Tweet
Sergei Frankoff, Sean Wilson - Automated Debugging Under The Hood - Building A Programmable Windows Debugger From Scratch (In Python)
Abstract:
Saturday from 1400 to 1800
EventBrite Link: https://www.eventbrite.com/e/sergei-...s-379338039287
How do anti-debug tricks actually work? Is there a way to automate tedious debugging tasks like unpacking malware? Have you ever wondered what is happening under the hood of a debugger?
In this workshop you will build your own programmable Windows debugger from scratch (using Python). Each component in the debugger will be built as a separate module with an accompanying lab used to explain the concepts and Windows internals that support the component. In the final lab you will have the chance to test your new debugger against various malware samples and attempt to automatically unpack them, and extract IOCs.
This workshop is aimed at malware analysts and reverse engineers who are interested in learning more about debuggers and how programmable debuggers can be used to automate some reverse engineering workflows. Students must be able to write basic Python scripts, and have a working knowledge of the Windows OS.
You will be provided with a VirtualMachine to use during the workshop. Please make sure to bring a laptop that meets the following requirements.
- Your laptop must have VirtualBox or VMWare installed and working prior to the start of the course.
- Your laptop must have at least 60GB of disk space free.
- Your laptop must also be able to mount USB storage devices. (Make sure you have the appropriate dongle if you need one.)
- *Important* if you are using an Apple MacBook with an M1 CPU you will be responsible for installing and configuring your own Windows VM prior to the workshop. An Intel Windows 10 VM is preferred, however the labs can still be completed using an ARM Windows 10 VM.
Skill Level: Intermediate - basic Python scripting abilities are required
Materials Needed: Students will be provided with a VirtualMachine to use during the workshop. They will need to bring a laptop that meets the following requirements;
- The laptop must have VirtualBox or VMWare installed and working prior to class.
- The laptop must have at least 60GB of disk space free.
- The laptop must be able to mount USB storage devices (ensure you have the appropriate dongle if you need one).
Bio:
Sergei is a co-founder of OpenAnalysis Inc. When he is not reverse engineering malware Sergei is focused on building automation tools for malware analysis, and producing tutorials for the OALABS YouTube channel. With over a decade in the security industry Sergei has extensive experience working at the intersection of incident response and threat intelligence.
Sean is a co-founder of OpenAnalysis Inc. He splits his time between reverse engineering malware and building automation tools for incident response. Sean brings over a decade of experience working in a number of incident response and application security roles with a focus on security testing and threat modelling. In his free time Sean loves fly fishing.
Twitter:
https://twitter.com/seanmw
Max Class Size: 50
Abstract:
Saturday from 1400 to 1800
EventBrite Link: https://www.eventbrite.com/e/sergei-...s-379338039287
How do anti-debug tricks actually work? Is there a way to automate tedious debugging tasks like unpacking malware? Have you ever wondered what is happening under the hood of a debugger?
In this workshop you will build your own programmable Windows debugger from scratch (using Python). Each component in the debugger will be built as a separate module with an accompanying lab used to explain the concepts and Windows internals that support the component. In the final lab you will have the chance to test your new debugger against various malware samples and attempt to automatically unpack them, and extract IOCs.
This workshop is aimed at malware analysts and reverse engineers who are interested in learning more about debuggers and how programmable debuggers can be used to automate some reverse engineering workflows. Students must be able to write basic Python scripts, and have a working knowledge of the Windows OS.
You will be provided with a VirtualMachine to use during the workshop. Please make sure to bring a laptop that meets the following requirements.
- Your laptop must have VirtualBox or VMWare installed and working prior to the start of the course.
- Your laptop must have at least 60GB of disk space free.
- Your laptop must also be able to mount USB storage devices. (Make sure you have the appropriate dongle if you need one.)
- *Important* if you are using an Apple MacBook with an M1 CPU you will be responsible for installing and configuring your own Windows VM prior to the workshop. An Intel Windows 10 VM is preferred, however the labs can still be completed using an ARM Windows 10 VM.
Skill Level: Intermediate - basic Python scripting abilities are required
Materials Needed: Students will be provided with a VirtualMachine to use during the workshop. They will need to bring a laptop that meets the following requirements;
- The laptop must have VirtualBox or VMWare installed and working prior to class.
- The laptop must have at least 60GB of disk space free.
- The laptop must be able to mount USB storage devices (ensure you have the appropriate dongle if you need one).
Bio:
Sergei is a co-founder of OpenAnalysis Inc. When he is not reverse engineering malware Sergei is focused on building automation tools for malware analysis, and producing tutorials for the OALABS YouTube channel. With over a decade in the security industry Sergei has extensive experience working at the intersection of incident response and threat intelligence.
Sean is a co-founder of OpenAnalysis Inc. He splits his time between reverse engineering malware and building automation tools for incident response. Sean brings over a decade of experience working in a number of incident response and application security roles with a focus on security testing and threat modelling. In his free time Sean loves fly fishing.
Twitter:
https://twitter.com/seanmw
Max Class Size: 50