• NULLCON Online Training
  • November 2020
  • Slaying the RE dragon: Mastering Reverse Engineering
Back

Slaying the RE dragon: Mastering Reverse Engineering

Sudhakar Verma

register Now
Sudhakar Verma

Trainer Name: Sudhakar Verma
Title: Slaying the RE dragon: Mastering Reverse Engineering
Duration: 4 Days
Dates: 07th - 10th November 2020
Time: 10:00 AM to 2:00 PM IST
Delivery Mode: via Zoom.us and Discord Platform



Overview

Have you ever looked at programs and wondered how do they function? How to analyze and debug the operating system and malware? Found a bug, got infected by malware?

We will try to answer these questions with fun tasks while learning the methods, tools we need in the process.

Topics

Day 1 - Basics

This day focuses on bringing each participant to the same level of comfort and understanding of the underlying systems

  • Introduction and recap of the homework
    • binary/file format internals
    • linkers/loaders
    • os internals
    • virtual address space
    • general assembly gotchas, basic x86{64}, trivia and jargons
  • Familiarising with the tools of the trade

Day 2 - Warmup

  • Mapping assembly to a higher level code in C/C++, Common pitfalls in C++ reversing
  • Putting theory into practice, Reconnaissance to understanding target.
  • System monitoring techniques
  • Working with your favourite disassemblers and various static analysis tools to understand program properties
  • Understanding control and data flow - basic blocks, cfg and other program elements
  • Tracing program execution, basic debugging and tracing

Day 3 - Analysis - Static and Dynamic

This day focuses on solving various tasks involved during day to day malware/vulnerability analysis, acquiring intermediate skills needed to reverse engineer complex software.
This day will focus on tracing, scripting, automating analysis and writing your own tools.

  • Case study 1: Crash analysis to understand vulnerability root cause?
    • Understanding the reason of application crash? Backtracking to understand entry of the application
    • How to analyze crashes?
    • Fixing symbols
    • Source-to-symbol mapping
    • Figuring out data structures
    • Fix?

Day 4 - Malware Analysis - Static and Dynamic

Working up from normal Reversing to bypassing novel techniques used by Malware. We will use the knowledge, tools and techniques from the last day to figure out common traits of some malware.

What to Expect?

Interesting and functional solution to challenges involved in the reverse engineering workflow.

Who should attend

  • Cyber Security Experts, Penetration Testers, Cyber Security Analyst

Prerequisites

  • Knowledge with assembly and file formats is preferred
  • A combination of C/C++ and Python to write tools

What to Bring

  • Laptop with admin privileges
  • VMware Workstation or VMPlayer
  • Minimum 50 GB of storage.
  • Minimum 4 GB RAM for virtual machines.

Trainer Profiles

Sudhakar is an Engineer with the Spotlight team at Crowdstrike. He has 4+ years of experience around reversing, exploitation, CTFs and software development. He is passionate about all thing’s exploitation and maths. He is currently the chapter lead for Null - The Open Security Community Pune chapter. In the past he has given talks at local Null meetups and BSides Delhi.
Follow him on Twitter: @_sudhackar

Nullcon Home
Press
Archives

Copyright © 2023 | Nullcon India | International Security Conference | All Rights Reserved