• A reasonably fast internet connection that can support two-way video conferencing and interactive use of a remote computer system simultaneously.
• Webex Training is best supported on Windows and macOS.  Other operating systems (e.g. Linux, Android, iOS) are not supported and may not allow you to share your screen if you need assistance with the tutorials.
• An RDP client (Microsoft RDP Client Mac/Windows 10) will be needed for accessing AWS instances used for lab exercises.
• Slack (optional)

• Windows
• macOS
• Download “WebEx Training”

RetroWrite: Efficient Static Binary Rewriting for Security Testing

EPFL and Purdue University

Tues. Aug. 4th, 2020 10:00AM - 1:00PM

Adopting RAZOR for Post-deployment Software Debloating

Georgia Tech

Tue. Aug. 4th, 2020 2:30PM – 5:30PM

In this tutorial, attendees will have the opportunity to use Razor to debloat post-deployment software. We will explore dynamic tracing techniques to trace software’s execution efficiently, use different heuristics to infer non-executed code with similar functionalities, and rewrite software without source code. We will walk through widely used benchmarks and real-world programs to evaluate Razor’s code reduction and robustness.

Less is More: Introducing an Automated Debloating Pipeline ased on Dynamic Web Application Usage

Stony Brook University

Wed. Aug. 5th, 2020 10:00AM - 1:00PM

In this tutorial, attendees will have the opportunity to learn and experiment with our “Less is More” debloating pipeline for web applications. Like binary software, web applications are becoming ever more complicated and their attack surface is constantly expanding. The attendees will get a chance to use our pipeline to debloat a popular web application, experience how the debloated web application functions as expected, and observe how an exploit that worked before debloating, stops working after debloating.

JDebloat—Synergistic Java Bytecode Customization through Static Debloating and Delayering

UCLA

Wed. Aug. 5th, 2020 2:30PM – 5:30PM

In this tutorial, attendees will have the opportunity to use JDebloat, a tool that reduces Java program size by half (on average). We will cover using our tool from beginning to end on an example project. Throughout the tutorial you will learn how our tool works, and how to use it.

Software Fault Encouragement

Galois, Inc.

Thurs. Aug. 6th, 2020 10:00AM – 1:00PM

This tutorial covers tools for adding defense-in-depth protections against cyber vulnerabilities for legacy embedded systems.  The tools (which support x86_64, PowerPC, and ARM) create artificial binary diversity with minimal overhead to significantly increase the effort required to develop attacks.  Attendees will have the opportunity to 1) apply the tools to a demonstration system, and 2) explore an example workflow for integrating binary diversification as a defensive mechanism.

Applying CBAT for Binary Patch Verification

Draper Laboratory

Thurs. Aug. 6th, 2020 2:30PM – 5:30PM

This tutorial will introduce CBAT: a Comparative Binary Analysis Tool.  CBAT is used to analyze binary programs and automatically find bugs or prove program correctness.  It can also compare the behavior of programs to check that patches or binary transformations do not introduce unintended changes.  Attendees will have the opportunity to find bugs in real programs with CBAT, and will learn about the BAP binary analysis platform it is built on.

Automated System Call Policy Generation for Container Attack Surface Reduction

Stony Brook University

Fri. Aug. 7th, 2020 10:00:AM – 1:00PM

Container technologies rely on weaker isolation mechanisms compared to virtual machines, allowing adversaries to exploit kernel vulnerabilities to escalate their privileges and fully compromise the host (and all the other containers running on it). To reduce this risk, we have developed Confine, an automated system that generates restrictive system call policies for arbitrary Docker containers. Reducing the number of available system calls limits the exposed interface of the underlying kernel, minimizing this way its attack surface. In this tutorial, attendees will have the opportunity to use Confine for hardening publicly available Docker images of popular applications (e.g., Nginx), take an in-depth look into the filtered system calls and the respective neutralized kernel vulnerabilities, and experiment with real-world exploits that are rendered ineffective by the applied system call policies.

Communication Protocol Customization and Fuzzing

George Washington University

Fri. Aug. 7th, 2020 2:30PM – 5:30PM

This tutorial introduces tools that perform protocol binary tainting and stateful protocol fuzzing. In this tutorial, attendees will have the opportunity to trace binary instructions relevant to specific protocol packets/fields, and detect vulnerabilities in stateful protocol communications.