What to bring:
Students must bring their own Laptop with a full version of IDA Pro 4.5 installed.
Failure to do so will make participation impossible.
A general knowledge of x86-assembly language is required to follow the course, as is a good knowledge of C/C++.
Several other tools will be provided on the CD (IDA Plugins, C Compiler, Source Analysis Helpers, IDC Scripts).
The C programming language gives the programmer a lot of rope to hang himself with - and C++ just adds to the featurelist. Both languages have an impressive number of subtle pitfalls, and many of these can be leveraged by a skilled attacker to execute code on a computer on which these vulnerable programs run. But while almost everybody seems to understand then significance of these programming mistakes, few actually sit down and analyze code from the security analysis perspective. This workshop focuses on teaching security-specific code-analysis, both in source and in binary form.
Day One: Open-Source Day
The first day ("Open-Source day") will attempt to thoroughly review most common (and not so common) security-critical bugs in C (if that is possible) and to teach guidelines & methodologies for code review. Problems specific to C++ code will be covered, and various tools that are supposed to assist in source code review will be discussed. After the theoretical/demonstration part is finished, the remainder of the day will be used to practice hands-on auditing on some open-source server software.
Although we are dealing with open-source-software during the first day, IDA Pro will be used to generate Function Flowgraphs etc. to aid in understanding, and to verify the existence of certain bugs. IDA's built-in scripting language will help us in eliminating some of the more boring parts of the analysis process.
Day Two: Closed-Source Day
The second day ("Closed-Source day") will transfer the principles of source-code analysis to the closed-source world: By using IDA Pro and a few home-brewn plugins the students will be introduced into the specific problems when dealing with the analysis of commercial closed-source software. Specific focus will be put on both the automation of some of the more annoying tasks and on repairing & understanding some of the things that modern C++ compilers generate in the binary. Again, after the theoretical part of the day is finished, the students will be given a lot of opportunity to collect hands-on experience in the process of auditing binaries.
Course Length: 2 days
Cost: US $1600 before 25 April 2003 or US $1800 after 25 April 2003
NOTE: this is a two day course. A Black Hat Certificate of Completion will be offered. You will be need to provide your own laptop configured to the specifications as described below.
Halvar Flake is Black Hat's resident reverse engineer. Originating in the fields of copy protection and digital rights management, he gravitated more and more towards network securityover time as he realized that constructive copy protection is more or less fighting windmills. After writing his first few exploits he was hooked and realized that reverse engineering experience is a very handy asset when dealing with COTS software. With extensive experience in reverse engineering, network security, penetration testing and exploit development he recently joined BlackHat as their main reverse engineer.