Understanding x86-64 Assembly for Reverse Engineering and Exploits

Presented at DeepSec 2014 „Do you want to know more?“, Unknown date/time (Unknown duration).

This two-day class helps you bootstrap into the areas of reverse engineering, vulnerability exploitation, operating system design, code optimization, and compiler design. It's extremely rare to see any security conference where assembly language isn't mentioned in someone's slides. If you don't known assembly, you're missing out on a full understanding of what people are trying to tell you! Once you've taken this class, it will open the door to all the other specialty areas that depend on assembly knowledge. And this is the first time this class is being offered focusing on 64 bit rather than 32 bit assembly! Although x86 has hundreds of special purpose instructions, students will be shown it is possible to read most programs by knowing only around 20-30 instructions and their variations. 25% of the time will be spent bootstrapping knowledge of fully OS-independent aspects of Intel architecture. 50% will be spent learning Windows tools and analysis of simple programs. The final 25% of time will be spent learning Linux tools for analysis. This distribution is partially due to Windows' dominance of the marketplace, but also because the tools on Windows are more user-friendly than those on Linux, allowing for a more gradual introduction for the student.

Presenters:

  • Xeno Kovah - MITRE
    Xeno is currently the team lead for the 5-person BIOS Analysis for Detection of Advanced System Subversion (B.A.D.A.S.S.) project. This project has been responsible for finding and disclosing multiple BIOS exploits, bypassing signed BIOS update requirements, defeating Windows 8 and UEFI SecureBoot, and bypassing other security mechanisms such as the Trusted Computing Group "Static Root of Trust for Measurement." On the predecessor project, Checkmate, he investigated kernel/userspace memory integrity verification & timing-based attestation. Both projects have a special emphasis on how to make it so that the measurement agent can't just be made to lie by an attacker. Xeno has presented at conferences such as BlackHat USA, ACM CCS, CanSecWest, IEEE S&P, PacSec, ToorCon, Hack.lu, NoSuchCon, SummerCon, and others. Xeno is also the founder of OpenSecurityTraining.info, and current leading contributor, having posted 8 days of classes on deep system security, with an additional 2 day class on Intel TXT (Trusted Execution Technology) to be added soon.

Links:

Similar Presentations: