Modern Malware Deobfuscation, Emulation and Rootkits — Alexandre Borges — DEF CON China 1

Дата: 22.01.2020. Автор: CISOCLUB. Категории: Подкасты и видео по информационной безопасности

Modern advanced malware samples are used to infect countries and they make part of the current cyber war, cyber espionage and financial attacks. Furthermore, critical actors, who write these malicious codes, try to make the static and dynamic analysis really hard by heavily obfuscating and, eventually, virtualizing codes using techniques such as CFG, call stack manipulation, dead code, opaque predicate and so on. Understanding these concepts and how they are used with virtualized packers is an advantage to learn the main anti-reversing techniques.

Therefore, to manage complex scenarios as exposed above, we are able to use frameworks such as METASM, MIASM and several dynamic static emulation techniques to make code simpler. At end, the goal is to reduce the code (most of time by using symbolic analysis), making us able to get a better understanding about the threat. Additionally, the introduction of dynamic tracing (DTrace) on Windows can help us to having a better understanding about programs and their behavior.

This presentation aims to show concepts and a practical approach on how to handle these reverse engineering challenges and techniques.

Alexandre Borges is a Security Researcher, who has been working on Reverse Engineering, Malware Analysis and Digital Forensic Analysis for many years.

Usually, he teaches training courses about Malware and Memory Analysis, Digital Forensics, Mobile Forensics and Mobile Malware Analysis around the world. Furthermore, Alexandre is the creator and maintainer of Malwoverview triage tool:

Alexandre has spoken in several conferences such as DEFCON 2018, H2HC conference (2015 and 2016), BSIDES (2016, 2017 and 2018), BHack (2018), HITB 2019 (Amsterdam) and CONFidence Conference 2019 (Poland).

Twitter: @ale_sp_brazil

Об авторе CISOCLUB

Редакция CISOCLUB. Официальный аккаунт. CISOCLUB - информационный портал и профессиональное сообщество специалистов по информационной безопасности.
Читать все записи автора CISOCLUB

Добавить комментарий

Ваш адрес email не будет опубликован.