![](https://ccweb.imgix.net/https%3A%2F%2Fwww.classcentral.com%2Fimages%2Ficon-black-friday.png?auto=format&ixlib=php-4.1.0&s=fe56b83c82babb2f8fce47a2aed2f85d)
Overview
![](https://ccweb.imgix.net/https%3A%2F%2Fwww.classcentral.com%2Fimages%2Ficon-black-friday.png?auto=format&ixlib=php-4.1.0&s=fe56b83c82babb2f8fce47a2aed2f85d)
This course teaches techniques to break the transparency feature of popular dynamic binary instrumentation (DBI) tools like DynamoRIO and PIN. Students will learn how to detect and differentiate behaviors when running on native hosts, with DBI, and on virtual machines using specially crafted X86 instruction sequences. The course covers position independent NOP sequences to evade detections and explores different types of X86 decoders. The intended audience for this course includes cybersecurity professionals, malware analysts, and individuals interested in program analysis and manipulation.
Syllabus
Introduction
About Colin Lee
Binary Instrumentation
Observing Program Behavior
Code Cache
Dynamic Binary Instrumentation
Popular Tools
Transparency
Fuzzing
Run twice
Simple implementation artifacts
Checking the parent process
More clues
Another artifact
Summary
Quick Example
Fancy Examples
Simple Example
New Example
Initial Idea
What can we do
Developer feedback
Robin assays
Panning
Is it possible
The problem
Questions
Conclusion
Taught by
Black Hat