Exclusive training with Duncan Ogilvie: LLVM IR and Binary Lifting
mnemonic is pleased to host the "LLVM Intermediate Representation and Binary Lifting" course with the author of x64dbg [1], Duncan Ogilvie.
This course, taking place on February 20-21, 2025, is designed for reverse engineers and focuses on lifting binary code to LLVM IR and processing it with Remill for deobfuscation. A similar analysis can be found in Mandiant's blog post about LummaC2 [2].
The course combines theoretical sessions with hands-on exercises to provide participants with a solid understanding of the fundamental concepts and self-sufficiency in troubleshooting. Although we will cover only the essentials due to the complexity of the topic, participants will have access to further resources to continue their learning after the course.
Course Outline:
- Environment setup
- Introduction to LLVM IR
- Programming with the LLVM C++ API
- Architecture of Remill
- Developing a lifting pipeline
- Lifting and deobfuscation
- Follow-up discussion
Lunch will be served from 12:00-13:00 both days, and coffee, tea, and snacks will be available throughout the course.
Requirements:
- Course laptop
- GitHub account
Prerequisite Knowledge:
- Programming in C++ (modest level)
- Reverse engineering (x86 assembly)
- Python basics
[1] https://github.com/mrexodia
[2] https://cloud.google.com/blog/topics/threat-intelligence/lummac2-obfuscation-through-indirect-control-flow
Meet the trainer
Please register as soon as possible, as there are limited spots available.
Questions?
