This is an advanced course that teaches the student how to automate reverse engineering tasks using full-system analysis by way of emulation. This course teaches powerful techniques that are at the forefront of security research and is relevant for all domains in software analysis, e.g. malware analysis, reverse engineering, vulnerability discovery, root-cause analysis and much more.
Learning objectives
- QEMU-internals and full-system analysis with PANDA.
- Virtual Machine Introspection (VMI).
- Intermediate representations, QEMU TCG and LLVM IR.
- Dynamic taint analysis.
- Designing general and precise solutions using the above techniques.
Who should attend?
- Security researchers.
- malware analysts.
- exploit writers.
- security engineers.
- Any others who need to understand the behaviours and artefacts of complex systems at a detailed level.
Prerequisites
This is an introductory course with no hard prerequisites. Minor exposure to C programming and knowledge of computer architectures is beneficial but not a requirement.