Workshops
Cross-platform reversing with Frida
Speaker: Ole André Vadla Ravnås
Frida is a scriptable dynamic binary instrumentation toolkit aiming to dramatically shorten the development cycle of dynamic analysis and reverse-engineering tools. It also comes with some CLI tools built on top of its APIs. Written in portable C, released under a commercially friendly OSS license, with language bindings for Python, Node.js, and more, it's a tool of trade to deal with dynamic instrumentation of binaries on all current platforms (Windows, Mac, Linux, iOS, Android, and QNX).
This workshop is for attendees who would like to get up to speed on the state-of-the-art in dynamic instrumentation on both desktop and mobile. We will start out with an intro to Frida's APIs and CLI tools, and then walk you through how to build a reversing tool from scratch.
Requirements for the workshop participants:
- 2-3 hours
- Knowledge of the English language
- It's great if you bring a laptop running Windows, Mac or Linux, and optionally also a jailbroken/rooted iOS or Android device
Practical exploitation of AVR MC-based devices
Speakers: Alexander Bolshev, Boris Ryutin
Lots of modern devices are based on AVM microcontrollers, from amateur Arduino projects to IoT, automobile subsystems, and industrial controllers. This workshop is an attempt to sum up the bulk of AVR firmware buffer overflow exploitation experience.
The Internet has plenty of relevant info, but there is still no practical, top-to-bottom guide on the topic.
We will explain the specifics of reverse-engineering AVR-based firmwares, talk about the features of Harvard architecture, and discuss existing AVR exploitation tools. We will talk about ROP chain building methods and how radare2 can facilitate the task. We will also describe the techniques of post-exploitation and persisting in the firmware.
Workshop plan:
Part 1. AVR 101
- Intro
- Harvard architecture
- AVR MC features
- Intro to AVR assembler
- AVR bootloaders
- Tools for developing, debugging, and operating AVR
Part 2. Pre-exploitation
- First steps
- How to get the firmware
- A few words about chip reversing
- Searching for vulnerabilities: fuzzing and static analysis
- libc AVR
- What is Watchdog?
- Examples and exercise
Part 3. Exploitation
- Basics
- Types of exploitable vulnerabilities
- Sources of ROP gadgets
- Building ROP chains
- Examples and exercise
Part 4. Post-exploitation
- Persisting on the system
- Examples
The hands-on exercise will utilize an Atmel Studio emulator and Arduino chips.
Requirements for the workshop participants
- 3 hours
- Knowledge of the Russian language
- radare2 or IDA Pro installed
- Atmel Studio environment (we will give out Flash drives with the installation kit)
- Laptop
- Micro-USB cable
Enlarge your Burp, or How to stop fearing Javadocs
Speakers: Ivan Yolkin, Igor Bulatenko
A lot of people use vulnerability scanners without understanding how they work, and, consequently, they often get suboptimal results. And if the scanner throws a false positive or, on the contrary, fails to find vulnerabilities which can easily be discovered manually, most penetration testers just deal with it or use several scanners. Burp Suite allows writing custom plugins, so you can correct a lot of its flaws on your own. This workshop will explain the main principles of developing plugins and teach which techniques are worth using in certain cases and why.
The theoretical part will be enhanced by practical training. We will show development in two languages: Python and Java, and we will pay attention to the major differences and benefits of each language with respect to Burp Suite. After the workshop, you will not fear Javadoc API descriptions anymore.
Requirements for the workshop participants
- 3-4 hours
- Knowledge of the Russian language
- Mandatory: computer, Burp Suite Professional. The free version of Burp Suite does not include the vulnerability scanner, and customizing it is what the workshop is about
- Minimal knowledge of Python or Java
- Java development environment (Eclipse, IntelliJ IDEA), JDK 1.7/1.8. Recommended even if you’ve never written code in Java before. It isn’t hard, and we will show you the benefits of Java at the workshop
«Practical object-oriented code reverse engineering»
Speakers: Alexander Matrosov, Eugene Rodionov
In this workshop the authors will address the problem of reverse engineering complex threats developed using object-oriented programming. Analysis of such malware requires different approaches as opposed to reversing malware developed using procedural programming languages.
The workshop starts with introduction into object-oriented code reverse engineering: the authors will explain the peculiarities of object-oriented code layout and approaches to its analysis. Then they will demonstrate use of various tools and techniques employed in the context of analysis object-oriented code based on examples of malware used in the recent high-profile targeted attacks: Animal Farm, Sednit, Equation, Duqu 2. The workshop also covers such topic as distributed C++ malware analysis in a clustered environment using high-level intermediate representation. The authors will consider the examples written in C++ and compiled with MS Visual C++.
Topics
- understanding C++ code generation and its identification on assembly language representation: types layout, inheritance and polymorphism implementation; leveraging RTTI information
- differences
- static analysis approaches and tools to reconstruct object-oriented types
- automating C++ code reverse engineering using IDApython and Hex-Rays Decompiler SDK
- analysis of malware with object-oriented architecture: Animal Farm, Sednit, Equation, Duqu 2
- scaling IDA Pro and Hex-Rays Decompiler for distributed malware analysis in a clustered environment
Participants will receive
- understanding of object-oriented and position independent code with respect to reverse engineering
- practical experience of using IDA Pro and Hex-Rays Decompiler for reconstructing complex data types
- basics of developing plugins for Hex-Rays Decompiler
- practical experience of complex threat analysis: Animal Farm malware, Sednit, Equation, Duqu 2 and etc.
Requirements for the workshop participants
- 3-4 hours
- installed version of Hex-Rays IDA Pro with Decompiler
- understanding malware reverse engineering approaches
- development experience on MS Visual C++ and Python v2.7
«On the way to (wrong) anonymity. Basic techniques of digital contraception and private data hygiene.»
Speaker: ValdikSS
Currently there are all sorts of tools that enable anonymity and confidentiality in the net, but that does not mean that everybody get how exactly they work so as to protect themselves entirely. It’s not enough to just install software, you should also block all possible sources of information leakage.
Within this workshop we’ll cover the aspects of maintaining anonymity in the Internet, importance of data privacy, (non-)obvious up-to-date ways of user identification, both technical and social, consider why this ‘I’ve-got-nothing-to-hide’ approach can harm others.
Purpose of this workshop is to show and block channels of data leakage on the entire OSI model.
We’ll tell you about:
- Mobile device identification via MAC-address in Wi-Fi networks, taking as an example API getshopster.com.
- Determining operating system version based on particularities of TCP stack realization.
- Correct OS settings in VPN-Only mode and the dangers hidden beneath current Windows versions.
- Inverse anonymity via social networks and data leakage via application software (Skype, Office, PDF)
- Interesting ways of implementing DHCP and IPv6
- NAT is not a Firewall
We’ll teach you:
- How to configure standard tools of anonymous and confidential Internet surfing with respect to OS version
- How and which special tools you should use in this or that situation.
- Confidential communication while transferring files with PGP using GnuPG as an example.
- Fighting browser tracking, remote local addresses scanning.
Requirements for participants:
- 2-3 hours
- You should know Russian
- Windows / Mac OS / Linux laptop; Android, iOS smartphone
Stay tuned for updates!