The presentation will focus on some advanced topics of automated reverse engineering. Algorithms (and plug-ins for IDA that implement them) for detecting programmatic changes between two versions of the same executable and for detecting memory-copying or -decoding loops in executables will be explained and demonstrated. There are several applications for these techniques, for example porting debug info that a vendor might have accidentally left in an older version of a product to a newer version of the same program or reverse engineering the details of a bug if the vendor has only provided sketchy details. Detection of memory-copying loops has some interesting applications in vulnerability research and code analysis. Halvar Flake is Black Hat's resident reverse engineer. Originating in the fields of copy protection, he moved more and more towards network security after realizing the potential for reverse engineering as a tool for vulnerability analysis. He spends most of his screen time in a disassembler (or developing extensions for the disassembler), likes to read source code diff's with his breakfast and enjoys giving talks about his research interests. He drinks tea but does not smoke camels.