BEGIN:VCALENDAR PRODID:-//vBulletin 6//EN VERSION:2.0 CALSCALE:GREGORIAN BEGIN:VEVENT UID:95864a9d-a35e-4edc-8f96-d5f06a88cf60 DTSTAMP:20260521T232938Z SUMMARY:Wes McGrew - The Joy of Reverse Engineering: Learning With Ghidra a nd WinDbg DESCRIPTION:Title: Wes McGrew - The Joy of Reverse Engineering: Learning Wi th Ghidra and WinDbg\n\nScheduled Date and Time (Pacific Standard): Saturd ay\, August 12\, 2023\, at 1400 PDT\n\nEventBrite Link: https://www.eventb rite.com/e/wes-mcgrew-the-joy-of-reverse-engineering-learning-with-ghidra- and-windb-tickets-668400352447\n\nMax Class Size: 80\n\n\n\n\nAbstract:\n\ nWhile it can be intimidating to "get into" software reverse engineering ( RE)\, it can be very rewarding. Reverse engineering skills will serve you well in malicious software analysis\, vulnerability discovery\, exploit de velopment\, bypassing host-based protection\, and in approaching many othe r interesting and useful problems in hacking. Being able to study how soft ware works\, without source code or documentation\, will give you the conf idence that there is nothing about a computer system you can't understand\ , if you simply apply enough time and effort. Beyond all of this: it's fun . Every malicious program becomes a new and interesting puzzle to "solve". \n\nThe purpose of this workshop is to introduce software reverse engineer ing to the attendees\, using static and dynamic techniques with the Ghidra disassembler and WinDbg debugger. No prior experience in reverse engineer ing is necessary. There will be few slides--concepts and techniques will b e illustrated within the Ghidra and WinDbg environments\, and attendees ca n follow along with their own laptops and virtual environments. We will co ver the following topics:\n\n- Software Reverse Engineering concepts and t erminology\n\n- Setting up WinDbg and Ghidra\n\n- The execution environmen t (CPU\, Virtual Memory\, Linking and Loading)\n\n- C constructs\, as seen in disassembled code\n\n- Combining static and dynamic analysis to unders tand and document compiled binary code\n\n- Methodology and approaches for reverse engineering large programs\n\n- Hands-on malware analysis\n\n- Ho w to approach a "new-to-you" architecture\n\n\n\n\nSkill Level: Beginner\n \nPrerequisites for students: No previous reverse engineering experience r equired. Basic familiarity with programming in a high-level language is ne cessary (C preferred\, Scripting languages like Python would be okay).\n\n \n\n\nMaterials or Equipment students will need to bring to participate: A laptop with a fresh Windows 10 Virtual Machine.\n\n- Being able to dedica te 8GB RAM to the VM (meaning\, you probably have 16GB in your laptop) wil l make the experience smoother\, but you can get by with 4GB\n\n- 10 GB st orage free in the VM (after installing Windows)\n\n- Administrative privil eges\n\n- Ability to copy exercise files from USB\n\nWe will be working wi th live malware samples. Depending on your comfort level with this\, bring a "burner" laptop\, use a clean drive\, or plan on doing a clean install before and after the workshop.\n\n\n\n\nBio:\n\nDr. Wesley McGrew directs research\, development\, and offensive cyber operations as Senior Cybersec urity Fellow for MartinFed. He has presented on topics of penetration test ing and and malware analysis at DEF CON and Black Hat USA and taught a sel f-designed course on reverse engineering to students at Mississippi State University\, using real-world\, high-profile malware samples. Wesley has a Ph.D. in Computer Science from Mississippi State University for his resea rch in vulnerability analysis of SCADA HMI systems.\n​ URL:https://forum.defcon.org/node/246035 DTSTART:20230812T220000Z DTEND:20230813T020001Z LOCATION:Las Vegas\, NV\, DEF CON 31 END:VEVENT END:VCALENDAR