Customizable Binary Analysis: Using angr to its full potential (Monday)

Presented at DEF CON 30 (2022), Aug. 15, 2022, 8 a.m. (540 minutes).

Latest details, requirements, description, cost: https://defcontrainings.myshopify.com/products/fish-wang-customizable-binary-analysis-using-angr-to-its-full-potential

Training description:

One of the most badass skills a hacker can possess is the ability to find and pwn vulnerabilities in binary software. This is enabled by a long history of complex tools: OllyDBG, SoftICE, IDA Pro, Binary Ninja, and now: angr. Built using cutting-edge techniques straight out of research labs around the world, angr enables analysts to swiftly carry out advanced reasoning over software to understand complex code and find the juicy hidden vulnerabilities within. While angr is arguably one of the most user-friendly binary analysis frameworks available on the market, it is never an easy task to use it to its full potential, especially when facing less common architectures (such as PowerPC), niche operating environments (bare-metal binaries or embedded architectures), or unique tasks (e.g., binary code optimization, exploit generation, efficient vulnerability discovery, etc.). To assist users, especially medium-level and professional reverse engineers to effectively and efficiently use angr in their daily work, we designed this two-day course focusing on the use of non-trivial capabilities that angr offers, as well as customizing angr’s advanced analyses for users’ needs. This course is extremely practical and hands-on: Besides a five-hour lecture, core angr developers will guide students to solve over ten specially crafted problems with angr. This course will focus on Linux userspace binaries (x86-64 and ARM), Windows userspace binaries (x86-64), and firmware images (ARM). After completing this course, students will master practical angr skills that will help them reverse engineer userspace binary programs and assess them for defects and vulnerabilities.


Presenters:

  • Audrey Dutcher
    Audrey is a PhD student at Arizona State university. She loves reverse engineering, fruit, Celeste (2018), Python, Rust, and symbolic execution.
  • Fish Wang
    Fish Wang is an Assistant Professor at Arizona State University. He is extremely interested in demystifying all sorts of binary code, and his main research interests are software vulnerability discovery, automated exploit generation, and binary decompilation. Fish is a co-founder and a core maintainer of angr.

Similar Presentations: