Coding Unpackers for Fun and Profit: TitanEngine Training by Tomislav Pericin

Learn how to analyze, unpack and code unpackers for software packers and protectors. Attendees will receive hands-on experience working with the ReversingLabs TitanEngine framework, designed for unpacker creation.

Instructors: Tomislav Pericin
Dates: 6-8 July 2010
Availability: 10 Seats

Learn how to analyze, unpack and code unpackers for software packers and protectors. Attendees will receive hands-on experience working with the ReversingLabs TitanEngine framework, designed for unpacker creation.

Day 1: Static file analysis and static unpacker coding

The focus of the first day is manual file unpacking and static file analysis. We go into deep format analysis to create both simple and more complex static unpackers.

We will focus on real-world protections you are likely to encounter on a day-to-day basis.

Day 2: Dynamic file analysis and dynamic unpacker coding

The second day will cover manual file unpacking and dynamic file analysis. We go into deep format analysis for creating simple and more complex dynamic unpackers. Special attention will be given to dynamic unpacker coding layout and the benefits of using TitanEngine to minimize the time it takes to create an unpacker.

Our focus will be on real world packers you are likely to encounter on a day-to-day basis. These packers top the charts in legitimate software compression, but are often used as malware envelopes.

Day 3: Advanced file analysis and coding complex unpackers

On day 3, we will cover the manual unpacking of complex file packing and protection systems. Special attention will be given to methods used to harden against format reverse engineering and prevent unpacking. We will describe common protection techniques utilized by both legitimate software protectors and those specifically designed for use in malware. We will then use information to show coding techniques needed for such complex dynamic unpackers and ways to counter all the tricks used to harden detection, analysis and unpacking.

Our focus will be on the real-world protections you are likely to encounter on a day-to-day basis.

Class Requirements

IMPORTANT: This training isn't for beginners, and none of the basic stuff will be presented. You must know how to unpack most of the existing packers, and be fluent in x86 assembly to take this course. The author may require students to take appart a little executable in order to be accepted to the training session because we want advanced reverse engineers to progress, and this can only be done if all students can follow the course. There won't be any introduction to reverse engineering class this year, unless we receive enough requests.

Bio

Tomislav Pericin

Tomislav Pericin has been analyzing and developing software packing and protection methods for the last 7 years. He is author of the book "the Art of Reversing" and founder of the commercial software protection project RLPack. Recently he spoke at Black Hat and TechnoSecurity Conferences.