What do games developer, financial institutions and malware authors have in common? They want to make their software more difficult to analyze; they want it to be more resilient to reverse engineering.
Code obfuscation describes a set of techniques which aim to impede reverse engineering. Contrary, code deobfuscation techniques transform the obfuscated code into a simpler representation which is easier to understand.
In this training, we will get to know state-of-the-art code obfuscation techniques and have a look at how these complicate reverse engineering. Afterwards, we will gradually become familiar with different deobfuscation techniques and use them to break the obfuscation schemes in hands-on sessions. Thereby, participants will deepen their knowledge in program analysis and learn when and how (not) to use different techniques.
Trainer und Dozenten
Tim Blazytko is a reverse engineer and final-year PhD student at the Ruhr-Universität Bochum. His research focus is on novel methods for program analysis in the context of binary application security. Alongside his research, Tim gives trainings and performs security audits as a freelancer.
Voraussetzungen
- knowledge in using Linux terminals
- basic knowledge of programming in Python is required
- basic knowledge of reverse engineering is required
Inhalt
Code (De)obfuscation
- motivation
- application scenarios
- program analysis techniques
Code Obfuscation Techniques
- opaque predicates
- control-flow flattening
- mixed Boolean-Arithmetic
- virtual machines
Code Deobfuscation Techniques
- compiler optimizations
- reconstructing control flow
- taint analysis
- symbolic execution
Compiler Optimizations
- dead code elimination
- constant propagation/folding
- static single assignment (SSA)
- applications to deobfuscation
Symbolic Execution
- intermediate languages for reverse engineering
- symbolic and semantic simplification of obfuscated code
- automation in reverse engineering
- deobfuscating VM-based obfuscation schemes
- breaking opaque predicates
- opaque predicates
- control-flow flattening
- mixed Boolean-Arithmetic
- virtual machines
Code Deobfuscation Techniques
- compiler optimizations
- reconstructing control flow
- taint analysis
- symbolic execution
Compiler Optimizations
- dead code elimination
- constant propagation/folding
- static single assignment (SSA)
- applications to deobfuscation
Symbolic Execution
- intermediate languages for reverse engineering
- symbolic and semantic simplification of obfuscated code
- automation in reverse engineering
- deobfuscating VM-based obfuscation schemes
- breaking opaque predicates
- dead code elimination
- constant propagation/folding
- static single assignment (SSA)
- applications to deobfuscation
Symbolic Execution
- intermediate languages for reverse engineering
- symbolic and semantic simplification of obfuscated code
- automation in reverse engineering
- deobfuscating VM-based obfuscation schemes
- breaking opaque predicates
Preis und Dauer
2 Tage, 880,00 € + 19% MwSt. = 1.047,20 €
Termine
- Es steht noch kein Termin für diesen Kurs fest.
Verwandte Seminare ...
... aus der Kategorie Sicherheit
- Android Sicherheit
- Angriffstechniken
- Asterisk VoIP Sicherheit
- DDoS Praxisworkshop
- DNS & BIND - Operation and Security
- Datenbank Forensik
- Firewall & Netzwerksecurity
- IPsec
- IT-Sicherheit für Entwickler
- LPI 303 Security
- Malware-Analyse
- OpenBSD
- OpenVPN
- Reverse Engineering
- Server Sicherheit
- Sichere Webentwicklung
- Sicherheit für OAuth & OpenID Connect
- TLS-Sicherheit
- The BSD PF firewall
- Webservice Sicherheit
- amavis against spam & viruses
- android forensics
- digital forensics
- memory forensik
- unix server forensics
- Software (De)-Obfuscation
