Trainings
List of training sessions for Recon 2019:
Click here to register.
- Elf Voodoo by Ryan "ElfMaster" O'Neill & Leviathan Security (2 days, 24-25 June) ( CANCELLED )
- Mobile and Telecom Applied Hacking and Reverse Engineering by P1Sec (2 days, 26-27 June) ( CANCELLED )
- IC Reverse Engineering & code dump by Olivier Thomas (3 days)
- Automated Reverse Engineering with Binary Ninja by Josh Watson (4 days)
- System Firmware Attack and Defense for the Enterprise by Oleksandr Bazhaniuk and Jesse Michael (4 days)
- An Introduction to Modern Binary Exploitation by Alexei Bulazel and Jeremy Blackthorne (4 days)
- Program Analysis Training by Sophia d’Antoine and Evan Jensen (4 days)
- WebAssembly Module Reverse Engineering and Analysis by Patrick Ventuzelo (4 days)
- Real-world IoT & embedded device hacking by Thomas Roth (4 days 24-27 June) ( SOLD OUT )
- Real-world IoT & embedded device hacking by Thomas Roth (4 days 1-4 July)
- Reverse Engineering Malware by Nicolas Brulez (4 days)
- Windows Internals for Reverse Engineers by Alex Ionescu (4 days 24-27 June) ( SOLD OUT )
- Windows Internals for Reverse Engineers by Alex Ionescu (4 days 1-4 July)
- Hardware Hacking by Dmitry Nedospasov (4 days)
- The ARM IoT Exploit Laboratory by Saumil Shah (4 days)
- Windows Kernel Rootkits Techniques and Analysis by Bruce Dang (4 days) ( SOLD OUT )
- MacOS Mojave and iOS 12 Kernel Internals for Security Researchers by Stefan Esser (4 days) ( SOLD OUT )
- Botnet Takeover Attacks For Reverse Engineers by Brett Stone-Gross and Tillmann Werner (4 days)
- Advanced Fuzzing and Crash Analysis by Richard Johnson (4 days) ( SOLD OUT )
2-Day trainings
ELF Voodoo
A 2 day instructor led workshop by the ElfMaster, that navigates the participants through the most fascinating and arcane facets of the ELF binary format. This includes but is not limited to ELF internals, relocation's, dynamic linking, virus infection, anti-forensics, process memory analysis, binary forensics, exploitation, ELF binary mitigation, binary anti-tamper schemes, and more. Why become an ELF expert? It has quickly become the most ubiquitous binary format used today; From Linux, *BSD and other UNIX-like OS's, to the ever more popular IOT devices which often run Linux. To specialize in ELF is to specialize in understanding the depths of program execution and process memory layout, which are key knowledge to creating new security technologies and for advancing the state of reverse engineering and forensics reconstruction.
Click here for more details
- Instructor: Ryan "ElfMaster" O'Neill
- Dates: 24-25 June 2019
- Capacity: 20 Seats
- Price: 2300$ CAD before May 1, 2700$ CAD after.
Mobile and Telecom Applied Hacking and Reverse Engineering
Learn about contemporary telecom and mobile system reverse engineering within the context of Telecom and Mobile Network operators and how to attack core telecom infrastructure (Core Network, Services, Mobile Apps, Handset platforms, IoT platforms). We will see from the mobile handset (Android, apps, platform) to the operator Core Network how these technologies meshed together and how to make sense of their protocols and applications.
Click here for more details
- Instructor: P1Sec
- Dates: 26-27 June 2019
- Capacity: 15 Seats
- Price: 2300$ CAD before May 1, 2700$ CAD after.
3-Day trainings
IC REVERSE ENGINEERING & CODE DUMP
Physical tampering techniques are composed of three main families from non-invasive (clock and VCC glitches, side channel analysis, etc) and semi-invasive (laser fault injection, photo-emission, etc) to fully-invasive methods requiring the use of equipments such as deprocessing tools, Scanning Electron Microscope, Focused Ion Beam, etc. The latter class is known to be the most potent. On top of that, it also often brings sufficient knowledge about the target for the creation of easier-to-perform methods (non- and semi-invasive) to exploit weaknesses found in the embedded firmware and the hardware itself.
This training is designed to give to Integrated Circuit professionals as well as newcomers a deep understanding of the complete Reverse-Engineering and Exploitation chain for various purposes such as building more secure designs, choosing the right device for a given application, improving the security risk assessment by taking the embedded firmware into consideration but also to find vulnerabilities in « Secure Elements » so as to conduct forensics analysis.
