An Analytical approach to Modern Binary Deobfuscation [Attend Online HITB2022SIN]

$4,299.00

Duration

4 days

Delivery Method

hybrid

Level

intermediate

Seats Available

20 Duration

4 days

Delivery Method

hybrid

Level

intermediate

ATTEND IN-PERSON: Onsite in Singapore

ATTEND ONLINE: Virtual via Zoom and Discord

DATE: 22-25 August 2022

TIME: 09:00 to 17:00 SGT/GMT +8

Date	Day	Time	Duration
22 Aug	Monday	0900-13:00 SGT/GMT +8	8 Hours – Presentations & Hands-on exercises
23 Aug	Tuesday	0900-13:00 SGT/GMT +8	8 Hours – Presentations & Hands-on exercises
24 Aug	Wednesday	0900-13:00 SGT/GMT +8	8 Hours – Presentations & Hands-on exercises
25 Aug	Thursday	0900-13:00 SGT/GMT +8	8 Hours – Presentations & Hands-on exercises

Code obfuscation has become one of the most prevalent mechanisms aiming to complicate the process of software reverse engineering. It plays a major role on a wide range of domains: from malware threats to protection of intellectual property and digital rights management.

An Analytical approach to Modern Binary Deobfuscation is a curated training that provides an intensive jump-start into the field of code (de)obfuscation. Over the course of this training, students will receive a comprehensive introduction to the most relevant software obfuscation mechanisms as well as existing deobfuscation techniques to analyze, confront and defeat obfuscated code.

Students will be provided with

Access to a VM with all tools, examples and exercises
Access to a private chat with instructor and other students

Topics Covered

Introduction, context and motivation

Part 1: Code obfuscation
- → Data-flow based obfuscation
  - Constant unfolding
  - Dead code insertion
  - Encodings
  - Pattern-based obfuscation
- → Control-flow based obfuscation
  - Function inlining/outlining
  - Opaque predicates
  - Control-flow flattening
- → Mixing data-flow and control-flow obfuscation
  - VM-based obfuscation
  - Hardening VM-based obfuscation
- → Mixed Boolean-Arithmetic
  - Preliminary concepts
  - MBA rewriting
  - Insertion of identities
  - Opaque constants

Part 2: Code deobfuscation
- → Data-flow analysis
  - Reaching definition analysis
  - Liveness analysis
- → Dynamic binary Instrumentation
  - Tracing code execution
  - Hooking
  - Extracting deobfuscated data
- → SMT-based analysis
  - Semantic equivalence checking
  - Translating code conditions into SMT solver constraints
  - Proving code properties
  - Attacking simple MBA and weak cryptography
- → Symbolic execution
  - Reasoning about code in a symbolic way
  - Working with native code
  - Working with intermediate representations
  - Plugging an SMT solver
  - Attacking opaque predicates
  - Attacking MBA obfuscation
  - Attacking VM-based obfuscation
- → Program synthesis
  - Code syntax vs code semantics
  - Oracle-based program synthesis
  - Describing semantics through I/O behavior
  - Generating I/O pairs
  - Attacking MBA obfuscation
  - Attacking VM-based obfuscation

Conclusions and research directions

Tools used

Disassemblers
- IDA Pro
- radare2
Obfuscation
- Manual obfuscation
- O-LLVM
- Tigress
Dynamic Binary Instrumentation
- Frida
- QBDI
Symbolic execution
- Miasm
- Triton
- Radius
Program synthesis
- syntia
- msynth
- qsynthesis
Other tools
- Z3
- MBA-Solver
- Custom tooling

Why You Should Take This Course

Live classes are designed to be dynamic and engaging, making the students get the most out of the training materials and instructor expertise. A clear presentation of the concepts, accompanied by illustrative examples and demos. For each section, there will be practice time allocated. The students will be provided with several exercises to work on, with the continuous support of the instructor.

Who Should Attend

Reverse Engineers
Malware Analyst

Key Learning Objectives

Obtain a high-level overview of the context and scenarios where code obfuscation is used

Gain an in-depth understanding of code obfuscation mechanisms

Build obfuscated code, both from scratch and through available tooling

Develop an understanding of the main code deobfuscation techniques

Learn tooling for analyzing obfuscated code and apply deobfuscation techniques

Become familiar with state of the art (de)obfuscation research literature

Prerequisite Knowledge

Understanding of basic programming concepts
Familiarity with x86 assembly, C and Python
Knowledge of reverse engineering fundamentals

Hardware / Software Requirements

A working desktop/laptop capable of running virtual machines
40 GB free hard disk space

Your Instructor

No data was found

An Analytical approach to Modern Binary Deobfuscation [Attend Online HITB2022SIN]

Duration

4 days

Delivery Method

hybrid

Level

intermediate

Seats Available

20

Duration

4 days

Delivery Method

hybrid

Level

intermediate

ATTEND IN-PERSON: Onsite in Singapore

ATTEND ONLINE: Virtual via Zoom and Discord

DATE: 22-25 August 2022

TIME: 09:00 to 17:00 SGT/GMT +8

Code obfuscation has become one of the most prevalent mechanisms aiming to complicate the process of software reverse engineering. It plays a major role on a wide range of domains: from malware threats to protection of intellectual property and digital rights management.

Students will be provided with

Topics Covered

Why You Should Take This Course

Who Should Attend

Key Learning Objectives

Prerequisite Knowledge

Hardware / Software Requirements

Your Instructor

HACK IN THE BOX LIMITED

Masdar City, United Arab Emirates