SINCON 2020 Conference Workshop Track
Day 1 (2 Jan 2021)
@ Workshop Room
Qiling Framework (https://qiling.io) is a sandbox emulator framework with a rich set of Python API to enable highly customizable analysis tools built on top. Using emulator technology inside, our engine can run the executable binary in a cross-platform-architecture way, so we can analyze Windows PE files on Linux Arm64, IoT firmware based on Mips on MacOS, and so on.
In the previous lab, we discussed how to build fuzzers based on 1-day bugs. In this training, we will discuss how we can use Qiling to work with IDA Pro, to combine the greatest static analysis tools with an emulation engine to archive cross-platform and multi-arch analysis. In this lab, we also cover how we can dynamically analyze MBR binary (e.g. Petya) with Qiling Framework.
About the Instructors
KAIJERN (XWINGS) LAU is Lab Director of The ShepherdLab, of JD Security. His research topic mainly on embedded devices, hardware security, blockchain security, reverse engineering and various security topics. He presented his findings in different international security conferences like Black Hat, DEFCON, HITB, Codegate, QCon, KCon, BruCON, H2HC, etc. He conducted hardware Hacking courses in various places around the globe. He is also the owner of hackersbadge.com, actively involved in Unicorn (https://unicorn-engine.org) development and founder of Qiling Framework (https://qiling.io).
KONG ZIQIAO is a security researcher at the Shepherd Lab of JD Security and a core member of Qiling Framework. He has broad research interests in binary analysis, reverse engineering and code audit. He was awarded the Hall of Fame in GeekPwn 2019 and gave talks at Black Hat, SDC 2020 and HITB. He also has papers published in top security conferences.
WU CHENXU is a security researcher at the Shepherd Lab of JD Security. His research focuses on automated binary analysis. He was a speaker of Black Hat Asia 2020, Black Hat Europe 2020, China kanxue SDC 2020, HITB Labs 2020. He is also a core developer for Qiling Framework (https://qiling.io).