Students who complete this course will be familiar with all important classes of low-level hardware attacks (shield and hardware counter-measures bypass - ROM and Flash/EEPROM dump - bus passive and active probing - ...) through real world examples covering the entire analysis workflow from the lab to the data analysis. An introduction to non- and semi-invasive attacks will be given so as to be able to exploit the results of the IC RE and code dump results.
This training will be a mixture of theoretical lectures and practical assignments which will give the attendees all the key knowledge to perform such complete hardware + software analysis to reach their specific needs from in depth security evaluation to forensics data extraction.
Click here for more details
- Instructor: Olivier Thomas
- Dates: 25-27 June 2019
- Capacity: 24 Seats
- Price: 3450$ CAD before May 1, 4050$ CAD after.
4-Day trainings
Automated Reverse Engineering with Binary Ninja
This comprehensive 4-day course will train both novice and advanced reverse engineers to leverage Binary Ninja's features to automate reverse engineering and security research tasks, such as deobfuscation and patching, structure and class recovery, executable unpacking, vulnerability discovery, and writing shellcode payloads and exploits. Students will hit the ground running with a fast paced comprehensive overview of Binary Ninja’s user interface before diving directly into the defining features of the tool: the Python API and Binary Ninja Intermediate Languages, or BNIL. We will cover both the Low Level IL and Medium Level IL and why they are both superior to native disassembly for program analysis. From there, we will work in-depth with the Python API and explore how to develop plugins to serve as force multipliers in students’ analysis tasks; this will include more obscure aspects of the API, such as automating creation of structures, creating new BinaryViews, and post-analysis callbacks. Finally, we will further apply these automation techniques to search for vulnerabilities in binary code and generate an exploit, along with a shellcode payload in C with the Shellcode Compiler.
Click here for more details
- Instructor: Josh Watson
- Dates: 24-27 June 2019
- Capacity: 20 Seats
- Price: 4600$ CAD before May 1, 5400$ CAD after.
System Firmware Attack and Defense for the Enterprise
A variety of attacks targeting system firmware have been discussed publicly, drawing attention to the pre-boot and firmware components of the platform such as BIOS and SMM, OS loaders and secure booting. This training will detail and organize objectives, attack vectors, vulnerabilities and exploits against various types of system firmware such as legacy BIOS, SMI handlers and UEFI based firmware, mitigations as well as tools and methods available to analyze security of such firmware components. It will also detail protections available in hardware and in firmware such as Secure Boot implemented by modern operating systems against bootkits.
Click here for more details
- Instructor: Jesse Michael and Oleksandr Bazhaniuk
- Dates: 24-27 June 2019
- Capacity: 25 Seats
- Price: 4600$ CAD before May 1, 5400$ CAD after.
An Introduction to Modern Binary Exploitation
This four-day training will teach students without prior experience how to develop exploits for modern binary software, taking them from 1990s style stack buffer overflows through contemporary exploitation of use-after-frees in programs protected by DEP and ASLR. The training will focus on exploiting Linux user mode x86/x64 binaries, but the lessons learned from the class are widely applicable to other platforms and architectures. The course is taught by two RPISEC alumni who were involved in the initial development and teaching of RPISEC’s Modern Binary Exploitation course ( https://github.com/rpisec/mbe ), but the material for this course is all new.
Click here for more details
- Instructor: Alexei Bulazel and Jeremy Blackthorne
- Dates: 24-27 June 2019
- Capacity: 20 Seats
- Price: 4600$ CAD before May 1, 5400$ CAD after.
Program Analysis Training
This is four-day course trains students to do sophisticated program analysis using Binary Ninja and the Binary Ninja Python API. Students will learn Binary Ninja inside and out by extending its analysis capabilities to support a custom architecture which is difficult to analyze manually. Students will also leverage the Binary Ninja plugin architecture to identify vulnerabilities in a machine architecture independent way. After taking this course students will have experience working with the least intuitive and even some undocumented parts of Binary Ninja to create powerful program analysis tools.
Click here for more details
- Instructor: Sophia d’Antoine and Evan Jensen
- Dates: 24-27 June 2019
- Capacity: 20 Seats
- Price: 4600$ CAD before May 1, 5400$ CAD after.
