SecTor Episode MMXXI: Return of The Hack Lab

I am happy to announce that the arrangements for the Tripwire team to return to Tripwire VERT Hack Lab in MTCC!

We will introduce some new hardware devices as well as a new virtualized hacking target. This new virtual target, an ASUS DSL modem with recent firmware, can be compromised by applying the tools and methods we learned in the classroom and in Hack Lab from day one.

If you have previously attended the Hack Lab or attended one of my IoT classes, I strongly recommend that you visit the booth again this year to complete this last exercise. We will also take a closer look at hacking / hardware modification and software-defined radio attacks. Whether you have visited us before or not, please stop by and say hello Tyler,, Andrew, and I next month.

Remember that Hack Lab is strictly BYOL – Bring your own laptop.

A beginner’s guide to turning with Ghidra

Registration is also open for A beginner’s guide to turning with Ghidra which will take place practically due to the fact that I do not want to miss Halloween in Atlanta with my children. In this training, students will learn how to use Guide by solving a series of additional challenges. As a final challenge, students will analyze a sample of IoT malware (Peace) and learn how to statically identify and decrypt the CnC configuration from the sample.

Students attending this class must have at least a basic understanding of programming and computer architecture, but do not need previous experience of looking back.

The concepts and processes covered in the class include:

  • A guide to user interface conventions
  • Import programs
  • Decompile functions
  • Annotating code with variable names and comments
  • Defining data structures (automatic and manual)
  • Listing program strings
  • Navigate program links
  • Patching instructions (and exporting a program)
  • Load PDB characters for Windows components
  • The program is different
  • Automate Ghidra with Python REPL
  • Writing Ghidra scripts (Java and Python)

Students will learn how to make sense of disassembled or decompiled code and then apply this information to achieve a goal.

On the first day, I will review some basic concepts about computer architecture and reversing before going through the main features of Ghidra. Throughout the day, students will perform laboratory exercises to experiment with these functions. This will give students the perfect opportunity to ask questions and clarify any confusion.

By the second day, an appropriate foundation has been built to take a closer look at the tricks that developers can use to thwart software reversal efforts. Practical exercises on this day include exploring techniques by which developers can hide data in code, code in data, or various combinations thereof.

In the last challenge, students will be given a (harmless) Mirai sample and will have the task of recovering encrypted configuration values ​​using Ghidra.

The lesson will be conducted online as part of SecTor Cybersecurity Conference.

Hack Lab will be held on November 1-2, 2021 at the Metro Toronto Convention Center in Toronto. Learn more here:

A Beginner's Guide to Looking Back.  Hacking laboratory

Read more about Ghidra

Ghidra 101: Highlight cursor text

Ghidra 101: Highlighting slices

Ghidra 101: Decoding stack strings

Ghidra 101: Loading Windows characters (PDB files)

Ghidra 101: Creating structures in Ghidra

Ghidra 101: Load Windows characters (PDB files) in Ghidra 10.x