Certified Binary Auditing Professional according to ISO/IEC 17024 now available!

An information technology audit, or information systems audit, is an examination of the controls within an Information technology (IT) infrastructure. An IT audit is the process of collecting and evaluating evidence of an organization’s information systems, practices, and operations. The evaluation of obtained evidence determines if the information systems are safeguarding assets, maintaining data integrity, and operating effectively and efficiently to achieve the organization’s goals or objectives.

The Certified Binary Auditing Professional according to ISO/IEC 17024 now available!

It is located at our certification server or directly here!

Debugger and Sandboxes in Windows

It is not always possible or desirable to set up a Virtual Machine for debugging an application. While useful, it can be boring to work within a VM, and on the other hand it can become an useless complexity.

However, you need administrator’s privilege to debug (seDebugPrivilege turned on). And this means your debuggee will run as administrator too. So? In Windows XP, a good solution is to perform a full sand-boxing of the Debuggee, but there are other solutions too.

One is to make the debuggee and the debugger run on different accounts. So, the debugger runs as administrator and the debuggee as a limited user.

A limited user cannot install drivers, alter executables, Windows stuff, and better- it stays away from our private document folder.

Yes, but how obtain this? A simple yet effective solution is to hook the function responsible for launching the debuggee, and force it to start under another account.

DVL 1.4 - first mirror up!

The first DVL mirror is up. Thanks to Tyler Reguly from ComputerDefense for his very quick support (again). Check the release notes at the DVL website.

BOOTCAMP: Reverse Code Engineering / Binary Analysis Advanced Bootcamp

March 27, 2008 9:00 amtoMarch 29, 2008 6:00 pm
May 22, 2008 9:00 amtoMay 24, 2008 6:00 pm
July 24, 2008 9:00 amtoJuly 26, 2008 6:00 pm
September 25, 2008 9:00 amtoSeptember 27, 2008 4:00 pm
November 27, 2008 9:00 amtoNovember 29, 2008 4:00 pm

Reverse-engineering is become more mainstream every day. It is no longer a secret coven aimed toward defeating copy-protections. It has been more accessible to everybody in the past recent years due to the development of more user-friendly tools and documentation. As a side-effect, virus and trojan makers have also improved their skill, making it more difficult to analyse their latest creation running rampant in the wild of the internet. Analysing malicious code is a way to protect yourself or your company with a more critical eye. Reverse-Engineering is slowly becoming a fundamentally required skill in the field of software developing. As projects get more complicated and often handled by many different persons, bug-tracking is getting tedious and can stall application development. Even incompatibility between different versions of a same operating systems could be investigated that way. Security professionals from around the world have a particular need to look under the hood at the internal workings of applications and operating systems. Staying ahead of the curve is a necessity in all domains of computer security. Looking at a software from the processor’s point-of-view with today’s most powerful tools is the best way to prevent future threats that could cripple a company or cause losses of revenues due to unadequate protection.

Reverse Engineering is a critical skill

This discipline allows to look at programs beyond the macroscopic level, from a backstage all-access point-of-view. Hackers increasingly used obfuscated or protected code that are not detected by antivirus (0-day threats). Vulnerabilities in binary programs can be readily identified using standard reverse-engineering methodology. Closed-source programs do not reveal their secrets easily without poking and proding. Efficient bug-tracking can save many man/hours when developing software. Compilers with IDE are often limited by their restricted debugging capabilities. With incompabilities from one version of a same OS to the other, using an assembly-level debugger is often the most effective solution. Reverse-engineering is also an intrinsic part of knowing how commercial copy protection softwares operate. Knowing yourself what makes a protection scheme better than another is a great advantage when comes the time to protectect your own applications. A protection scheme is only as strong as it’s weakest link. Reverse Engineering teaches you how to find it as simply and quickly as possible.

