Siber Siaga 2024

Technical Labs & Trainings

Register

Exploit Development 101 with Qiling Framework

Course Details

Training Level: Beginner; Intermediate

Price

Early Bird: RM5,000 (Use Code: SS2024TEB. Ends 31st May, 2359H)
Normal: RM6,300

Register

Course Abstract

Qiling Framework (https://qiling.io) is an open-source sandbox emulator framework developed by Malaysian. It comes  with a rich set of Python API to enable highly customizable analysis tools built on top. Using emulator technology inside, Qiling Framework can run the executable binary in a cross-platform-architecture way, so security researchers can analyze Windows PE files on Linux Arm64, IoT firmware based on Mips on MacOS, and so on.

This course is tailored for beginners who are eager to enhance their skill set on exploit development with the Qiling Framework. The training offers an in-depth overview of Qiling’s cutting-edge binary emulation features, along with a systematic guide to the process of emulation and bug analysis. Participants will be shown standard workflows that might be familiar from other tools, and how to harness the power of Qiling’s vast capabilities to execute these workflows more efficiently and swiftly.

In addition, the course will explore how to utilize Qiling Framework’s robust Python API, and how to use or extend its analysis outcomes to expedite your emulation process. The highlight of this course is to guide beginners how to start learning exploit development, where you’ll learn to emulate binary and re-discover one-day bugs, starting from fuzzing right up to making the exploit work.

Course Outline

  • Emulating multi-platforms and architectures
  • Handling multiple file formats
  • Sandbox code emulation in an isolated environment
  • Memory, register, OS level, and filesystem level API
  • Fine-grain instrumentation: instruction/basic-block/memory-access/exception/syscall/IO/etc
  • Virtual machine level API such as save and restore current execution state
  • Cross architecture and platform debugging capabilities
  • Dynamic hotpatch on-the-fly running code, including the loaded library
  • Basic exploit development

The final goal of this course is to enable students to be able to start writing their own exploits. This will enable students to learn exploit development in a more efficient and fun way. 

Why You Should Take This Course

  • Entry level security researchers wish to learn more about exploit development

Who should attend?

  • Any personnel likes to learn reverse engineering

Key Learning Objectives

  • How bugs is being discover
  • To develop your first exploit

Prerequisites

At least with basic knowledge of

  • Linux / Windows / MacOS Kernel
  • Hardware Hacking
  • Python

What to bring?

  • Laptop
  • Windows / MacOS / Linux
  • VMware / WSL2 / Terminal

Trainer Profile

Lau Kai Jern (xwings)

Founder of open source reverse engineering project, Qiling Framework (https://qiling.io). His research topic is mainly on developing cutting edge cross platform reverse engineering framework, embedded devices security, blockchain security, and various security topics. He presented his findings in different international security conferences like Blackhat, Defcon, HITB, Codegate, QCon, KCon, Brucon, H2HC, Nullcon, etc. He conducted hardware hacking courses in various conferences around the globe. He is also actively involved in Unicorn Engine (https://unicorn-enigne.org), Capstone Engine (https://capstone-engine.org), Keystone Engine (https://keystone-engine.org) and hackersbage.com

Scroll to top