Javascript on your browser is not enabled.

WORKSHOPS

Reverse engineering and ROP gadget, how to take the control of the system

by Pierre-François MAILLARD & Baptiste DAVID    10 - 11 November, 2021

WORKSHOP OBJECTIVE

During the workshop, we see how different mistakes can be exploited to impact the integrity of a program by hijacking its execution flow of the process. We are dealing with processes compiled with last security options, i.e.: Security Cookie, ASLR (Address Random Layout Randomization), DEP (Data Executive Prevention) and CFG (Control Flow Guard).

By using Return Oriented Programming (ROP) method in different context, we will learn how to bypass efficiently all these different security options. This technique does not rely on injection of a new code which makes it is really difficult to detect it.

This workshop aims to propose two intensive training days. The first is dedicated in Windows internal presentation and reminds of main reverse-engineering procedures. The second day is about the ROP teaching and advanced techniques to exploit it in different situations. In both days, theory, demo and technical practice are the main line of the course

COURSE CONTENT (TOC):

  • Presentation of Windows 10 system and how it works
  • Presentation of the security provided by Windows
  • New technical details about Windows 11
  • Reminds about reverse-engineering, assembly language and debugging techniques
  • Introduction about vulnerabilities and exploitation
  • Presentation of the different compilation protections provided by Visual Studio Compiler
  • Have practice about examples of control flow hijacking with ROP

PRE-REQUISITE:

Hardware

  1. A laptop with enough memory in RAM ( > 4 Go) to be efficient and enough disk space (> 4 Go)
  2. Intel or AMD processors (x64). If you have a x86 system, some challenges can’t be solved

Software (ideally pre-installed):

  1. Windows 10 operating system
  2. Ghidra or IDA software (free version or a commercial one for a better use)
  3. Windbg Preview (available from the Windows 10 store)

Participants Requirements:

There is no requirement here; basic level in computer science will be enough. Nonetheless, in case of doubts:

  1. Basic knowledge in programming (mastering C would be perfect)
  2. Basic knowledge in mathematics and algebra
  3. Basic reverse engineering experience

WHO SHOULD ATTEND

  • Students in IT and especially in security
  • Security and software engineers
  • Malware analysts
  • Anyone curious about how operating system work is welcomed

WHAT TO EXPECT:

  • Get a good knowledge about how things work in Windows and more generally in the operating system world
  • Get practice with reversing software
  • Understand the purposes and the use of static and dynamic analysis
  • Understand different ways to hijack the control flow of a process with the ROP in different environments
  • Discover new tools provided by Microsoft and Intel to protect the executables from a control flow hijacking
  • Understand better how tedious bugs in software can lead to real and high consequences
  • Good stories and culture about Windows
  • Practice, practice and practice… This is the only way to progress in reverse engineering and in IT in general

WHAT NOT TO EXPECT:

  • Disclosure about vulnerabilities not corrected, patents or cracking protection of commercial software. It is not legal in addition not to be moral
  • Reverse engineering of software written in C# or C++ (it is out of scope even if tools would be presented to proceed if attendees desire to do so)
  • Have a universal way to hijack an executable. The possibilities to take the control of a program are mainly related to the implementation quality

SPEAKER PROFILES:

Pierre-François MAILLARD, Independent researcher

Pierre-François MAILLARD Pierre-François Maillard is an engineer in the field of cyber security and operating system. During his courses, he worked with the CVO laboratory (Operational Cryptology and Virology) with a specialization in the UEFI System. He has also worked in various company in reverse engineering and in the industrial cybersecurity. Following his works, he has written a series of 3 articles in MISC, a top French cybersecurity magazine, about the UEFI and the different ways to work on it. He has also organized a workshop and a conference in the same field at C0c0n. He is currently looking for an international PHD in cybersecurity.





Baptiste DAVID, PHD Applicant

Baptiste DAVID DAVID Baptiste is an independent researcher. His research is mainly focused on malware analysis, security under Windows operating system, networks, kernel development and vulnerabilities. Sometimes math, physic or anything cool from that stuff is perfect for him to enhance everyday life. He also likes good food and good vine (we never change), but he is okay if you offer him beers. He has already made several conferences including: iAwacs, c0c0n, Ground zero summit, EICAR, ECCWS, Defcon, Black Hat USA.

CONFERENCE 2021

c0c0n 2021 Online Conference

VENUE

c0c0n 2021 is a Virtual Conference

c0c0n 2021 Workshop Date

WORKSHOP

November 10-11

c0c0n Conference 2021

CONFERENCE

November 12-13

CONFERENCE PARTNERS

Kerala Police
ISRA
POLCYB

SPONSORS

c0c0n 2021 Supporters

Cochin Smart Mission Limited
Indian Oil Corporation
vensec
Petronet LNG
Federal Bank
CSB Bank
Bharat Petroleum Corporation Limited
Elastic Security Solution
GAIL (India) Ltd.
Netskope, your cloud security platform.
crowdstrike
Synthite
GEOJIT FINANCIAL SERVICES
Breaking Barriers - Lean In Circle
Cyber Security Global Alliance(CSGA)
WICCI Public Safety & Security Council, Bengal
Stories of Infosec Journeys
Chakolas