What you will learn

This bootcamp was designed for students who already have a basic understanding of x86 assembly and want to learn the art of reverse code engineering. IDA Pro and OllyDbg are the main programs that will be used along with several other public tools that will be distributed on-site and other plugins will be created by the student themselves as a learning objective. The PE file format protections and the forsensics approach to analysing a protected binary executable will be the main focuses of the course. Some advanced reverse-engineering techniques will also be taught such as:

In this 3 day hands-on course, you will gain the necessary binary analysis skills to discover the true nature of any Windows binary. You will learn how to recognize the high level language constructs (such as branching statements, looping functions and network socket code) critical to performing a thorough and professional reverse engineering analysis of a binary. After learning these important introductory skills, you will advance to the analysis of:

IITAC will train you on the standard reverse engineering program IDA Pro.

The content in detail

How You Benefit

The demand for reverse-engineers as highly increased during the recent past years, leading toward a more recognised profession. Security professionals, vulnerability researcher and byte code auditors are highly regarded in the world of IT, with an ever-growing need for more qualified and experienced experts. Getting a better-understanding of the inner workings of the Windows Operating System and application-level debugging is time-saving during software development. Knowing how to find more detailed information about bugs and solving them yourself, giving you the knowledge to draw more accurate conclusions based on reverse engineering rather than seeking the web for an hypothetical answer.
By getting training with real-world malware and the latest tools and techniques, you will stay a step ahead of the others when competing for the same position. Reverse-engineering will always an ace in your sleeve that will be used on a day-to-day basis quite rapidly.

How the Course is Run

This course is by no means a 3-day lecture. Instead, you will be engaged in a number of individual and group hands-on exercises to reinforce and solidify everything that is taught in the class. Some of the exercises are held in a competitive nature, followed by class discussion to pin point elegant approaches and solutions that various individuals or groups may have used. Despite the fact that the course is held in Italy, Germany or Canada, take home exercises will be available for the type-A personalities attending the course. The course can be available in alternate languages depending on the selected location.

What’s Included

Who Should Attend

If you are interested in the field of reverse engineering, want to learn how to dissect malware, search for security vulnerabilities, want to discuss cutting edge technologies, techniques and ideas then this class is for you.

Learning Environment

Against to direct class materials, slides and hands-on exercises, students will have many opportunities to engage in one-on-one questions with instructors. Students get trained the practical way with intensive supervision. As students bring their own laptop, work done during the bootcamp gets not lost. Furthermore, students will be divided into groups by experience to foster student-student knowledge transfer as well.

What to bring

Students must bring their own laptop running an installation of Microsoft® Windows® 2000, XP, Vista or 2003 either natively or within a virtual machine. Students should install and begin to familiarize themselves with DataRescue IDA Pro. A demo copy of IDA Pro is available from DataRescue. You need a full licensed copy of IDA Pro! Students should also have the Windows version of Python installed. VMWare Desktop with already configured Windows and Linux virtual machines. All other tools will be provided for the students in the class room. Prospective students should be comfortable operating Microsoft Windows and have a basic understanding of x86 assembly and reverse-engineering concepts.

Pricing

Bootcamp pricing is 1.499 Euro per Person. Minimum of 5 participiants, maximum of 12 participiants.

BOOTCAMP: Reverse Code Engineering / Binary Analysis Fundamentals Bootcamp

March 13, 2008 9:00 amtoMarch 15, 2008 6:00 pm
May 8, 2008 9:00 amtoMay 10, 2008 6:00 pm
July 10, 2008 9:00 amtoJuly 12, 2008 6:00 pm
September 11, 2008 9:00 amtoSeptember 13, 2008 6:00 pm
November 13, 2008 9:00 amtoNovember 15, 2008 6:00 pm

Reverse-engineering is become more mainstream every day. It is no longer a secret coven aimed toward defeating copy-protections. It has been more accessible to everybody in the past recent years due to the development of more user-friendly tools and documentation. As a side-effect, virus and trojan makers have also improved their skill, making it more difficult to analyse their latest creation running rampant in the wild of the internet. Analysing malicious code is a way to protect yourself or your company with a more critical eye. Reverse-Engineering is slowly becoming a fundamentally required skill in the field of software developing. As projects get more complicated and often handled by many different persons, bug-tracking is getting tedious and can stall application development. Even incompatibility between different versions of a same operating systems could be investigated that way. Security professionals from around the world have a particular need to look under the hood at the internal workings of applications and operating systems. Staying ahead of the curve is a necessity in all domains of computer security. Looking at a software from the processor’s point-of-view with today’s most powerful tools is the best way to prevent future threats that could cripple a company or cause losses of revenues due to unadequate protection.

