Program Analysis for Vulnerability Research

This five-day course trains students to do sophisticated program analysis using Binary Ninja and the Binary Ninja Python API for the purpose of vulnerability research with the goal of improving auditing processes, improving ability to identify interesting code paths, and encoding bug primitives.

In the class, students will learn Binary Ninja inside and out by extending its analysis capabilities to support a custom architecture which is difficult to analyze manually. Students will also leverage the Binary Ninja plugin architecture to identify vulnerabilities in a machine architecture independent way. After taking this course students will have experience working with the least intuitive and even some undocumented parts of Binary Ninja to create powerful program analysis tools which can be used across architectures.

Dates of Course: October 4th through October 8th, 2021

Registration Link

https://shop.binary.ninja/products/program-analysis-for-vulnerability-research-5-day-course

Topics Covered

  • Using the UI, Reverse Engineering, Design Philosophy, Core Architecture (BN core arch/design)
  • BV plugin development, Architecture plugin
  • Normalization, IL Survey, BNIL ILs
  • Undecidability, Program Correctness, Correctness with pointers, Formal Methods, Useful Binja Features, Jump Tables, SSA
  • PHI nodes, Dominance Frontiers, and Data Sensitive Analysis
  • Type Analysis, Constraint Solving, and Records, Lattice Theory, Sign Analysis, and Abstract Interpretation
  • Constant Propagation, Fixed-Point Algorithms, Abusing Optimizations, and Flow-Sensitive Type Analysis 
  • Pointer Analysis, Abstract Interpretation, Interprocedural Analysis, Batch processing with Binja
  • Pointers and Heap analysis

Learning Objectives

  • Have a thorough grasp on the binary ninja python API
  • Familiarity with many program analysis concepts and common challenges
  • The ability to write sophisticated program analysis plugins unassisted
  • An understanding of vulnerability primitives and methods of discovery

Required Materials

  • A virtual machine running Ubuntu 20.04 or a OS which can run Binary Ninja  (Supported Platforms)
  • Python 3.8+
  • Familiarity with basic vulnerability classes such as stack-based buffer overflows, type confusion, sign extension vulnerabilities, etc. 
  • Basic to intermediate Python experience highly recommended.
  • Temporary Personal Binary Ninja licenses will be provided but if you are purchasing one we recommend the Commercial license as it provides the headless API

Currently we anticipate a virtual event, in the unlikely even this changes the information below will be updated to reflect an event space.

Schedule

Each day will run from 9AM to 6PM on either Discord or Zoom. There are two lectures each day, each lecture will be applied to two main lab exercises, an easy and hard exercise, with homework that will be reviewed the following day. All times are in EST.

Day 1 

Lab: 9AM - 11AM

Time for 1:1 questions and introductions

Lecture: 11AM - 1PM

Topics: Using the UI, Reverse Engineering, Design Philosophy, Core Architecture (BN core arch/design)

Break: 1PM - 2PM

Lecture: 2PM - 4PM

Topics: Finish Core Architecture (BN core arch/design), BV plugin development, Architecture plugin

Lab: 4PM - 6PM

Time for 1:1 questions and assistance on labs and homework

Day 2 

Lab: 9AM - 11AM

Time for 1:1 questions and assistance on labs and homework

Lecture: 11AM - 1PM

Topics: Normalization, IL Survey, BNIL ILs

Break: 1PM - 2PM

Lecture: 2PM - 4PM

Topics: Undecidability, Program Correctness, Correctness with pointers, Formal Methods, Useful Binja Features, Jump Tables, SSA

Lab: 4PM - 6PM

Time for 1:1 questions and assistance on labs and homework

Day 3 

Lab: 9AM - 11AM

Time for 1:1 questions and assistance on labs and homework

Lecture: 11AM - 1PM

Topics: PHI nodes, Dominance Frontiers, and Data Sensitive Analysis Exercises

Break: 1PM - 2PM

Lecture: 2PM - 4PM

Topics: Type Analysis, Constraint Solving, and Records, Lattice Theory, Sign Analysis, and Abstract Interpretation

Lab: 4PM - 6PM

Time for 1:1 questions and assistance on labs and homework

Day 4 

Lab: 9AM - 11AM

Time for 1:1 questions and assistance on labs and homework

Lecture: 11AM - 1PM

Topics: Constant Propagation, Fixed-Point Algorithms, Abusing Optimizations, and Flow-Sensitive Type Analysis 

Break: 1PM - 2PM

Lecture: 2PM - 4PM

Topics: Pointer Analysis, Abstract Interpretation, Interprocedural Analysis, Batch processing with Binja

Lab: 4PM - 6PM

Time for 1:1 questions and assistance on labs and homework

Day 5 

Lab: 9AM - 11AM

Time for 1:1 questions and assistance on labs and homework

Lecture: 11AM - 1PM

Topics: Large Exercise, Pointers, VirtualBox

Break: 1PM - 2PM

Lecture: 2PM - 4PM

Topics: Final Topics, Class Chosen Topic, Completing Final Exercises

Lab: 4PM - 6PM

Time for 1:1 questions and assistance on labs and homework 

 

 

 

« Return to Events