What to bring:
Students must bring their own Laptop with a full version of IDA Pro 4.5 installed.
Failure to do so will make participation impossible. Black Hat offers discount pricing for this software to registered students. Please contact store<a>blackhat.com
A general knowledge of x86-assembly language is required to follow the course, as is a good knowledge of C/C++.
Several other tools will be provided on the CD (IDA Plugins, C Compiler, Source Analysis Helpers, IDC Scripts).
The C programming language gives the programmer a lot of rope to hang himself with - and C++ just adds to the featurelist. Both languages have an impressive number of subtle pitfalls, and many of these can be leveraged by a skilled attacker to execute code on a computer on which these vulnerable programs run. But while almost everybody seems to understand then significance of these programming mistakes, few actually sit down and analyze code from the security analysis perspective. This workshop focuses on teaching security-specific code-analysis, both in source and in binary form.
Day One: Open-Source Day
The first day ("Open-Source day") will attempt to thoroughly review most common (and not so common) security-critical bugs in C (if that is possible) and to teach guidelines & methodologies for code review. Problems specific to C++ code will be covered, and various tools that are supposed to assist in source code review will be discussed. After the theoretical/demonstration part is finished, the remainder of the day will be used to practice hands-on auditing on some open-source server software.
Although we are dealing with open-source-software during the first day, IDA Pro will be used to generate Function Flowgraphs etc. to aid in understanding, and to verify the existence of certain bugs. IDA's built-in scripting language will help us in eliminating some of the more boring parts of the analysis process.
Day Two: Closed-Source Day
The second day ("Closed-Source day") will transfer the principles of source-code analysis to the closed-source world: By using IDA Pro and a few home-brewn plugins the students will be introduced into the specific problems when dealing with the analysis of commercial closed-source software. Specific focus will be put on both the automation of some of the more annoying tasks and on repairing & understanding some of the things that modern C++ compilers generate in the binary. Again, after the theoretical part of the day is finished, the students will be given a lot of opportunity to collect hands-on experience in the process of auditing binaries.
Cost: US $1700 before 1 December 2003, 2003 or US $1900 after 1 December 2003
NOTE: this is a two day course. A Black Hat Certificate of Completion will be offered. You will be need to provide your own laptop configured to the specifications as described below.
Because the class requires that a version of IDA Pro 4.5 be installed on the participant's laptop, Black Hat is pleased to offer IDA Pro Standard and IDA Pro Advanced at a 10% discount. In order to receive the discounted price, you must
- 1) be a fully paid and registered student for this class
2) complete the order form (available from store<a>blackhat.com)
3) return the completed order form via fax or email no later than 5 December 2003.
If you are interested in obtaining a copy of IDA Pro 4.5, please email store<a>blackhat.com
Halvar Flake is Black Hat's resident reverse engineer. Originating in the fields of copy protection, he moved more and more towards network security after realizing the potential for reverse engineering as a tool for vulnerability analysis. He spends most of his screen time in a disassembler (or developing extensions for the disassembler), likes to read source code diff's with his breakfast and enjoys giving talks about his research interests. He drinks tea but does not smoke camels.