- 2025-10-21 –, Vianden & Wiltz
- 2025-10-23 –, Hollenfels
All times in Europe/Luxembourg
In this workshop you will learn how to obfuscate your payloads with a custom VM. This will help to evade signature detections and make reverse engineering more difficult. The format will be a hands-on workshop and participants will walk away with new tooling they can try out in the field right away!
In this workshop we will leverage the RISC-V architecture and the LLVM ecosystem to build a simple obfuscation pipeline. The VM interpreter code is small and once it is loaded, you do not need to allocate additional executable pages to execute arbitrary payloads.
Covered topics:
- Introduction to VM-based obfuscation
- Basics of the RISC-V architecture
- Compiling payloads for the RISC-V architecture
- Obfuscating the VM interpreter for evasion
- VM Hardening to complicate reversing the payloads (as time allows)
- Building a basic C2 framework (as time allows)
The bulk of the work will be done in a GitHub Codespace (Linux), which makes it easy for participants to get started. However, the final payloads need to be executed in a Windows VM (which you have to prepare beforehand).
Note: Participants need C programming and Linux command line experience to follow along with the workshop. Reverse engineering experience is highly recommended. The concepts covered in the second half of the workshop are quite advanced
Reverse engineer, creator of x64dbg, Dumpulator, IDA Pro MCP and 100+ other projects. Love binary analysis and Windows internals. Worked in DRM for 5 years and currently working as a mobile security researcher.