Reverse Engineering is a critical skill

This discipline allows to look at programs beyond the macroscopic level, from a backstage all-access point-of-view. Hackers increasingly used obfuscated or protected code that are not detected by antivirus (0-day threats). Vulnerabilities in binary programs can be readily identified using standard reverse-engineering methodology. Closed-source programs do not reveal their secrets easily without poking and proding. Efficient bug-tracking can save many man/hours when developing software. Compilers with IDE are often limited by their restricted debugging capabilities. With incompabilities from one version of a same OS to the other, using an assembly-level debugger is often the most effective solution. Reverse-engineering is also an intrinsic part of knowing how commercial copy protection softwares operate. Knowing yourself what makes a protection scheme better than another is a great advantage when comes the time to protectect your own applications. A protection scheme is only as strong as it’s weakest link. Reverse Engineering teaches you how to find it as simply and quickly as possible.

What you will learn

This bootcamp was designed for students who already have a basic understanding of x86 assembly and want to learn the art of reverse code engineering. IDA Pro and OllyDbg are the main programs that will be used along with several other public tools that will be distributed on-site and other plugins will be created by the student themselves as a learning objective. The PE file format protections and the forsensics approach to analysing a protected binary executable will be the main focuses of the course. Some advanced reverse-engineering techniques will also be taught such as:

In this 3 day hands-on course, you will gain the necessary binary analysis skills to discover the true nature of any Windows binary. You will learn how to recognize the high level language constructs (such as branching statements, looping functions and network socket code) critical to performing a thorough and professional reverse engineering analysis of a binary. After learning these important introductory skills, you will advance to the analysis of:

IITAC will train you on the standard reverse engineering program IDA Pro.

The content in detail

How You Benefit

The demand for reverse-engineers as highly increased during the recent past years, leading toward a more recognised profession. Security professionals, vulnerability researcher and byte code auditors are highly regarded in the world of IT, with an ever-growing need for more qualified and experienced experts. Getting a better-understanding of the inner workings of the Windows Operating System and application-level debugging is time-saving during software development. Knowing how to find more detailed information about bugs and solving them yourself, giving you the knowledge to draw more accurate conclusions based on reverse engineering rather than seeking the web for an hypothetical answer.
By getting training with real-world malware and the latest tools and techniques, you will stay a step ahead of the others when competing for the same position. Reverse-engineering will always an ace in your sleeve that will be used on a day-to-day basis quite rapidly.

How the Course is Run

This course is by no means a 3-day lecture. Instead, you will be engaged in a number of individual and group hands-on exercises to reinforce and solidify everything that is taught in the class. Some of the exercises are held in a competitive nature, followed by class discussion to pin point elegant approaches and solutions that various individuals or groups may have used. Despite the fact that the course is held in Italy, Germany or Canada, take home exercises will be available for the type-A personalities attending the course. The course can be available in alternate languages depending on the selected location.

What’s Included

Who Should Attend

If you are interested in the field of reverse engineering, want to learn how to dissect malware, search for security vulnerabilities, want to discuss cutting edge technologies, techniques and ideas then this class is for you.

Learning Environment

Against to direct class materials, slides and hands-on exercises, students will have many opportunities to engage in one-on-one questions with instructors. Students get trained the practical way with intensive supervision. As students bring their own laptop, work done during the bootcamp gets not lost. Furthermore, students will be divided into groups by experience to foster student-student knowledge transfer as well.

What to bring

Students must bring their own laptop running an installation of Microsoft® Windows® 2000, XP, Vista or 2003 either natively or within a virtual machine. Students should install and begin to familiarize themselves with DataRescue IDA Pro. A demo copy of IDA Pro is available from DataRescue. You need a full licensed copy of IDA Pro! Students should also have the Windows version of Python installed. VMWare Desktop with already configured Windows and Linux virtual machines. All other tools will be provided for the students in the class room. Prospective students should be comfortable operating Microsoft Windows and have a basic understanding of x86 assembly and reverse-engineering concepts.

