Symbolic Execution with Angr

Instructor: Jeremy Blackthorne
Dates:  June 24 to 27 2024
Capacity:   30 Seats

This is an 80% hands-on course with many demos, examples, exercises, and solutions. Exercises will be mostly x64 and ARM binaries for Linux, but we will also apply it to other architectures, such as MIPS and PowerPC. Although the theory behind symbolic execution is fascinating, we will only minimally cover it and will instead focus on the practical applications of angr.
Students are provided a preconfigured VM with all necessary tools and exercises. The instructor's computer screen and voice will also be recorded during each day and provided for reference. Students can then review the recordings during the course and retain them for use afterwards.

Key Learning Objectives

• Students will have the ability to perform symbolic and concolic execution with angr
• Students have the ability to use manual and automated techniques with angr
• Students will know how to leverage angr's strengths and complement its weaknesses

COURSE TOPICS

Background

• Symbolic execution / Concolic execution
• Bit vectors
• SMT/SAT solving
• Abstract syntax tree (AST) and DPLL algorithm
• Path explosion problem

Angr Usage and API

• API: loader, symbolic execution, solver engine
• Emulator: stepping, running, hooking
• Symbion and concolic execution: using debugger state with emulator
• Disassembly, decompilation, control-flow graphs
• Backward slicing
• VEX IR, PyVex, and libVEX
• Components: Capstone, Unicorn, claripy, Z3, valgrind
• Extending angr functionality

Plug-ins, Tools, and Workflow Integration

• Natural workflow of angr with IDA, Ghidra, qemu, pwntools and gdb
• Pypcode: library allowing symbolic execution of Ghidra's p-code
• Plug-ins: Angry Ghidra, IDAngr, Jupyter's Angry kernel
• angr's GUI: angr-management
• Other plugins

Applications

• Malware deobfuscation
• identifying vulnerabilities and creating proof-of-concepts for vulnerabilities
• Crafting exploits
• General RE

WHO SHOULD ATTEND

This training is for people who are in the weeds, assessing binaries for vulnerabilities, crafting exploits, and reverse engineering malware.

KNOWLEDGE PREREQUISITES

This is an intermediate class. Students are expected to have experience with RE, VR, Linux, C, Python, and x86-64 assembly. Students are not expected to have any experience with symbolic execution, SMT, or angr.

HARDWARE REQUIREMENTS

Students are expected to have their own computers which can run an x86-64 virtual machine.

• 50 GB of free hard disk space
• 4GB of RAM
• 4 Processor cores

SOFTWARE REQUIREMENTS

• VMware or Virtualbox and ability to run an x64 VM

BIO

Jeremy Blackthorne @0xJeremy is a co-founder and instructor at the Boston Cybernetics Institute (BCI). Before BCI, he was a researcher in the Cyber System Assessments group at MIT Lincoln Laboratory. He was the co-creator and instructor for the Rensselaer Polytechnic Institute courses: Modern Binary Exploitation and Malware Analysis. Jeremy has published research in various academic and industry conferences. He served in the U.S. Marine Corps with three tours in Iraq and is an alumnus of RPISEC.

To Register

Click here to register.