RSS feed logo header graphic

Black Hat USA 2008 Training

Caesars Palace Las Vegas • August 4-5

This class is limited to 18 students.

Analyzing Software for Security Vulnerabilities

Halvar Flake

registration button

Because the class requires that a version of IDA Pro 4.9 be installed on the participant's laptop, you must purchase the software directly from DataRescue.

The C programming language gives the programmer a lot of rope to hang himself with - and C++ just adds to the featurelist. Both languages have an impressive number of subtle pitfalls, and many of these can be leveraged by a skilled attacker to execute code on a computer on which these vulnerable programs run. But while almost everybody seems to understand the significance of these programming mistakes, few actually sit down and analyze code from the security analysis perspective. This workshop focuses on teaching security-specific code-analysis, both in source and in binary form.

Day One: Basics
The first day will start out with a thorough review of common (and not so common) security-critical bugs in C, and discuss a number of methodologies used for finding such mistakes. A few problems specific to C++ code will be covered, and tools that can help in the process of code analysis will be discussed.

As a next step, the connection between C/C++ and the generated assembly code will be treated: How do high-level-language features such as switch()-statements, conditionals, class inheritance etc. translate to the assembly level? How can a reverse engineer reconstruct parts of them?

Day Two: Automation
The second day is dedicated to semi-automation of the analysis process: Visualisation tools will be used to faciliate program understanding, IDAPython-scripts for structure/object reconstruction and other repetitive tasks will be created and used. Once we have a decent toolkit, we will start the analysis of a closed-source application in the hope of finding security bugs.

Course Length: Two days. All course materials, lunch and two coffee breaks will be provided. A Certificate of Completion will be offered. You must provide your own laptop.


Halvar Flake

is zynamics' founder. Originating in the fields of copy protection and digital rights management, he gravitated more and more towards network securityover time as he realized that constructive copy protection is more or less fighting windmills. After writing his first few exploits he was hooked and realized that reverse engineering experience is a very handy asset when dealing with COTS software. With extensive experience in reverse engineering, network security, penetration testing and exploit development he recently joined Black Hat as their main reverse engineer.

Ends May 1

Ends July 1

Ends July 31

Begins August 1

$2000 USD

$2200 USD

$2400 USD

$2700 USD
1997-2009 Black Hat ™