Courses

Learn more about the training offered at INFILTRATE

Margin Research & Vector 35: Program Analysis for Vulnerability Research

This four-day course trains students to do sophisticated program analysis using Binary Ninja and the Binary Ninja Python API for the purpose of vulnerability research with the goal of improving auditing processes, improving ability to identify interesting code paths, and encoding bug primitives.

In the class, students will learn Binary Ninja inside and out by extending its analysis capabilities to support a custom architecture, which is difficult to analyze manually. Students will also leverage the Binary Ninja plugin architecture to identify vulnerabilities in a machine architecture independent way. After taking this course, students will have experience working with the least intuitive and even some undocumented parts of Binary Ninja to create powerful program analysis tools which can be used across architectures.

Prerequisities

Students should have prior experience in the basics of software reverse-engineering.

Class Requirements

Students should have workstations or laptops with Binary Ninja and VMware Workstation 15 Pro or Fusion 11 Pro installed with a clean install of Ubuntu 18.04.

Course Information

Date: October 11th - October 14th
Course Fee: $4,900
CPE Credits: 0

View the Conference Calendar

More Infiltrate Courses

If you are trying to determine which course is best suited for you, email us at infiltrate@immunityinc[dot]com and we will assist you.

See all the courses

Syllabus

Course Length: 4 Days

DAY 1

  • API and GUI review
  • Discussion of program analysis use cases
  • Turing machines, correctness, and formal verification
  • In-depth Binary Ninja Low Level Intermediate Language (LLIL) review
  • Start to write a generic plugin with Binary Ninja PluginCommand to better reverse engineer language specific artifacts

DAY 2

  • SSA Form and its benefits
  • The Binary Ninja memory and address concept
  • Control flow analysis vs. Data flow analysis
  • Type propagation inside of a function context and cross function
  • Automatically recovering structures inside of a function context
  • Abstract Interpretation

DAY 3

  • Data flow analysis and tracing the lifetime of a variable or object
  • Path constraint solving using SAT solvers to determine reachability and to solve for input variables
  • Vulnerability discovery with binary ninja
  • Identifying “sources” and “sinks” in a program. Using taint analysis track where controlled input can reach program sinks and constraint solving to determine the boundaries of a vulnerability

DAY 4

  • Discuss bug classes, what makes certain ones easier to programmatically find and why
  • Encoding bug classes as read and write primitives, it easier to find specific vulnerability types – such as memory corruption and incorrect usage of APIs
  • Write a Binary Ninja pass to find different classes of bugs for specific example targets
  • Attempt to analyze and find bugs in a ‘real world’ program
  • Discussion on the future of the field. How would machine learning help us determine the harder types of bugs – logic bugs etc

View Detailed Syllabus

Infiltrate Sponsors

Register Now

Please don’t be one of those people who registers at the last minute after all the tickets have been sold!

Join us at the conference

Training & Workshops

Learn more about the technical training and workshops offered at INFILTRATE

Attend a session