HITB LAB

Hands-on Introduction to Timeless Debugging & Analysis

November 19th @ 20:00 - 22:00 (GMT +4) // Track 3 @ HITB Labs

All

Skill Level

100

MAX CAPACITY

2:00h

Duration

Zoom

DELIVERY

OVERVIEW

Timeless Analysis & Debugging builds upon captures of a time slice of a program or a full system execution to provide unique analysis features. By alleviating the need for iterative debugging sessions, it brings a new and powerful perspective to reverse-engineering problems such as vulnerability analysis.

This hands-on lab will use the Tetrane’s REVEN platform to introduce the concepts of Timeless Analysis and Debugging on a full system trace. You will be proposed exercises on pre-recorded reverse-engineering scenarios related to software running on Microsoft Windows.

In the end, you will learn how to combine these approaches and how to use TA&D features to rapidly navigate from a real world crash to its root-cause data or from data to a potential crash.

This lab will present both REVEN’s GUI and its Python API. Basic proficiency in Python is recommended but not mandatory – answers will be provided along the lab to allow everyone to progress.

TOPICS COVERED

Workflow (working with VMs, record, replay, analyze), interfaces (GUI, API), connection with other RE tools, pros and cons.

Search for symbol calls and string operations, history of memory accesses, data flow tainting forward and backward, search for patterns in memory in a range of time.

  • Advantages of working on a full-system recorded trace and the kind of problems it can help you solve quickly
  • How to use it, through the use of its GUI or its Python API.
  • What is the equivalent of breakpoints?
  • Filter calls based on argument values
  • Library tracing
  • Follow data-flow using the tainting engine, between multiple processes or between processes & kernel
  • Search a pattern in memory on the whole trace
Share on facebook
Share on twitter
Share on linkedin
Share on email
Share on whatsapp

SPEAKERS

Engineer, Tetrane

Mathieu Favreaux

From the start of his career in the software industry in 2008, Mathieu has had a passion for developing performant, low-level software.

Since his joining Tetrane in 2013 as an R&D engineer, he grew fonder of the security industry and its challenges. Now he divides his time between R&D and pre-sales activities: he regularly gives trainings of Tetrane’s timeless analysis & debugging tool REVEN, meets with its users, and is always on the lookout for new projects and features.

A short contest will be conducted with 3 REVEN Professional licenses up for grabs!1st Place – 12 month license2nd Place – 6 month license 3rd Place – 3 month license

A short contest will be conducted with 3 REVEN Professional licenses up for grabs!
1st Place – 12 month license
2nd Place – 6 month license
3rd Place – 3 month license

Ready To HACK?