• Goa 2020
  • Speakers
  • KaiJern Lau & Quynh Nguyen Anh

KaiJern Lau & Quynh Nguyen Anh

Kaijern-Lau & Quynh-Nguyen-Anh

Talk Title:

Building advanced security applications on Qiling.io


qiling.io is a sandbox emulator framework with a rich set of Python API to enable highly customizable analysis tools built on top. Using emulator technology inside, our engine can run the executable binary in a cross-platform-architecture way, so we can analyze Windows PE files on Linux Arm64, IoT firmware based on Mips on MacOS, and so on.

This talk introduces the internals of Qiling, in which we focus on the design & implementation of our engine. We will present in detail all the layers in Qiling architecture, starting from the binary loader, dynamic linker, to OS environment, essential system components and APIs to enable binary emulation. We will also explain how the flexible plugin-based design allow us to easily extend and support new platforms, such as embedded OS, or baseband firmware.

As a framework, Qiling paves way for users to quickly & easily build new security tools, without requiring much low-level knowledge. This presentation focuses on how to build a series of advanced applications, ranging from cross-platform coverage-guided fuzzer, malware shellcode analyzing, to IoT emulation for vulnerability research. Each case will be discussed in details, so the audience can come back home and start creating more exciting tools right away.

To conclude, we will give insights into the latest features in the upcoming release 1.0, as well as some directions for the future development of Qiling.


KaiJern, Lau

KaiJern (xwings), is Lab Director of The ShepherdLab, of JD Security by JD.COM. He presented his findings in different international security conferences like HITB, Codegate, QCon, KCon, Brucon, H2HC few different Defcon group and etc. He also conducted a hardware Hacking course in various places around the globe. He is also an active contributor for Unicorn (http://unicorn-engine.org)

Dr. Nguyen Anh Quynh

Dr.Nguyen Anh Quynh is a regular speaker at various industrial cybersecurity conferences such as Blackhat USA/Europe/Asia, Defcon, Deepsec, XCon, Hitcon, Brucon, Zeronights, Tensec, H2HC, etc. He also presented his researches in academic venues such as Usenix, IEEE, ACM, LNCS. Dr. Nguyen is also the founder and maintainer: Capstone (http://capstone-engine.org), Unicorn (http://unicorn-engine.org) & Keystone (http://keystone-engine.org).

Copyright © 2023 | Nullcon India | International Security Conference | All Rights Reserved