RE//verse Training - Program Analysis for Vulnerability Research with Kyle Martin and Brandon Miller

RE//verse Training - Program Analysis for Vulnerability Research with Kyle Martin and Brandon Miller

$4,800.00 Sale

Badge Info

Registration Info

Theory meets implementation in this course brought to you by Margin Research and Vector 35. This four-day course examines cutting-edge program analysis techniques and how they can be used to find bugs!

  • TRAINING DATES: February 24 - February 27, 2025
  • CONFERENCE DATES: February 28 - March 1, 2025
  • LOCATION: Caribe Royale, Orlando, FL (Take advantage of our special group rate starting at $279.00 per night (plus taxes and fees))
  • NOTE: Conference admission purchased separately.  Conference tickets can be purchased here.

Uncover and improve on the logic behind compiler checks that have been finding errors in code for decades and implement them on binaries using Binary Ninja. Students will prototype binary analysis passes to find type confusion, buffer overflows, data-flow edge cases, and automate analysis at scale across hundreds of real world targets.

This thorough approach to binary analysis will leave students with a collection of scripts that can be applied across architectures to find real bugs, identify interesting code paths, and the ability to encode bug primitives both old and new! Plus, students will learn how to build a pipeline to discover those bugs automatically and integrate automated analysis into existing workflows, maximizing every advantage reverse engineering has to pioneer truly modern Program Analysis for Vulnerability Research.

Topics Covered

  • Basic Usage of Binary Ninja, Design Philosophy, Core Architecture, API
  • Normalization, IL Survey, BNIL
  • Undecidability, Program Correctness, Correctness with pointers, Formal Methods, Useful Binary Ninja Features, Jump Tables, SSA
  • PHI nodes, Dominance Frontiers, and Data Sensitive Analysis
  • Type Analysis, Constraint Solving, and Records, Lattice Theory, Sign Analysis, and Abstract Interpretation
  • Constant Propagation, Fixed-Point Algorithms, Abusing Optimizations, and Flow-Sensitive Type Analysis
  • Pointer Analysis, Abstract Interpretation, Interprocedural Analysis, Batch processing with Binary Ninja
  • Pointers and Heap analysis
  • Firmware Analysis

Learning Objectives

  • Familiarity with many program analysis concepts and common challenges
  • The ability to write sophisticated program analysis scripts and plugins unassisted
  • An understanding of vulnerability primitives and methods of discovery
  • The ability to model vulnerability primitives for automated discovery using Binary Ninja's Python API

New for RE//verse 2025

New for RE//verse 2025, we'll be covering how to reverse engineer firmware in Binary Ninja! This will include:

  • How to approach reversing firmware
  • Specific considerations for working with embedded firmware
  • How to identify proper load addresses
  • Recovering sections and semantics
  • Identifying devices in memory
  • Mapping in devices and foreign code
  • Source-to-sink analysis through devices
  • Handling interrupts
  • How to use BASE and Firmware Ninja

Requirements

  • Familiarity with basic vulnerability classes such as stack-based buffer overflows, type confusion, sign extension vulnerabilities, etc
  • Intermediate Python experience highly recommended
  • A workstation or laptop that can run Binary Ninja (license included with the course)
  • (Optional) Students may wish to have a virtual machine running Ubuntu 24.04 or a OS which can run Binary Ninja and our provided exercise binaries

Trainers

Kyle Martin (@elykdeer) is a cybersecurity software engineer and educator, focused on making all things "binary" easier to understand. Kyle has over 10 years of teaching and presenting experience, going all the way back to when he was the head counselor at a computer camp, rewriting their C++ and x86 assembly courses at just 15 years old. Since then, he’s been involved in organizing highly-specialized cybersecurity events around the world, spanning concepts such as reverse engineering, incident response, vulnerability research, malware analysis, capture the flag, offensive security, and cutting-edge program analysis. Kyle brings with him the expertise and support of the entire Vector 35 team, creators of Binary Ninja.

Back to RE//verse