Pricing

Bootcamp pricing is 1.499 Euro per Person. Minimum of 5 participiants, maximum of 12 participiants.

Damn Vulnerable Linux Strychnine+605 1.4 final - Mirrors contacted!

The mirrors for Damn Vulnerable Linux Strychnine+605 1.4 final have been contacted. Over the weekend we might release the download links.

BOOTCAMP: Debugging with IDA Pro Bootcamp

March 13, 2008 9:00 amtoMarch 15, 2008 6:00 pm
May 8, 2008 9:00 amtoMay 10, 2008 6:00 pm
July 10, 2008 9:00 amtoJuly 12, 2008 6:00 pm
September 11, 2008 9:00 amtoSeptember 13, 2008 6:00 pm
November 13, 2008 9:00 amtoNovember 15, 2008 6:00 pm

Reverse-engineering is become more mainstream every day. It is no longer a secret coven aimed toward defeating copy-protections. It has been more accessible to everybody in the past recent years due to the development of more user-friendly tools and documentation. As a side-effect, virus and trojan makers have also improved their skill, making it more difficult to analyse their latest creation running rampant in the wild of the internet. Analysing malicious code is a way to protect yourself or your company with a more critical eye. Reverse-Engineering is slowly becoming a fundamentally required skill in the field of software developing. As projects get more complicated and often handled by many different persons, bug-tracking is getting tedious and can stall application development. Even incompatibility between different versions of a same operating systems could be investigated that way. Security professionals from around the world have a particular need to look under the hood at the internal workings of applications and operating systems. Staying ahead of the curve is a necessity in all domains of computer security. Looking at a software from the processor’s point-of-view with today’s most powerful tools is the best way to prevent future threats that could cripple a company or cause losses of revenues due to unadequate protection.

Reverse Engineering is a critical skill

923718___unique__.jpgThis discipline allows to look at programs beyond the macroscopic level, from a backstage all-access point-of-view. Hackers increasingly used obfuscated or protected code that are not detected by antivirus (0-day threats). Vulnerabilities in binary programs can be readily identified using standard reverse-engineering methodology. Closed-source programs do not reveal their secrets easily without poking and proding. Efficient bug-tracking can save many man/hours when developing software. Compilers with IDE are often limited by their restricted debugging capabilities. With incompabilities from one version of a same OS to the other, using an assembly-level debugger is often the most effective solution. Reverse-engineering is also an intrinsic part of knowing how commercial copy protection softwares operate. Knowing yourself what makes a protection scheme better than another is a great advantage when comes the time to protectect your own applications. A protection scheme is only as strong as it’s weakest link. Reverse Engineering teaches you how to find it as simply and quickly as possible.

What you will learn

This bootcamp was designed for students who already have a basic understanding of x86 assembly and reverse-engineering. IDA Pro is the main program that will be used along with several other public tools that will be distributed on-site and other plugins will be created by the student themselves as a learning objective. The PE file format protections and the forsensics approach to analysing a protected binary executable will be the main focuses of the course. Some advanced reverse-engineering techniques will also be taught such as:

In this 3 day hands-on course, you will gain the necessary binary analysis skills to discover the true nature of any Windows binary. You will learn how to recognize the high level language constructs (such as branching statements, looping functions and network socket code) critical to performing a thorough and professional reverse engineering analysis of a binary. After learning these important introductory skills, you will advance to the analysis of:

IITAC will train you on the standard reverse engineering program IDA Pro.

The content in detail

How You Benefit

The demand for reverse-engineers as highly increased during the recent past years, leading toward a more recognised profession. Security professionals, vulnerability researcher and byte code auditors are highly regarded in the world of IT, with an ever-growing need for more qualified and experienced experts. Getting a better-understanding of the inner workings of the Windows Operating System and application-level debugging is time-saving during software development. Knowing how to find more detailed information about bugs and solving them yourself, giving you the knowledge to draw more accurate conclusions based on reverse engineering rather than seeking the web for an hypothetical answer.
By getting training with real-world malware and the latest tools and techniques, you will stay a step ahead of the others when competing for the same position. Reverse-engineering will always an ace in your sleeve that will be used on a day-to-day basis quite rapidly.

