Home

Awesome

"Modern Debugging with WinDbg Preview" DEFCON 27 workshop

This repository contains the materials for the DEFCON 27 workshop

Overview

Abstract

It's 2019 and yet too many Windows developers and hackers alike rely on (useful but rather) old school tools for debugging Windows binaries (OllyDbg, Immunity Debugger). What they don't realize is that they are missing out on invaluable tools and functionalities that come with Microsoft newest WinDbg Preview edition. This hands-on workshop will attempt to level the field, by practically showing how WinDbg has changed to a point where it should be the first tool to be installed on any Windows (10) for binary analysis machine: after a brief intro to the most basic (legacy) commands, this workshop will focus around debugging modern software (vulnerability exploitation, malware reversing, DKOM-based rootkit, JS engine) using modern techniques provided by WinDbg Preview (spoiler alert to name a few, JavaScript, LINQ, TTD). By the end of this workshop, trainees will have their WinDbg-fu skilled up.

Where/when?

Saturday August 10th 2019, 1430-1830 Flamingo, Lake Mead II

Skill Level

Intermediate

Prerequisites

Familiarity with Windows platform and kernel debugging Working knowledge of debuggers (pref. WinDbg) Working knowledge of JavaScript

Materials

Any modern laptop running Windows 10 + a hypervisor with one Windows 10 VM guest (for example with remote debugging via kdnet , but can work out with lkd). Also need Internet access.

Quick Links

Acknowledgment

This workshop was originally produced as part of my (hugsy) work at @SophosLabs in the Offensive Security Team.

Authors