduate course in software reverse engineering for computer engineering and computer science majors. Mr. Hazelton holds a B.S. in Computer Engineering from the University of Maryland College Park and is CEH and CREA certified.