Are you a seasoned reverse engineer, but you tremble when a Rust binary lands on your desk? When you encounter a Rust binary, do you just run strings on it and hope for the best?
We will take a single problem - string recovery from a Rust binary - and uses it as an approachable starting point for exploring reversing Rust binaries. We will cover:
-
What are the practical steps we need to take to recover strings? How are strings represented in memory, passed between functions, and manipulated throughout the program?
-
Once we recover the strings, what do the strings mean? What can the strings we recover tell us about the compiler, language runtime, standard library, and third-party libraries in the binary?
This workshop is intended for reverse engineers and malware analysts who are familiar with reversing C or C++ binaries, but who are unfamiliar with the Rust programming language.
Cindy Xiao , Decoder Loop
Cindy Xiao is an experienced malware analyst, security researcher, and software developer. She has given talks and workshops on malware and Rust reverse engineering at leading cybersecurity conferences, including RECon, RE//verse, and NorthSec.
Cindy is the founder of Decoder Loop, a specialty firm created to raise the bar for binary reverse engineering training. The tools, techniques, and resources that reverse engineers have were built for the era of C. Meanwhile, malware authors and software developers alike are rapidly switching to modern programming languages such as Rust. Decoder Loop offers expert training that levels the playing field for reverse engineers facing modern binaries.