How the Course is Run

This course is by no means a 3-day lecture. Instead, you will be engaged in a number of individual and group hands-on exercises to reinforce and solidify everything that is taught in the class. Some of the exercises are held in a competitive nature, followed by class discussion to pin point elegant approaches and solutions that various individuals or groups may have used. Despite the fact that the course is held in Italy, Germany or Canada, take home exercises will be available for the type-A personalities attending the course. The course can be available in alternate languages depending on the selected location.

What’s Included

Who Should Attend

If you are interested in the field of reverse engineering, want to learn how to dissect malware, search for security vulnerabilities, want to discuss cutting edge technologies, techniques and ideas then this class is for you.

Learning Environment

Against to direct class materials, slides and hands-on exercises, students will have many opportunities to engage in one-on-one questions with instructors. Students get trained the practical way with intensive supervision. As students bring their own laptop, work done during the bootcamp gets not lost. Furthermore, students will be divided into groups by experience to foster student-student knowledge transfer as well.

What to bring

Students must bring their own laptop running an installation of Microsoft® Windows® 2000, XP, Vista or 2003 either natively or within a virtual machine. Students should install and begin to familiarize themselves with DataRescue IDA Pro. A demo copy of IDA Pro is available from DataRescue. You need a full licensed copy of IDA Pro! Students should also have the Windows version of Python installed. VMWare Desktop with already configured Windows and Linux virtual machines. All other tools will be provided for the students in the class room. Prospective students should be comfortable operating Microsoft Windows and have a basic understanding of x86 assembly and reverse-engineering concepts.

Pricing

Bootcamp pricing is 1.499 Euro per Person. Minimum of 5 participiants, maximum of 12 participiants.

BOOTCAMP: Debugging with IDA Pro Bootcamp

March 20, 2008 9:00 amtoMarch 22, 2008 6:00 pm
May 15, 2008 9:00 amtoMay 17, 2008 6:00 pm
July 17, 2008 9:00 amtoJuly 19, 2008 6:00 pm
September 18, 2008 9:00 amtoSeptember 20, 2008 6:00 pm
November 20, 2008 9:00 amtoNovember 22, 2008 6:00 pm

Reverse-engineering is become more mainstream every day. It is no longer a secret coven aimed toward defeating copy-protections. It has been more accessible to everybody in the past recent years due to the development of more user-friendly tools and documentation. As a side-effect, virus and trojan makers have also improved their skill, making it more difficult to analyse their latest creation running rampant in the wild of the internet. Analysing malicious code is a way to protect yourself or your company with a more critical eye. Reverse-Engineering is slowly becoming a fundamentally required skill in the field of software developing. As projects get more complicated and often handled by many different persons, bug-tracking is getting tedious and can stall application development. Even incompatibility between different versions of a same operating systems could be investigated that way. Security professionals from around the world have a particular need to look under the hood at the internal workings of applications and operating systems. Staying ahead of the curve is a necessity in all domains of computer security. Looking at a software from the processor’s point-of-view with today’s most powerful tools is the best way to prevent future threats that could cripple a company or cause losses of revenues due to unadequate protection.

Reverse Engineering is a critical skill

923718___unique__.jpgThis discipline allows to look at programs beyond the macroscopic level, from a backstage all-access point-of-view. Hackers increasingly used obfuscated or protected code that are not detected by antivirus (0-day threats). Vulnerabilities in binary programs can be readily identified using standard reverse-engineering methodology. Closed-source programs do not reveal their secrets easily without poking and proding. Efficient bug-tracking can save many man/hours when developing software. Compilers with IDE are often limited by their restricted debugging capabilities. With incompabilities from one version of a same OS to the other, using an assembly-level debugger is often the most effective solution. Reverse-engineering is also an intrinsic part of knowing how commercial copy protection softwares operate. Knowing yourself what makes a protection scheme better than another is a great advantage when comes the time to protectect your own applications. A protection scheme is only as strong as it’s weakest link. Reverse Engineering teaches you how to find it as simply and quickly as possible.

