ＨｉｄｅＺｅｒｏＯｎｅ

The NSA spent years developing Ghidra as its own internal reverse engineering suite. Now, thanks to the Technology Transfer Program, these powerful capabilities are readily available to the world. With support for dozens of architectures, Ghidra is rapidly gaining popularity as a tool of choice for analyzing compiled code. Ghidra’s extensibility through Java and Python scripting make it ideal for malware analysis and vulnerability research tasks. This class is a hands-on, example-driven introduction to reverse engineering with Ghidra. Attendees will learn the basics of using Ghidra to analyze executables before diving into examples of progressively more sophisticated reverse engineering countermeasures. As topics are introduced, students will reinforce what they’ve learned by solving reverse engineering challenges. Students may work independently or in groups to solve any of the introduced Capture the Flag style challenges. On the first day of this course, students will get familiar with Ghidra and how to create projects and import files. Students will learn how to analyze a program, follow its execution flow, and start customizing the disassembly and associated pseudocode. New for 2022, students will also get hands on time using the Ghidra’s debugger integration as well as newly updated support for binary patching. As we analyze more complicated examples, students will learn about basic tricks malware developers use to obscure functionality. We’ll look at how to identify strings being crafted within code, as well as dealing with code hidden in data sections to escape analysis. These examples will help illustrate how different options and built-in tools are used to improve analysis results. The second day brings more complicated challenges, including layered obfuscation and encryption. The lessons on this day will review in greater detail how to use the Python interpreter in Ghidra. Students will ultimately design and use custom Python scripts to analyze real malware.

BHEU21 – Reverse Engineering with Ghidra (2021)

Whether you are penetration testing, Red Teaming or trying to get a better understanding of managing vulnerabilities in your environment, understanding advanced hacking techniques is critical. This course covers a wide variety of neat, new and ridiculous techniques to compromise modern Operating Systems and networking devices. This lab also provides a view of logging and monitoring setup in a classic organization giving a birds eye view of how defenders see the attack. While prior pentest experience is not a strict requirement, familiarity with both Linux and Windows command line syntax will be greatly beneficial.

This is a hand-on practical concentrated course on securing and attacking web and cloud APIs. APIs are everywhere nowadays: In web apps, embedded systems, enterprise apps, cloud environments and even IoT, and it is becoming increasingly necessary to learn how to defend, secure and attack API implementation and infrastructure. This training aims to engage you in creating secure modern APIs, while showing you both new and old attack vectors.

Syllabus

Defending and attacking Web APIs (REST, GraphQL..etc)
Attacking and securing AWS APIs and infrastructure.
Launching and mitigating modern Injection attacks (SSTI, RCE, SQLi, NoSQLi, Deserialization & object injection)
Deploying practical cryptography.
Securing passwords and secrets in APIs.
API authentication and authorization.
Targeting and defending API architectures (Serverless, web services, web APIs)
Securing development environments.

Attacking and Securing APIS (2021)

Injection flaws have dominated web application vulnerability lists since time immemorial. And despite OWASP reducing their ranking from 1 to 3, they are still one of the most devastating web application vulnerabilities. Efforts have been made for years to secure applications against related attacks, from new frameworks to new defensive techniques. A lot has been done, but is it enough? This course enables you to walk through dozens of hacklabs and learn how – despite defensive efforts – injection flaws persist, with drastic effects on application security. Get into the attacker mindset for 2 days and deploy over 30 fresh and novel injection attacks via our state-of-the-art hacklabs. This practical course is packed with information and delivered by professional penetration testers, well-versed in web hacking from their years of experience in the wild. By the time you leave, you’ll understand how to deploy attacks using complex injection flaws. This course will be delivered virtually.

Ready to take bug hunting to a deeper level? Been tasked with reviewing source for SQL Injection, XSS, Access Control and other security flaws? Does the idea of reviewing this code leave you with heartburn? This course introduces a proven methodology and framework for performing a secure code review, as well as addressing common challenges in modern secure code review. Short circuit developing individual secure code review techniques by gleaning from Seth & Ken’s past adventures in performing hundreds of code reviews and the lessons we’ve learned along the way. We will share a proven methodology to perform security analysis of any source code repository and suss out security flaws, no matter the size of the code base, or the framework, or the language.

Next-level Bug Hunting – Code Edition (2021)