Training at CanSecWest 2011: Advanced binary deobfuscationThu 03 February 2011 by jj
The course will teach you how to overcome state-of-the-art binary obfuscation.
You will see, and learn to defeat :
- traditional junk,
- arithmetic code hiding,
- code flattening,
- and virtual-machine based obfuscation schemes.
The course is a reedition of last year's dojo, improved based on students feedback.It now fits in one day, with only the most relevant parts kept in, for an even more didactic training session.
In the end of the day, you'll be well armed to face heavily protected binaries, and pierce through their various obfuscation layers.
(one day course)
- Quick introduction to the framework, core classes/methods
- Disassembly & debugging overview
- Plugin architecture
- Static deobfuscation, using advanced pattern matching
- Graph manipulation to counter code flow obfuscation
- Reversing a virtual machine interpreter using instruction semantics
- Disassembling the virtual opcodes directly
You'll need a laptop running either Windows or Linux.If you have ruby pre-installed, a 32-bit, 1.8 version is preferred.You should also be already familiar with x86 assembly code, and have already worked on obfuscated code, either real-world or custom challenges.
If you have any question, check out the irc channel #metasm on the freenode network, or ask @metasm on twitter