Reverse Engineering for Vulnerability Researchers
Course material is customized to our clients. This offering, Reverse Engineering for Vulnerability Researchers, is available over four days. All course material is delivered on-site by our expert instructors.
We’ll take your reverse engineering skills to the next level. This four-day offering gives researchers the tools to automate bug-hunting tasks in binary applications, then write exploit payloads in C with Binary Ninja. Students will dive deep into Binary Ninja’s Python API, automate common analysis tasks, and extend Binary Ninja’s built-in functionality with plugins. Throughout the course, students are exposed to a variety of common exploitable bug classes, and challenged to develop models of those bug classes. At the end of the course, students will be developing these models and applying them to binaries to discover and exploit vulnerabilities in binary code without access to source. Exercises are provided as a friendly Capture the Flag format. Exercises include:
- Building computational models of vulnerabilities
- Triaging and exploiting different bug classes
- Rapid payload development with the Shellcode Compiler
Requirements
Knowledge & Experience
Students must have experience with Python and C; students without this experience will not be successful. C++ experience is useful, but not required.
Students should also have at least a foundational knowledge of an assembly language, as well as reverse engineering concepts.
Equipment
Students should bring a laptop that meets the following requirements:
- Binary Ninja installed (Personal or Commercial version; the demo version is not sufficient)
- telnet or netcat
- IDE of choice (emacs, vim, vscode, notepad++, sublime, etc.)
- Python 3.7+ (64-bit version only)
Sample Syllabus
Day 1
- UI overview
- The Binary Ninja Python API
- Writing your first plugin
- Binary Ninja Intermediate Languages (BNIL)
- Writing analysis with BNIL in Python
- Bug class: uninitialized variables
- CTF challenge
Day 2
- Day 1 review
- Modeling vulnerabilities
- Source/sink modeling with Binary Ninja
- Bug class: command injection
- CTF challenge
Day 3
- Day 2 review
- Bug class: format string vulnerabilities
- Automating exploit generation
- CTF challenge
Day 4
- Day 3 review
- Constraint solving
- Bug classes: stack overflows, heap corruption
- Writing shellcode payloads in C
- CTF challenge