I attended one of the Black Hat training sessions titled “Advanced C++ Source Code Analysis.” It was quite fascinating! Looking through source code for bugs seems to be a different mindset from writing software.
Black Hat – Las Vegas 2011: Report #4 – DARPA’s “Cyber Fast Track” Program Excites the Private Security Sector
Day one at Black Hat was a hit; so naturally, I looked forward to day two. I sat through a keynote given by Peiter Zatko, better known as “Mudge,” who is a Program Manager at DARPA. Mudge announced a new DARPA initiative called “Cyber Fast Track.”
After Cofer’s talk, I settled into the “Next-Gen Web” track, which was smaller than the “threat intel” and “bit flow” tracks that drew big crowds. The first topic was on a new web protocol being developed by Google called SPDY (pronounced “speedy”). While interesting, the talk had little to do with security. The speaker was a young German who is heavily involved in the security sector, but his talk simply explained the protocol. I honestly could have gathered most of what he spoke about by reading the documentation and playing with some examples. I was not terribly impressed.
Tuesday was another full day of malware analysis. The coursework, hosted by Mandiant, consisted of an introduction to OllyDbg, an in-depth look at the Windows loader and the Windows API, specifically covering registry functions, process/threading functions, and sockets.
On Monday, I took a killer crash course from Mandiant on malware analysis. Mandiant was not shy and dove right into the course curriculum. They even setup a great VM for us to practice on, complete with real world samples of malware.