Qiling Framework (https://qiling.io) is a sandbox emulator framework with a rich set of Python APIs to enable highly customizable analysis tools built on top.
Using emulator technology inside, our engine can run the executable binary in a cross-platform-architecture way, so we can analyze Windows PE files on Linux Arm64, IoT firmware based on Mips on MacOS, and so on.
In this lab we show you how to build your own fuzzers based on 1day bugs. We will discuss how we can use Qiling to work with IDA Pro, to combine the greatest static analysis tools with an emulation engine to archive cross platform and multi arch analysis. We also cover how we can dynamically analyze MBR binary (eg petya) with Qiling Framework.
– Preparation
– Installation
– Testing
– Required IDA 7.4 and above for hands on
– Either Windows or Linux IDA
– CTF Challenge for Master boot record
– Actual Ransomware for Master Boot Record
KaiJern (xwings), is Lab Director of The ShepherdLab, of JD Security. His research topic mainly on embedded devices, hardware security, blockchain security, reverse engineering and various security topics. He presented his findings in different international security conferences like Blackhat, Defcon, HITB, Codegate, QCon, KCon, Brucon, H2HC and etc. He conducted hardware Hacking courses in various places around the globe. He is also the owner of hackersbadge.com, actively involved in Unicorn (https://unicorn-engine.org) development and founder of Qiling Framework (https://qiling.io)
Chen Xu Wu is a security researcher at the Shepherd Lab of JD Security. His research focuses on automated binary analysis. He was a speaker of BlackHat Asia 2020, China kanxue SDC 2020, HITB Labs 2020. He is also a core developer for Qiling Framework (https://qiling.io).
Ziqiao Kong is a security researcher at the Shepherd Lab of JD Security. He has broad research interests in binary analysis, reverse engineering and code audit. He was awarded the Hall of Fame in GeekPwn 2019 and gave talks at BlackHat Asia2020 and China Kanxue SDC 2020. He also has papers to be published on top security conferences and works as an active contributor to several open-source projects including Unicorn (https://unicorn-engine.org) and Qiling Framework (https://qiling.io).