BruCON 0x0E has ended
Back To Schedule
Friday, September 30 • 14:00 - 18:00
Automated Debugging Under The Hood - Building A Programmable Windows Debugger From Scratch (In Python) FULL

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Limited Capacity filling up

How do anti-debug tricks actually work? Is there a way to automate tedious debugging tasks like unpacking malware? Have you ever wondered what is happening under the hood of a debugger?

In this workshop you will build your own programmable Windows debugger from scratch (using Python). Each component in the debugger will be built as a separate module with an accompanying lab used to explain the concepts and Windows internals that support the component. In the final lab you will have the chance to test your new debugger against various malware samples and attempt to automatically unpack them, and extract IOCs.

This workshop is aimed at malware analysts and reverse engineers who are interested in learning more about debuggers and how programmable debuggers can be used to automate some reverse engineering workflows. Students must be able to write basic Python scripts, and have a working knowledge of the Windows OS.

You will be provided with a VirtualMachine to use during the workshop. Please make sure to bring a laptop that meets the following requirements.
- Your laptop must have VirtualBox or VMWare installed and working prior to the start of the course.
- Your laptop must have at least 60GB of disk space free.
- Your laptop must also be able to mount USB storage devices. (Make sure you have the appropriate dongle if you need one.)

avatar for Sergei Frankoff

Sergei Frankoff

Sergei is a co-founder of Open Analysis. When he is not reverse engineering malware Sergei is focused on building automation tools for malware analysis. Sergei is a strong believer in taking an open, community approach to combating cyber crime and is an active contributor to multiple... Read More →
avatar for Sean Wilson

Sean Wilson

Sean is a co-founder of Open Analysis. He splits his time between reverse engineering malware and building automation tools for incident response. He is an active contributor to open source security tools focused on incident response and analysis. Sean brings over a decade of experience... Read More →

Friday September 30, 2022 14:00 - 18:00 CEST
05. Boscoli