HITB LAB

Qiling Framework with IDA Pro

November 18th @ 20:00 - 22:00 (GMT +4) // Track 3 @ HITB Labs

All

Skill Level

150

MAX CAPACITY

2:00h

Duration

Zoom

DELIVERY

OVERVIEW

Qiling Framework (https://qiling.io) is a sandbox emulator framework with a rich set of Python APIs to enable highly customizable analysis tools built on top.

Using emulator technology inside, our engine can run the executable binary in a cross-platform-architecture way, so we can analyze Windows PE files on Linux Arm64, IoT firmware based on Mips on MacOS, and so on.

In this lab we show you how to build your own fuzzers based on 1day bugs. We will discuss how we can use Qiling to work with IDA Pro, to combine the greatest static analysis tools with an emulation engine to archive cross platform and multi arch analysis. We also cover how we can dynamically analyze MBR binary (eg petya) with Qiling Framework.

TOPICS COVERED

– Preparation
– Installation
– Testing

– Introduction to docs.qiling.io
– common APIs

 

– Required IDA 7.4 and above for hands on
– Either Windows or Linux IDA

– CTF Challenge for Master boot record
– Actual Ransomware for Master Boot Record

Ready To HACK?

Share on facebook
Share on twitter
Share on linkedin
Share on email
Share on whatsapp

SPEAKERS

Lab Director of The ShepherdLab, of JD Security, JD Security, JD.COM

Kai Jern Lau

KaiJern (xwings), is Lab Director of The ShepherdLab, of JD Security. His research topic mainly on embedded devices, hardware security, blockchain security, reverse engineering and various security topics. He presented his findings in different international security conferences like Blackhat, Defcon, HITB, Codegate, QCon, KCon, Brucon, H2HC and etc. He conducted hardware Hacking courses in various places around the globe. He is also the owner of hackersbadge.com, actively involved in Unicorn (https://unicorn-engine.org) development and founder of Qiling Framework (https://qiling.io)

Lab Member of The ShepherdLab & JD Security, JD.COM

Wu ChenXu

Chen Xu Wu is a security researcher at the Shepherd Lab of JD Security. His research focuses on automated binary analysis. He was a speaker of BlackHat Asia 2020, China kanxue SDC 2020, HITB Labs 2020. He is also a core developer for Qiling Framework (https://qiling.io).

Lab Member of The ShepherdLab & JD Security, JD.COM​

Kong ZiQiao

Ziqiao Kong is a security researcher at the Shepherd Lab of JD Security. He has broad research interests in binary analysis, reverse engineering and code audit. He was awarded the Hall of Fame in GeekPwn 2019 and gave talks at BlackHat Asia2020 and China Kanxue SDC 2020. He also has papers to be published on top security conferences and works as an active contributor to several open-source projects including Unicorn (https://unicorn-engine.org) and Qiling Framework (https://qiling.io).