What you will learn

This bootcamp was designed for students who already have a basic understanding of x86 assembly and reverse-engineering. IDA Pro is the main program that will be used along with several other public tools that will be distributed on-site and other plugins will be created by the student themselves as a learning objective. The PE file format protections and the forsensics approach to analysing a protected binary executable will be the main focuses of the course. Some advanced reverse-engineering techniques will also be taught such as:

In this 3 day hands-on course, you will gain the necessary binary analysis skills to discover the true nature of any Windows binary. You will learn how to recognize the high level language constructs (such as branching statements, looping functions and network socket code) critical to performing a thorough and professional reverse engineering analysis of a binary. After learning these important introductory skills, you will advance to the analysis of:

IITAC will train you on the standard reverse engineering program IDA Pro.

The content in detail

How You Benefit

The demand for reverse-engineers as highly increased during the recent past years, leading toward a more recognised profession. Security professionals, vulnerability researcher and byte code auditors are highly regarded in the world of IT, with an ever-growing need for more qualified and experienced experts. Getting a better-understanding of the inner workings of the Windows Operating System and application-level debugging is time-saving during software development. Knowing how to find more detailed information about bugs and solving them yourself, giving you the knowledge to draw more accurate conclusions based on reverse engineering rather than seeking the web for an hypothetical answer.
By getting training with real-world malware and the latest tools and techniques, you will stay a step ahead of the others when competing for the same position. Reverse-engineering will always an ace in your sleeve that will be used on a day-to-day basis quite rapidly.

How the Course is Run

This course is by no means a 3-day lecture. Instead, you will be engaged in a number of individual and group hands-on exercises to reinforce and solidify everything that is taught in the class. Some of the exercises are held in a competitive nature, followed by class discussion to pin point elegant approaches and solutions that various individuals or groups may have used. Despite the fact that the course is held in Italy, Germany or Canada, take home exercises will be available for the type-A personalities attending the course. The course can be available in alternate languages depending on the selected location.

What’s Included

Who Should Attend

If you are interested in the field of reverse engineering, want to learn how to dissect malware, search for security vulnerabilities, want to discuss cutting edge technologies, techniques and ideas then this class is for you.

Learning Environment

Against to direct class materials, slides and hands-on exercises, students will have many opportunities to engage in one-on-one questions with instructors. Students get trained the practical way with intensive supervision. As students bring their own laptop, work done during the bootcamp gets not lost. Furthermore, students will be divided into groups by experience to foster student-student knowledge transfer as well.

What to bring

Students must bring their own laptop running an installation of Microsoft® Windows® 2000, XP, Vista or 2003 either natively or within a virtual machine. Students should install and begin to familiarize themselves with DataRescue IDA Pro. A demo copy of IDA Pro is available from DataRescue. You need a full licensed copy of IDA Pro! Students should also have the Windows version of Python installed. VMWare Desktop with already configured Windows and Linux virtual machines. All other tools will be provided for the students in the class room. Prospective students should be comfortable operating Microsoft Windows and have a basic understanding of x86 assembly and reverse-engineering concepts.

Pricing

Bootcamp pricing is 1.499 Euro per Person. Minimum of 5 participiants, maximum of 12 participiants.

Certified IDA Pro Professional (CIDAP) according to ISO/IEC 17024

During the next few weeks (2 or 3) we go for the Certified IDA Pro Professional (CIDAP). Again, as certification according to ISO 17024, we provide a high quality certification for the Binary Auditor and Reverse Code Engineering professional - proven by a certification committee. The certification is a practical certification including exercises and assessments in a sequence.

For those who are in need to get prepared for the CIDAP, IITAC offer an IDA Pro bootcamp every 2 months. More information can be found this weekend at the IITAC bootcamp calendar. The bootcamp is no prerequisite for the certification trail.

More information soon as a blog entry…