ABSTRACT
This intensive 16-hour training equips you with essential skills in Rust reverse engineering. Focusing on practical techniques, you’ll learn to analyze Rust binaries, understand the language’s compilation and runtime intricacies, utilize tools and plugins, and tackle advanced challenges such as obfuscation and malware analysis.
INTENDED AUDIENCE
Malware analysts, reverse engineers, security researchers, vulnerability researchers, software developers
KEY LEARNING OBJECTIVES
- Understand Rust Fundamentals
- Comprehend Rust Compilation and Runtime
- Analyze Rust Structures and Control Flow
- Utilize Tools for Rust Reverse Engineering
- Apply Advanced Reverse Engineering Techniques
- Reverse Engineer Malware Techniques in Rust
COURSE DETAILS
Module 1: Introduction to Rust and Reverse Engineering
This module introduces the Rust programming language, highlighting its history, philosophy, and key features like safety, concurrency, and performance. You’ll explore why attackers are increasingly using Rust for malware development, understanding the advantages it offers to malicious actors. The module also covers the fundamentals of reverse engineering. Finally, you’ll discover your reverse engineering environment, getting familiar with reversing tools such as Ghidra, GDB, LLDB, Radare2, and others.
Module 2: Rust Compilation and Runtime
In this module, you’ll delve into Rust’s compilation process, learning how source code is transformed into machine code using LLVM and MIR. You’ll examine the Rust runtime on both Linux and Windows platforms, understanding the runtime components and cross-platform considerations. The module also covers Rust’s calling conventions, memory allocation, and management strategies. Lastly, you’ll learn about symbol mangling and demangling techniques to interpret Rust’s naming conventions in compiled binaries.
Module 3: Analyzing Rust Structures and Control Flow
This module focuses on dissecting Rust’s data structures and control flow in compiled binaries. You’ll study common data structures like Option and Result enums, custom structures, and collections such as slices. Additionally, you’ll explore control flow constructs including functions, methods, loops, conditionals, and match statements. Through practical exercises, you’ll learn to identify these elements in compiled code and reverse engineer a Rust program using these concepts.
Module 4: Tools and Techniques for Rust Reverse Engineering
Here, you’ll gain hands-on experience with essential tools for reversing Rust binaries. The module covers setting up Ghidra for Rust analysis and navigating through Rust binaries effectively. You’ll learn to configure GDB with GEF and use LLDB with GEF features for debugging Rust applications. Furthermore, you’ll explore Radare2 and other helpful tools for analyzing Rust binaries. Practical exercises will reinforce your learning by debugging applications and analyzing binaries using these tools.
Module 5: Advanced Reverse Engineering and Obfuscation Techniques
In this module, you’ll delve into advanced strategies for reverse engineering Rust applications. You’ll tackle the challenges posed by stripped binaries and learn techniques for recovering symbols and meaningful information. The concept of function inlining is explored, along with using the Crab Hacker tool to identify and analyze inlined functions. The module also covers common obfuscation methods such as string obfuscation, control flow graph flattening, and anti-debugging mechanisms. Through practical exercises, you’ll apply de-obfuscation techniques and learn how to bypass anti-debugging measures in Rust binaries.
Module 6: Advanced Malware Reverse Engineering Techniques in Rust
This module focuses on common malware techniques and their implementation in Rust. You’ll explore how malware authors use process hollowing and PEB walking to manipulate processes and gather information. The module covers API hooking and DLL injection methods, showing how these techniques are employed in Rust applications to alter program behavior. You’ll examine loader injection tactics and understand how packers are used to obfuscate malicious code in Rust binaries. Additionally, you’ll analyze how Rust malware establishes network connections using TCP communication for command-and-control purposes. Practical exercises will reinforce your understanding by analyzing Rust malware samples utilizing these techniques.
Module 7: Rust Malware Analysis
This module focuses on analyzing malware written in Rust. You’ll get an overview of Rust-based malware, including case studies like Luca Stealer. Through practical labs, you’ll analyze a Rust malware sample, learning how to extract indicators of compromise (IOCs). The module also teaches you how to craft YARA rules specifically for Rust binaries. You’ll apply this knowledge by writing YARA rules to detect Rust malware in practical exercises.
Module 8: Capstone Project and Conclusion
In the final module, you’ll apply all the techniques and knowledge acquired throughout the course to reverse engineer complex Rust applications in a comprehensive capstone project. With guided support, you’ll reinforce your skills and demonstrate your proficiency. The module concludes with a review of critical concepts and methodologies, an open Q&A session, and provides resources for further learning to continue your reverse engineering journey.
Knowledge Prerequisites
- Basic knowledge of Rust programming.
- Familiarity with reverse engineering concepts and assembly language.
- Familiarity with scripting (Python, Bash) and Linux.
- SKILL LEVEL: BEGINNER / INTERMEDIATE
Hardware Requirements
- A working laptop capable of running virtual machines
- 8GB RAM required, at a minimum
- 40 GB free Hard disk space
- Administrator / root access MANDATORY
Software Requirements
- VirtualBox installed with guest addition
- IDA Pro and/or Binary Ninja would be helpful but not required
YOUR INSTRUCTORS: Patrick Ventuzelo and Tanguy Duhamel
Patrick Ventuzelo is a senior security researcher, CEO & founder of Fuzzinglabs. After working for the French Ministry of Defense, he specialized in fuzzing, vulnerability research, and reverse engineering. Over the years, Patrick has created multiple fuzzers, found hundreds of bugs, and published various blog posts/videos/tools on topics like Rust, Go, Blockchain, WebAssembly, and Browser security. Patrick is a regular speaker and trainer at various security conferences around the globe, including BlackHat USA, OffensiveCon, REcon, Ringzer0, PoC, ToorCon, hack.lu, NorthSec, SSTIC, and others.
Tanguy Duhamel is the Lead Developer on FuzzingLabs' distributed fuzzing platform, collaborating with Patrick Ventuzelo on code auditing, fuzzer development, and security research. His research focuses on advancing distributed fuzzing techniques to improve software security, with a strong foundation in Rust for building high-performance tools.
Ringzer0