REhints

RE Workshop

Blog Projects Publications RE Workshop About
View on GitHub

Advanced Threats Reverse Engineering

The workshop is devoted to analysis of malware created using object oriented programming languages. In recent time we see a large spike of complex threats with elaborate object-oriented architecture among which the most notorious examples are: Stuxnet, Flamer, Duqu. The approaches to analysis of such malware are rather distinct compared to the malware developed using procedural programming languages. The authors will consider the examples written in C++ and compiled with MS Visual C++.

In the workshop the authors will share with participants experience of reverse engineering object-oriented code which they’ve accumulated over the recent years while performing analysis of complex threats.

Topics:

Participant will receive:

Requirements:

a laptop with preinstalled IDA Pro and Hex-Rays Decompiler

Details:

Part 1: Introduction to advanced static analysis
- Reversing object-oriented programs
- Practical type reconstruction with IDA Pro and HexRays Decompiler

Part 2: Automating C++ code reverse engineering
- Useful plugins and tools
- IDA Python automation
- Introduction to Hex-Rays Decompiler SDK
- Methodology of object type reconstruction with HexRaysCodeXplorer

Part 3: Going deeper with complex threats
- Position-independent code analysis in Gapz
- The hell of code with Stuxnet and Flame

Want to see this workshop on your conference?

Contact with us: workshop@REhints.com