Toolsmithing an IDA Bridge, Case Study For Building A Reverse Engineering Tool

Presented at DEF CON 18 (2010), Aug. 1, 2010, 3 p.m. (50 minutes)

The presentation is a case study about an approach to building reverse engineering tools, but in this case, a network bridge between IDA Pro and Debuggers. The presentation will cover the development side of things, and discuss how to leverage open source projects as supplements for code and learning aids, detail useful sources for this type of development, and provide insight about how to build C++ extensions for WinDbg and IDA, as well as building Python plugins for ImmunityDebugger and VDB. Additionally, tips and techniques for rapid software development and testing will be described to help aid those onesy/twosy development teams. The target audience for this presentation are those interested in tool development.

Presenters:

  • Matthew Wollenweber - Security Researcher
    Matthew Wollenweber has extensive background as a penetration tester and security researcher. Matthew is a former employee of the NSA where he was a member of the Red Team and later a lead developer of an advanced network sensor program. Matthew is a former senior consultant at Foundstone, a Shmoocon speaker, and active researcher. Currently he is the team lead for malware analysis at The George Washington University and hopes to enter a PhD program shortly.
  • Matt Wollenweber
  • Adam Pridgen - InfoSec Researcher,The Cover of Night
    Adam Pridgen is an independent researcher and information security consultant that works on a variety of problems as an attacker and a reverse engineer. Adam began his security career at the University of Texas, where he was a member of the UT Honeynet Project and an IDS tech. From there, he has passed through a variety of research and consulting roles. Currently, he is an open source tool developer, researcher, and consultant at The Cover of Night. In the fall, he will begin his PhD at Rice University.

Links:

Similar Presentations: