2013 Day1P18 Life of Binaries BinHunt Round 5

>> DOWNLOAD LINK 🎞️ #1 <<

>> DOWNLOAD LINK 🎞️ #2 <<

>> COPY / PASTE LINK PLEASE 🎵 MP3 <<

>> YOUR LINK HERE: ___ http://youtube.com/watch?v=1491pJlOnB8

The class materials are available at http://www.OpenSecurityTraining.info/... • Follow us on Twitter for class news @OpenSecTraining. • The playlist for this class is here: http://bit.ly/1cdrfel • The full quality video can be downloaded at http://archive.org/details/opensecuri... • Have you ever wondered what happens when a C program is compiled and executed on a system? This three-day class by Xeno Kovah will investigate the life of a binary from birth as C source code to death as a process running in memory being terminated. • Topics will include but are not limited to: • *Scanning and tokenizing source code. • *Parsing a grammar and outputting assembly code. • *Different targets for x86 assembly object files generation. (E.g. relocatable vs. position independent code). • *Linking object files together to create a well-formed binary. • *Detailed description of the Windows PE binary format. • *How Windows loads a binary into memory and links it on the fly before executing it. • *Detailed description of the Unix/Linux/BSD ELF binary format. • Along the way we will discuss the relevance of security at different stages of a binary's life, from how viruses really work, to the way which malware packers duplicate OS process execution functionality, to the benefit of a security-enhanced OS loader which implements address space layout randomization (ASLR). • Lab work will include: • *Using the new Binary Scavenger Hunt tool which creates randomized PE binaries and asks randomized questions about the material you just learned! • *Manipulating compiler options to change the type of assembly which is output • *Manipulating linker options to change the structure of binary formats • *Reading and understanding PE files with PEView • *Using WinDbg to watch the loader resolve imports in an executable • *Using Thread Local Storage (TLS) to obfuscate control flow and serve as a basic anti-debug mechanism • *Creating a simple example virus for PE • *Analyze the changes made to the binary format when a file is packed with UPX • *Using the rootkit technique of Import Address Table (IAT) hooking to subvert the integrity of a program's calls to external libraries, allowing processes to be hidden. • • The prerequisites for this class are a basic understanding of C programming and compilation. This class is recommended for a later class on Rootkits (playlist: http://bit.ly/HLkPVG) as we talk about IAT Hooking, and required for a later class on malware analysis.

#############################