This course is tailored for engineers, researchers, and cybersecurity analysts who are eager to enhance their skill set with the Qiling Framework. The training offers an in-depth overview of Qiling’s cutting-edge binary emulation features, along with a systematic guide to the process of emulation and security analysis. Participants will be shown standard workflows that might be familiar from other tools, and how to harness the power of Qiling’s vast capabilities to execute these workflows more efficiently and swiftly.
In addition, the course will explore how to utilize Qiling Framework’s robust Python API, and how to use or extend its analysis outcomes to expedite your emulation process. The highlight of this course is an extensive section on IoT devices, where you’ll learn to emulate these devices and re-discover one-day bugs, starting from fuzzing an IoT device right up to hitting the bug.
Topics Covered:
- Emulating multi-platforms and architectures
- Handling multiple file formats
- Sandbox code emulation in an isolated environment
- Detailed memory, register, OS level, and filesystem level API
- Fine-grain instrumentation: instruction/basic-block/memory-access/exception/syscall/IO/etc
- Virtual machine level API such as save and restore current execution state
- Cross architecture and platform debugging capabilities
- Dynamic hotpatch on-the-fly running code, including the loaded library
- Tools building using Qiling Framework
The final goal of this course is to enable students to be able to build their own research / reverse engineer tool on top of Qiling Framework. This will enable students to learn reverse engineering in a more efficient and fun way.We also understand that not all students have the same background. Therefore, this course integrates several jumping-off points, allowing us to delve deeper into the specific topics that you wish to learn. This 1 day workshop is suitable for both beginners and intermediate-level learners, promising to strengthen your understanding and use of the Qiling Framework.