ＨｉｄｅＺｅｒｏＯｎｅ

After a sold-out course last year at Blackhat, we are back with an updated version of our course with additional coverage of ARM64, mobile browser security, and more in-depth coverage of Mobile apps and operating system security. The class starts with a basic introduction to the ARM instruction set and calling conventions followed by some reverse engineering exercises.  We then learn how to write simple exploits for the ARM64 environment. Next, we move to Mobile browser security, understand some of the browser mitigations followed by writing some simple exploits for the mobile browser. We then cover iOS and Android internals in further detail. We then discuss some of the exploitation techniques using real-world vulnerabilities (e.g., voucher_swap, checkm8, etc) followed by a walkthrough of how jailbreaks are written. We also discuss some of the common vulnerability types (Heap Overflows, Use-after-free, Uninitialized Stack variable, Race conditions). We will also look at how to build the Android kernel, customize it using Kernel tunables and then use a 1-day vulnerability to gain kernel r/w access. The training then moves on to application security based on exploiting the Damn Vulnerable iOS app, Android-lnsecureBankv2, and lnsecurePass application written by the authors of this course in addition to a broad range of other real-world applications. We then cover a variety of mitigations deployed in real-world apps and discuss how to bypass them. Slides, videos and detailed documentation on the labs will be provided to the students for practice after the class. Corellium access will be provided to students during the duration of the training course.

Syllabus

• Introduction to ARM64 and Mobile Browser Security [2 modules]
• iOS Exploitation
• Android Exploitation

Offensive Mobile Reversing And Exploitation (2021)

The NSA spent years developing Ghidra as its own internal reverse engineering suite. Now, thanks to the Technology Transfer Program, these powerful capabilities are readily available to the world. With support for dozens of architectures, Ghidra is rapidly gaining popularity as a tool of choice for analyzing compiled code. Ghidra’s extensibility through Java and Python scripting make it ideal for malware analysis and vulnerability research tasks. This class is a hands-on, example-driven introduction to reverse engineering with Ghidra. Attendees will learn the basics of using Ghidra to analyze executables before diving into examples of progressively more sophisticated reverse engineering countermeasures. As topics are introduced, students will reinforce what they’ve learned by solving reverse engineering challenges. Students may work independently or in groups to solve any of the introduced Capture the Flag style challenges. On the first day of this course, students will get familiar with Ghidra and how to create projects and import files. Students will learn how to analyze a program, follow its execution flow, and start customizing the disassembly and associated pseudocode. New for 2022, students will also get hands on time using the Ghidra’s debugger integration as well as newly updated support for binary patching. As we analyze more complicated examples, students will learn about basic tricks malware developers use to obscure functionality. We’ll look at how to identify strings being crafted within code, as well as dealing with code hidden in data sections to escape analysis. These examples will help illustrate how different options and built-in tools are used to improve analysis results. The second day brings more complicated challenges, including layered obfuscation and encryption. The lessons on this day will review in greater detail how to use the Python interpreter in Ghidra. Students will ultimately design and use custom Python scripts to analyze real malware.

BHEU21 – Reverse Engineering with Ghidra (2021)

Through OALABS we want to bring you the kind of reverse engineering tutorials that we wished we had when we were first learning to analyze malware. With Patreon we offer access to a wide variety of tutorials and workshops aimed at all skill levels. Our RE101 level tutorials cover important topics like how to setup a malware analysis lab, as well as reverse engineering fundaments like learning assembly, and how to use a debugger. Our RE201 level tutorials cover malware analysis specific topics like how to bypass anti-analysis checks in malware, and how to resolve dynamic imports. Our RE504 level tutorials cover advanced reverse engineering topics like how to bypass software protectors such as Themida, and VMProtect. Patreon also allows us to maintain a set of free publicly available malware analysis tutorials on YouTube as well as weekly malware analysis streams on Twitch.

Syllabus

RE101 – Reverse engineering fundaments
RE201- Malware analysis fundamentals
RE504 – Advanced reverse engineering topics

OALABS: Malware Reverse Engineering Training

Reversing Hero course is a very good course for people who want to learn reverse engineering from beginner to intermediate level. This course consists of 12 hours of video, the degree of difficulty of which increases step by step, and also in the Reversing Hero course, you have to try to solve the given exercises by yourself, and if you are completely stuck, you can watch the video of the solution to the exercise.

Reversing Hero

In this CSP course, you will apply all the knowledge and skills taught in the CSL course to crack real software.  Real software are commercial proprietary software.  We are doing this for educational purposes and not to harm software developers. This skill and knowledge benefits developers in that they are better able to secure their software. The concept is similar to ethical hacking – the only way to defend against hackers is to know how hackers break in. Similarly, for software security. The best way to improve software security is to learn how software is being cracked.

Syllabus

1. Introduction
2. Creating a Sandbox for Cracking Software
3. Introduction to crackme’s
4. Introduction to x64dbg and Detect it Easy (DIE)
5. Setting up your cracking workspace and workflow
6. Debugger Stepping Basics
7. Stepping Into Calls
8. Breakpoint
9. Reversing Jumps
10. How to patch a program
11. Summary of Cracking Software Workflow
12. Introduction to cracking gui-based programs
13. Crack the Serial Key using BP on strings
14. Windows api functions & the stack
15. Patching to bypass wrong serial key message
16. Setting Breakpoints on Intermodular Calls
17. Setting BP from the Call Stack
18. Cracking Registration File Checks
19. Removing Nag Screens
20. Cracking Trial Period Software
21. Cracking Auto-Generated Serial Keys
22. Removing Nag Screen by TDC
23. Cracking by patching eax register values
24. Cracking via Hardware Breakpoints
25. How to Change Serial Key By Patching Memory Directly
26. xAnalyzer Static Code Analyzer
27. Serial Fishing – how to extract serial key
28. Cracking Software Protection
29. Cracking software using loaders
30. Cracking Software’s Anti-Debugging Protection
31. Cracking Software that has a combination of Packing Anti-Debugging
32. Keygens
33. Assembly Language Programming for Reversers
34. Creating an External Keygen
35. Cracking Visual Basic 6 Native compiled software
36. Cracking VB6 p-code Software
37. x64dbg tools usage
38. Cracking .NET Framework Software (C# and VB.NET)
39. Cracking .NET Software Protection
40. Understanding the Process of De-obfuscation
41. Cracking DLL’s

Cracking Software Practicals (CSP)