Workshop

Binary Instrumentation with Frida

March 17th & 18th

2 days training by SensePost
This training will be given in ENGLISH

Normal price: CHF 2000.
Student price: CHF 1500.- (limited availability)

Workshop with certification (16 credit hours)

Great news! If you are part of this workshop you also have access to both days of conference.

Description

Elevate your understanding of what’s possible when using Frida to perform binary instrumentation.

Manipulating existing features, bypassing security controls and ading entirely new capabilities are all possible in targets where you don’t necessarily have the original source code available – a core principle of this training.

Key Points:

Putting it all together to add, modify or remove features.

This is an intermediate course for those that have dabbled in reverse engineering and binary instrumentation, but want to deepen their understanding of what is possible with Frida. While you don’t need to understand an entire CPU architecture’s instruction set to attend this course, some familiarity with assembly will help. For most targets in this course we will be working with pseudo-code at least.

By the end of the course, you will have a good grasp of how Frida works, the tools available to you and how you could use it on any supported target you may need to instrument.

Join us and hack hard!

About the trainer

SensePost, an elite ethical hacking team of Orange Cyberdefense have been training at BlackHat since 2002. We pride ourselves on ensuring our content, our training environment and trainers are all epic in every way possible. The trainers you will meet are working penetration testers, responsible for numerous tools, talks and 0day releases. This provides you with real experiences from the field along with actual practitioners who will be able to support you in a wide range of real-world security discussions. We have years of experience building environments and labs tailored for learning, after all education is at the core of SensePost and Orange Cyberdefense

Course outline

Making changes to software when you have source code is usually simple. Get a test environment up, make the change, compile and test. However, what happens when you don’t have access to source code, or building a target is not simple? How do you add features? How do you change logic?

In this highly practical training, you will learn how to manipulate binary software (i.e., software built using compiled languages), bending them to your will using Frida, at runtime. Imagine adding logging where none existed, bypassing security features or adding completely new capabilities, all without necessarily having access to the original application’s source code. Frida can serve as a powerful tool when performing dynamic reverse engineering and instrumentation of complex applications, and in this training you will learn to do just that. Attendees will walk away with practical experience in tackling instrumentation tasks aimed at beginner to intermediate skill levels.

While Frida is particularly popular in mobile ecosystems, this course will not target mobile operating systems and runtimes. Instead, we will focus on Frida more wholistically (learning in a Linux environment) where you’ll be able to apply what you’ve learnt in almost any Frida-compatible context.

60% practical and 40% theoretical
Fully hands-on where you instrument your targets
Delivered by active penetration testers
Complementary extended lab access

Key areas of focus:

Understanding your targets.
Instrumentation with Frida.
The Frida ecosystem.
Frida core API’s (Interceptor, Process, Module, etc.).
Writing instrumentation in JavaScript for C/Java targets

Course requirements

Workshop level

Intermediate

Who should attend

People whom have started reverse engineering closed-source software and want to change how they work – ideally elevating their understanding when it comes to binary instrumentation using Frida and it’s ecosystem.

Complete beginners may struggle to grasp some of the concepts, given some knowledge assumptions this course makes. Those are:

You have at least seen some assembly before (any CPU architecture), and know what a JMP and RET instruction is.
You have tried reverse engineering a binary written in C/C++ before and understand what pseudo-code represents.
You are okay with writing some JavaScript (at the very least, well enough to defend yourself J).
You are not afraid of a bash shell on Linux.
Knowledge of Frida itself is not essential, though it helps being familiar with it.

Key takeways

After the workshop, participants will:

Understand the Frida ecosystem, its tools, features and capabilities.
Understand how to enumerate and instrument targets without the availability of source code.
Proficiency in writing your own instrumentation for native (C/C++) and Java targets – from small prototypes to fully featured tools.
Understand anti-Frida implementations and ways around those.
Discover how Frida could aid in security research, debugging and general reverse engineering.

Course requirements

This is not a beginners course, and requires some familiarity (although not extensive) with reverse engineering native code (i.e., applications built in compiled languages such as C/C++). Knowing what a JMP and RET instruction is, what a symbol is, and an idea on what pseudo-code is as well as the ability to defend yourself with “good enough” JavaScript will all be boons for the practical elements of this training.

Hardware materials

To fully engage in our courses, students need a computer with a web browser they are comfortable using. All practical exercises are hosted in the cloud, and our class portal delivers course content. This minimal requirement ensures a seamless and effective learning experience.