2024-09-20, 17:00–19:00 (Europe/Belgrade), Pupin
This workshop focuses on how to build a debugger from scratch. It will look at various types of debuggers used for malware analysis followed by an in-depth walkthrough of building a Windows debugger from scratch using Python in JupyterLab.
The target operating system is Windows and the debugger will be written in Python in JupyterLab. The aim is a minimally viable debugger which includes the ability to start a new process, attach to a process, handle debug events, observe CPU register state, set breakpoints: software; hardware; & memory, taking process snapshots, and read & write process memory. This is an advanced class from a Python programming perspective as well as from a Windows internals perspective. Students should already be familiar with the Windows API, debugging in general, and Python. However, conferencegoers of any skill level are more than welcome to watch and observe the workshop as bystanders.
Everything needed for this workshop is provided in self-contained cloud lab environments generated separately for each student. The only requirements are that the student's workstation have a working wireless NIC that can connect to the workshop wifi network and a fully updated Chrome browser. This workshop is independent of the other malware analysis topics. Any of the topics can be learned without needing to attend any of the other topical workshops.
Robert Simmons is Principal Malware Researcher at ReversingLabs. With an expertise in building automated malware analysis systems based on open source tools, he has been tracking malware and phishing attacks and picking them apart for years. Robert has spoken on malware analysis at many of the top security conferences including DEFCON, HOPE, botconf, and DerbyCon among others.
Robert, also known as Utkonos, has a background in biology, linguistics, and Russian area studies. He has lived extensively in Russia and Ukraine.