Advanced Reverse Engineering - by Nicolas Brulez

Learn how to unpack Packers and Protectors, and how to analyse Polymorphic viruses

Instructor: Nicolas Brulez
Dates: 13-15 June 2006
Price: 2600$ + taxes
Availability: FULL

Day 1: Mastering Manual Unpacking

The first day, students will learn how to unpack PE executable packers, but also Protectors. They will learn how to write plugins and scripts for IDA, Import Reconstructor, and OllyDbg, that can help them in their unpacking tasks.

Attendees will practice their unpacking skills on many packed/protected files, including Packers made by Nicolas Brulez, especially for the training. (packers aren't available though).

They will also learn to defeat anti debugging code, and techniques to protect yourself from those tricks will also be presented.

Day 2 and 3: Malware Analysis

Students will be working on a complex EPO Polymorphic PE file infector. They will walk through the full analysis of the virus, as well as the Polymorphic engine. They will be presented ways to defeat the encryption used by the virus, and how to find the entry point of the decrypted virus.

Attendees will also work on trojan horse and other malwares. Tools and techniques used to do Malware Analysis will be presented : Debugging Injected dlls/Threads, making your own analysis helper tool etc.

Class Requirements

Training attendees are required to bring a laptop and a licensed copy of IDA Pro. Licensed Vmware or similar is also required. Licensed Soft ICE (or any kernel driver installed is a plus)

Bio

Nicolas recently joined Websense Security Labs as a Virus Researcher where he does computer virus analysis, writes tools and does security research in general.

Prior to that, Nicolas was the Chief of Security for Digital River/SiliconRealms, working on the SoftwarePassport/Armadillo protection system for the past 4 years.

Nicolas specializes in anti-reverse engineering techniques to defend against software attacks. He has been active in researching viral threats and sharing that research with various anti-virus companies. He regularly writes for the French security magazine MISC and has authored a number of papers on reverse engineering, teached Assembly Programming and Reverse Engineering in various Computer Engineering Schools.

He also is an Associated Researcher of the Virology and Cryptology Laboratory of "Ecole Supérieur et d'Application des Transmissions".

Nicolas regulary speaks at international conferences such as Recon (Canada), PacSec (Japan), RuxCon (Australia), SSTIC (France), Virus Bulletin...