Symbolic Execution with angr on Real-World Targets

August 2023

This class can also be joined REMOTELY. Click below for details.
## Abstract This is an 80% hands-on course with many demos, examples, exercises, and solutions. Exercises will be mostly x64 and ARM binaries for Linux, but we will also apply it to other architectures, such as MIPS and PowerPC. Although the theory behind symbolic execution is fascinating, we will only minimally cover it and will instead focus on the practical applications of angr. Students are provided a preconfigured VM with all necessary tools and exercises. The instructor’s computer screen and voice will also be recorded during each day and provided for reference. Students can then review the recordings during the course and retain them for use afterwards.
Automated Binary Analysis with Angr - Sample Lesson ## Key Learning Objectives * Students will have the ability to perform symbolic and concolic execution with angr * Students have the ability to use manual and automated techniques with angr * Students will know how to leverage angr's strengths and complement its weaknesses ## Detailed Syllabus #### Background * Symbolic execution / Concolic execution * Bit vectors * SMT/SAT solving * Abstract syntax tree (AST) and DPLL algorithm * Path explosion problem #### Angr Usage and API * API: loader, symbolic execution, solver engine * Emulator: stepping, running, hooking * Symbion and concolic execution: using debugger state with emulator * Diassembly, decompilation, control-flow graphs * Backward slicing * VEX IR, PyVex, and libVEX * Components: Capstone, Unicorn, claripy, Z3, valgrind * Extending angr functionality #### Plug-ins, Tools, and Workflow Integration * Natural workflow of angr with IDA, Ghidra, qemu, pwntools and gdb * Pypcode: library allowing symbolic execution of Ghidra’s p-code * Plug-ins: Angry Ghidra, IDAngr, Jupyter’s Angry kernel * angr's GUI: angr-management * Other plugins #### Applications * Malware deobfuscation * identifying vulnerabilities and creating proof-of-concepts for vulnerabilities * Crafting exploits * General RE ## Who Should Attend This training is for people who are in the weeds, assessing binaries for vulnerabilities, crafting exploits, and reverse engineering malware. ## Knowledge Prerequisites This is an intermediate class. Students are expected to have experience with RE, VR, Linux, C, Python, and x86-64 assembly. Students are not expected to have any experience with symbolic execution, SMT, or angr. ## Hardware Requirements Students are expected to have their own computers which can run an x86-64 virtual machine. * 50 GB of free hard disk space * 4GB of RAM * 4 Processor cores ## Software Requirements * VMware -or- * Virtualbox
Jeremy Blackthorne

Jeremy Blackthorne

Register Now

Jeremy Blackthorne [@0xJeremy](https://twitter.com/0xJeremy) is a co-founder and instructor at the Boston Cybernetics Institute (BCI). Before BCI, he was a researcher in the Cyber System Assessments group at MIT Lincoln Laboratory. He was the co-creator and instructor for the Rensselaer Polytechnic Institute courses: Modern Binary Exploitation and Malware Analysis. Jeremy has published research at various academic and industry conferences. He served in the U.S. Marine Corps with three tours in Iraq and is an alumnus of RPISEC.