Black Hat Digital Self Defense Federal 2006
Trainiing

Note: if the class is overfilled, then you will be contacted should this occur.

training

Black Hat Federal Training 2006
Sheraton Crystal City • January 23-24

Course Length: 2 days

Cost: US $1800 by January 1, 2006 or US $2000 after January 1, 2006
All course materials, lunch and two coffee breaks will be provided. NOTE: A Certificate of Completion will be offered. You must provide your own laptop.

REGISTER NOW

Two Day Course

January 23-24

Reverse Engineering with Ida Pro

Christopher S. Eagle

What to bring:
Students must bring their own Windows 2000/XP Laptop with Adobe Acrobat Reader, an unzip utility and a full version (standard or advanced) of IDA Pro 4.7 or greater installed. Failure to do so will make participation impossible. Students attempting to use the demo version of Ida available from Data Rescue will be unable to complete many of the hands on portions of the course.

Black Hat offers discount pricing for this software to registered students. Software may be purchased at the same time as your registration.

The need for reverse engineering binary software components arises in more and more contexts every day. Common cases include analysis of malicious software such as viruses, worms, trojans and rootkits, analyzing binary drivers in order to develop open source drivers for alternate platforms, analyzing closed source software for security flaws, and source code recovery in legacy systems. The first step in such an analysis is generally the acquisition of a high quality disassembly of the binary component. IDA Pro is touted as the premier disassembler available today. IDA Pro is capable of disassembling a large number of instruction sets and is particularly strong when used on Windows and Linux executables. This course will cover essential background material for effective reverse engineering before diving into the features of IDA Pro that set it apart from other disassemblers.

Topics to be covered include:

  • Key features of compiled code
    • Stack frames
    • Control flow constructs (branching, looping, functions)
  • Binary file formats
    • ELF, PE
  • Basic disassembly theory
  • Ida Pro basics
    • Available views
    • File navigation
    • Disassembly concepts
    • Improving the readability of your disassembly
    • Cross-referencing, flow-charting and graphing
    • Data structures
    • Library identification
    • Type libraries
  • Advanced Ida Features
    • Debugging Windows binaries
    • Ida scripting
    • Ida plug-ins
  • Reverse Engineering Obfuscated Code

Prerequisites
Knowledge of C/C++

Working knowledge of assembly language (x86 helpful)

If the student is required to bring a preconfigured machine, please indicate all software and configurations that the student must prepare for beforehand.

Students must bring their own Windows 2000/XP Laptop with Adobe Acrobat Reader, an unzip utility and a full version (standard or advanced) of IDA Pro 4.7 or greater installed. Failure to do so will make participation impossible. Students attempting to use the demo version of Ida available from Data Rescue will be unable to complete many of the hands on portions of the course. Black Hat offers discount pricing for this software to registered students. Software may be purchased at the same time as you register for the class.

Students wishing to compile the plugin examples will require a C/C++ compiler (Visual C++, or gcc for Windows).

A general knowledge of x86-assembly language as well as a good knowledge of C/C++ is recommended in order to better follow the course.

Several other tools will be provided on the CD (IDA Plugins, IDA SDK,  IDC Scripts).

The student should have an understanding of most of the following concepts and technologies:

  • Assemblers
  • Compilers
  • Debuggers

ISC2 CISSP/SCCP CPE Credits
Students are eligible to receive 16 Continuing Professional Education (CPE) credits upon completion of class. Black Hat will automatically forward your information to ISC2.

Course Length: 2 days

Cost: US $1800 by January 1, 2006 or US $2000 after January 1, 2006
All course materials, lunch and two coffee breaks will be provided. NOTE: A Certificate of Completion will be offered. You must provide your own laptop.

Because the class requires that a version of IDA Pro 4.7 or greater be installed on the participant's laptop, Black Hat is pleased to offer IDA Pro Standard and IDA Pro Advanced. In order to purchase the software, you must

1) be a fully paid and registered student for this class
2) select the IDA Pro Software on the registration page
Trainer:

Chris Eagle is the Associate Chairman of the Computer Science Department at the Naval Postgraduate School (NPS) in Monterey, CA. A computer engineer/scientist for 18 years, his research interests include computer network operations, computer forensics and reverse/anti-reverse engineering.

Black Hat Logo
(c) 1996-2007 Black Hat