Cindy Xiao , Decoder Loop
Cindy Xiao is an experienced malware analyst, security researcher, and software developer. She has given talks and workshops on malware and Rust reverse engineering at leading cybersecurity conferences, including RECon, RE//verse, and NorthSec.
Cindy is the founder of Decoder Loop, a specialty firm created to raise the bar for binary reverse engineering training. The tools, techniques, and resources that reverse engineers have were built for the era of C. Meanwhile, malware authors and software developers alike are rapidly switching to modern programming languages such as Rust. Decoder Loop offers expert training that levels the playing field for reverse engineers facing modern binaries.
Workshop: Reconstructing Rust Types: A Practical Guide for Reverse Engineers
Workshops are first-come, first-serve and have limited capacity. Some workshops may be streamed for additional passive participation.
As of 2024, most reverse engineers still struggle to statically reverse Rust binaries. Static RE tools are beginning to develop features for analyzing Rust, and tools for recovering Rust library function signatures now exist. However, even when function symbols and signatures are available, analyzing data flow in Rust binaries is not trivial. The Rust type system, standard library, and compiler differ in many ways from C and C++, making type recovery difficult even for experienced reverse engineers.
This workshop provides a guide for reverse engineers on reconstructing types in Rust binaries. We will cover the basic building blocks of the Rust type system, from both the Rust programmer's perspective and the Rust compiler's perspective. From the primitive types, we will move to constructing the layouts of common standard library types found in Rust binaries, including types used in string formatting and in error handling. We will also cover artifacts inside Rust binaries that give information about type layout - how to find them, how to use them, and where in the Rust toolchain they actually come from.
The goal for this workshop is to provide the audience with a solid mental model for the layouts of Rust types, and present bite-sized practical techniques for Rust structure recovery. The intended audience for this workshop is reverse engineers who are familiar with reversing C or C++ code, but who are unfamiliar with both developing and reversing Rust.
Training: Deconstructing Rust Binaries
Deconstructing Rust Binaries is the first comprehensive training course focused solely on reverse engineering Rust binaries. This course is for any reverse engineer who needs a rapid, practical upskill in your ability to analyze Rust binaries. You will learn how to effectively triage Rust binaries, how to trace data flow through Rust binaries, and how to tackle common techniques found in the Rust malware ecosystem.
This course is aimed at malware reverse engineers, but vulnerability researchers and software reverse engineers who have Rust targets will also find the course valuable. This course is taught and written by an experienced malware reverse engineer, Cindy Xiao, with extensive experience specifically in reversing Rust binaries. Real Rust malware samples will be used in the course for practice.