06-28, 15:30–17:30 (US/Eastern), Soprano B
Are you a seasoned reverse engineer, but you tremble when a Rust binary lands on your desk? When you encounter a Rust binary, do you just run strings
on it and hope for the best?
We will take a single problem - string recovery from a Rust binary - and uses it as an approachable starting point for exploring reversing Rust binaries. We will cover:
What are the practical steps we need to take to recover strings? How are strings represented in memory, passed between functions, and manipulated throughout the program?
Once we recover the strings, what do the strings mean? What can the strings we recover tell us about the compiler, language runtime, standard library, and third-party libraries in the binary?
This workshop is intended for reverse engineers and malware analysts who are familiar with reversing C or C++ binaries, but who are unfamiliar with the Rust programming language.
For pre-workshop setup instructions, including a prebuilt VM, prebuilt binaries, and sample code, see https://github.com/cxiao/rust-reversing-workshop-recon-2024
Cindy Xiao is a security researcher who works primarily on malware reverse engineering, in support of cyber threat intelligence reporting. Cindy enjoys learning from other security practitioners (both offensive and defensive), developing tools to help with analysis, and mentoring others.