DeepSec 2014 Workshop: Understanding x86-64 Assembly for Reverse Engineering and Exploits
Assembly language is still a vital tool for software projects. While you can do a lot much easier with all the high level languages, the most successful exploits still use carefully designed opcodes. It’s basically just bytes that run on your CPU. The trick is to get the code into position, and there are lots of ways to do this. In case you are interested, we can recommend the training at DeepSec held by Xeno Kovah, Lead InfoSec Engineer at The MITRE Corporation.
Why should you be interested in assembly language? Well, doing reverse engineering and developing exploits is not all you can do with this knowledge. Inspecting code (or data that can be used to transport code in disguise) is part of information security. Everyone accepts a set of data from the outside world. Most commonly organisations, individuals, and companies consume web pages or receive email. As soon as you deal with filters, you need to worry about code hidden in data. You can get fancy and run an intrusion detection system, too. If you do, then you are in the business of dealing with opcodes – provided you look for exploits in the wild.
The training at DeepSec is especially interesting for penetration testers and everyone involved in defence. Analysing malicious software is a good example that combines defence and reverse engineering with assembly language. You really miss a lot of the things attackers try to tell you, if you don’t speak x86_64! The information gained will also help you to recognise and mitigate attacks. Plus it’s not as hard as you think. Despite x86 assembly having hundreds of special purpose instructions, you will be shown that it is possible to read most programs by knowing only around 20-30 instructions and their variations.
Don’t miss this training! It’s a rare occasion. Take advantage of it!
Once you register don’t forget to bring your laptop, a (Microsoft Visual C++ Express 2012) compiler and a way to run the provided Linux VM.