WebAssembly Module Reverse Engineering and Analysis
WebAssembly (WASM) is a new binary format currently developed and supported by all major browsers including Firefox, Chrome, WebKit /Safari and Microsoft Edge through the W3C. This new format have been designed to be “Efficient and fast“, “Debuggable“ and “Safe” that why it is often called as the "game changer for the web". This courses will give you all the prerequisites to understand WebAssembly module and it’s virtual machine model. At the end of this intensive 4 days, you will learn which security measures are implemented by WebAssembly VM to validate and handle exceptions. You will be able to reverse statically and dynamically a WebAssembly module, analyze its behavior, create detection rule and search for vulnerability insides. Finally, you will discover how to do vulnerability research and fuzzing on those VM. Along this training, students will deal with a lots of hands-on exercises allowing them to internalize concepts and techniques taught in class. Hope you will like it !!
Click here for more details
- Instructor: Patrick Ventuzelo
- Dates: 24-27 June 2019
- Capacity: 20 Seats
- Price: 4600$ CAD before May 1, 5400$ CAD after.
Real-world IoT & embedded device hacking
In this 4-day training students will learn how to attack real, on-the-market and supposedly secure devices that have sold millions of units and are widely used. Often, these devices are used in critical and/or sensitive applications. The training focuses on teaching how to perform a hardware security analysis, starting with basic firmware analysis and going as deep as performing a man-in-the-middle attack on in-device busses. A big focus is on identifying inherently insecure architectures: Devices that can not be made secure from a hardware perspective, for example because of design-mistakes or the selection of insecure chips. The devices the students will hack range from point-of-sale terminals, over bitcoin wallets and automotive control systems up to industrial controllers as used in power plants. The training also covers how the conducted attacks can be prevented and how secure devices architectures can be constructed.
Click here for more details
- Instructor: Thomas Roth
- Dates: 24-27 June 2019
- Capacity: 20 Seats
- Price: 4600$ CAD before May 1, 5400$ CAD after.
Real-world IoT & embedded device hacking
In this 4-day training students will learn how to attack real, on-the-market and supposedly secure devices that have sold millions of units and are widely used. Often, these devices are used in critical and/or sensitive applications. The training focuses on teaching how to perform a hardware security analysis, starting with basic firmware analysis and going as deep as performing a man-in-the-middle attack on in-device busses. A big focus is on identifying inherently insecure architectures: Devices that can not be made secure from a hardware perspective, for example because of design-mistakes or the selection of insecure chips. The devices the students will hack range from point-of-sale terminals, over bitcoin wallets and automotive control systems up to industrial controllers as used in power plants. The training also covers how the conducted attacks can be prevented and how secure devices architectures can be constructed.
Click here for more details
- Instructor: Thomas Roth
- Dates: 1-4 July 2019
- Capacity: 20 Seats
- Price: 4600$ CAD before May 1, 5400$ CAD after.
Reverse Engineering Malware
Learn how to unpack and Reverse-Engineer malware in this 4-day class.
Covered Topics: Unpacking, Static and Dynamic Analysis, IDA Python and Targeted Attacks.
Click here for more details
- Instructor: Nicolas Brulez
- Dates: 24-27 June 2019
- Capacity: 20 Seats
- Price: 4600$ CAD before May 1, 5400$ CAD after.
Windows Internals for Reverse Engineers
Learn the internals of the Windows Kernel and its NT-based architecture, including the upcoming Windows 10 “Vanadium” (19H2) and “Vibranium” (20H1) plus Server 2019, in order to learn how rootkits, PLA implants, NSA backdoors, and other malicious tools exploit the various system functionalities, mechanisms and data structures to do their dirty work. Also learn how kernel-mode code operates and how it can be subject to attack from user-mode callers to elevate their privileges. Finally, learn how CPU architecture deeply ties into OS design, and how Intel and AMD’s mistakes can lead to more pwnage. While you might say this latter part is trying to capitalize on recent events, it’s worth nothing it’s been in the course since day 1.
Click here for more details
- Instructor: Alex Ionescu
- Dates: 24-27 June 2019
- Capacity: 30 Seats
- Price: 5400$ CAD.
Windows Internals for Reverse Engineers
Learn the internals of the Windows Kernel and its NT-based architecture, including the upcoming Windows 10 “Vanadium” (19H2) and “Vibranium” (20H1) plus Server 2019, in order to learn how rootkits, PLA implants, NSA backdoors, and other malicious tools exploit the various system functionalities, mechanisms and data structures to do their dirty work. Also learn how kernel-mode code operates and how it can be subject to attack from user-mode callers to elevate their privileges. Finally, learn how CPU architecture deeply ties into OS design, and how Intel and AMD’s mistakes can lead to more pwnage. While you might say this latter part is trying to capitalize on recent events, it’s worth nothing it’s been in the course since day 1.
