The Life of Binaries

ShmooCon IX - 2013

Presented by: Xeno Kovah
Date: Saturday February 16, 2013
Time: 15:00 - 16:20
Location: Congressional C
Track: Train the Trainer

http://opensecuritytraining.info/LifeOfBinaries.html

Assumes: basic knowledge of C, but benefits from Intro x86

Teaches: The stages of an executable's life from source code through terminating executable. Compiler theory with a special emphasis on the stage where assembly code is output. Structuring code and data into well-formed executable files such as the Windows Portable Executable (PE) and Linux Executable and Linkable Format (ELF) formats. A deep dive of PE is taken with an eye toward security-relevant features; and then ELF is examined to show how it is similar and different to PE. The class ends with showing the applicability of binary format knowledge for viruses and packers.

Xeno Kovah

Xeno Kovah graduated from the CMU SFS program in 2007 and has been leading a team focusing on sophisticated stealth malware detection (in userspace, kernel, and firmware) and trusted computing at MITRE since 2009. But he's been attending cons since 1999, back before The Shmoo Group had even made a splash at Defcon with their wireless shenanigans. ;) Xeno started OpenSecurityTraining.info in 2011 to host his like-minded colleagues' open source training materials, and he's always looking for new contributors.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats