English (US) 
Archived Blog
The past 3 days have been very busy for me and 2 other trainers. Rolf Rolles gave a course on the static aspects of reverse engineering while Gerardo 'Gera' Richarte presented binary vulnerabilities and exploit writing. I gave a course on advanced reverse engineering techniques -- mostly on how one can unpack custom executable protections -- and malware analysis. We covered polymorphic viruses, driver “backdooring” malwares, and virtualization as a way to obfuscate code.
RECON just started, and there have already been some great presentations such as Pierre Marc Bureaus from ESET, who presented storm worm reverse engineering. Bruce Dang from Microsoft presented methods for analyzing malicious office documents. Ilfak Guilfanov, the author of IDA pro, presented plug-ins creation for IDA Pro.
Thomas Garnier from Skyrecon presented Windows privilege escalation through LPC and ALPC interfaces. As I am writing this blog, Nicolas Pouvesle from Tenable Network is presenting Netware kernel stack overflow exploitation.
There are a lot of presentations still to come, and you can see the conference program here.
Sebastien Doucet is doing IITAC workshops on IDA Pro during lunch every day. He will be presenting unpacking x64 executables and a new tool for rebuilding imports on Sunday.
RECON is the conference to attend if you are into code reverse engineering, whether for malware analysis, executable protection, vulnerability research, or advances in reverse engineering and tools. (I’m looking forward to seeing a Linux debugger presented tomorrow, as well as other tools.) As an example, the OpenRCE Web site was announced during RECON years ago. There are so many great people to meet.
Heading to the next presentation now. More later!
Security Researcher: Nicolas Brulez