Click here for more details
- Instructor: Alex Ionescu
- Dates: 1-4 July 2019
- Capacity: 30 Seats
- Price: 5400$ CAD.
Hardware Hacking
The analysis of hardware targets can often be hampered by the fact that a compatible peripheral is not available. However, through a combination of hardware and software it is possible to rapidly prototype and design such peripherals. This training is specifically designed for security researchers who wish to improve their familiarity with hardware security as well as the underlying implementations. The training is built as a set of Capture the Flag (CTF) style assignments, each designed to familiarize students with a common flaw in hardware implementations. Students will learn an efficient workflow for designing such peripherals. This workflow utilizes a combination of programmable logic (CPLDs, FPGAs) and corresponding python code to solve each assignment. Students that complete the course will thoroughly understand the advantages of building tools based on programmable logic. Additionally, students will understand how hardware implementations are realized and exploit several common hardware security flaws. Most importantly, students will learn the necessary skills for real-time analysis of complex undocumented proprietary protocols.
Click here for more details
- Instructor: Dmitry Nedospasov
- Dates: 24-27 June 2019
- Capacity: 24 Seats
- Price: 4600$ CAD before May 1, 5400$ CAD after.
The ARM IoT Exploit Laboratory
ARM has emerged as the leading architecture in the Internet of Things (IoT) world. The all new ARM IoT Exploit Laboratory is a 4-day intermediate level class intended for students who want to take their exploit writing skills to the ARM platform. The class covers everything from an introduction to ARM assembly all the way to Return Oriented Programming (ROP) on ARM architectures. Our lab environment features hardware and virtual platforms for exploring exploit writing on ARM based Linux systems and IoT devices.
The class concludes with an end-to-end “Firmware-To-Shell” hack, where we extract the firmware from a popular SoHo router, build a virtual environment to emulate and debug it, and then use the exploit to gain a shell on the actual hardware device. The 4-day format features lots of hands-on exercises allowing students to internalise concepts taught in class.
Click here for more details
- Instructor: Saumil Shah
- Dates: 24-27 June 2019
- Capacity: 25 Seats
- Price: 4600$ CAD before May 1, 5400$ CAD after.
Windows Kernel Rootkits Techniques and Analysis
This course is tailored for malware analysts, system developers, forensic analysts, incident responders, or enthusiasts who want to analyze Windows kernel rootkits or develop software for similar tasks. It introduces the Windows architecture and how various kernel components work together at the lowest level. It discusses how rootkits leverage these kernel components to facilitate nefarious activities such as hiding processes, files, network connections, and other common objects. As part of the analytical process, we will delve into the kernel programming environment; we will implement some kernel-mode utilities to aid our understanding.
Click here for more details
- Instructor: Bruce Dang
- Dates: 24-27 June 2019
- Capacity: 20 Seats
- Price: 4600$ CAD before May 1, 5400$ CAD after.
MacOS Mojave and iOS 12 Kernel Internals for Security Researchers
This course introduces you to the low level internals of the iOS and OS X kernels from the perspective of a security researcher interested in vulnerability analysis, kernel rootkit/malware analysis/detection or kernel exploit development. While this course is concentrating on MacOS Mojave on the x64 cpu architecture the latest security enhancements of iOS 11/12 will also be discussed. The course material was updated to the latest security features of MacOS Mojave and iOS 12. Therefore there are many changes to the material from previous course.
Click here for more details
- Instructor: Stefan Esser
- Dates: 24-27 June 2019
- Capacity: 18 Seats
- Price: 4600$ CAD before May 1, 5400$ CAD after.
Botnet Takeover Attacks For Reverse Engineers
Learn how to apply reverse-engineering to botnet takeover attacks. This 4-day training will teach the fundamentals of botnet command-and-control protocol reversing, identifying and breaking cryptography, as well as reconstructing botnet topologies and identifying weaknesses in their infrastructure. Students will learn to use this knowledge to design botnet takeover attacks and practice their skills in various hands-on exercises.
Click here for more details
- Instructor: Brett Stone-Gross and Tillmann Werner
- Dates: 24-27 June 2019
- Capacity: 24 Seats
- Price: 4600$ CAD before May 1, 5400$ CAD after.
Advanced Fuzzing and Crash Analysis
This class is designed to introduce students to the best tools and technology available for automating vulnerability discovery and crash triage with a focus on delivering a practical approach to applying this technology in real deployments at any scale.
Click here for more details
- Instructor: Richard Johnson
- Dates: 24-27 June 2019
- Capacity: 20 Seats
- Price: 4600$ CAD before May 1, 5400$ CAD after.