To give you the best possible experience, this site uses cookies. Review our Privacy Policy and Terms of Service to learn more. Jag förstår!
Artwork

Tech Blackhat Briefings Blackhat Japan 2004 Hacking Computer Security Information Security InfoSec Speeches Presentations Audio Tech News Japan Jeff Moss Podcasting
Innehåll tillhandahållet av Black Hat and Jeff Moss. Allt poddinnehåll inklusive avsnitt, grafik och podcastbeskrivningar laddas upp och tillhandahålls direkt av Black Hat and Jeff Moss eller deras podcastplattformspartner. Om du tror att någon använder ditt upphovsrättsskyddade verk utan din tillåtelse kan du följa processen som beskrivs här https://sv.player.fm/legal.

Liknande Black Hat Briefings, Japan 2004 [Audio] Presentations from the security conference

Player FM - Podcast-app
Gå offline med appen Player FM !
Get it on App Store Get it on Google Play

Black Hat Briefings, Japan 2004 [Audio] Presentations from the security conference
Chris Eagle: Attacking Obfuscated Code with IDA Pro ( English)

1:30:23
 
Spela
Nu spelas
Dela
 

MP3Episod hem
Manage episode 155121159 series 1146743
Innehåll tillhandahållet av Black Hat and Jeff Moss. Allt poddinnehåll inklusive avsnitt, grafik och podcastbeskrivningar laddas upp och tillhandahålls direkt av Black Hat and Jeff Moss eller deras podcastplattformspartner. Om du tror att någon använder ditt upphovsrättsskyddade verk utan din tillåtelse kan du följa processen som beskrivs här https://sv.player.fm/legal.
"Virtually every virus and worm that circulates the Internet today is ""protected"" by some form of obfuscation that hides the code's true intent. In the Window's world where worms prevail, the use of tools such as UPX, ASPack, and teLock has become standard. Protection of malicious code is not the only goal of binary obfuscators however which can be used to protect intellectual property. In the Linux world, tools such as Burneye and Shiva exist which can be used in ways similar to any Window's obfuscation tool. To fight such methods, analysts have created specific tools or techniques for unraveling these code obfuscators in order to reveal the software within. To date, in the fight against malware, anti-virus vendors have had the luxury of focusing on signature development since obfuscation of malware has presented little challenge. To combat this, malware authors are rapidly morphing their code in order to evade quickly developed and deployed signature-matching routines. What will happen when malware authors begin to morph their obfuscation techniques as rapidly as they morph their worms? While not designed specifically as a malware protection tool, one program, Shiva, aims to do exactly that. Shiva forces analysis of malicious code to be delayed while analysts fight through each novel mutation of Shiva's obfuscation mechanism. This, in effect, provides the malware a longer period of time to wreak havoc before countermeasures can be developed. This talk will focus on the use of emulated execution within IDA Pro to provide a generic means for rapidly deobfuscating protected code. Capabilities of the emulation engine will be discussed and the removal of several types of obfuscation will be demonstrated. Finally, the development of standalone deobfuscation tools based on the emulation engine will be discussed. Chris Eagle is the Associate Chairman of the Computer Science Department at the Naval Postgraduate School (NPS) in Monterey, CA. A computer engineer/scientist for 18 years, his research interests include computer network operations, computer forensics and reverse/anti-reverse engineering."
  continue reading

22 episoder

#Tech #Blackhat Briefings #Blackhat Japan 2004 #Hacking #Computer #Security #Information Security #InfoSec #Speeches #Presentations #Audio #Tech News #Japan #Jeff Moss #Podcasting
Artwork

Chris Eagle: Attacking Obfuscated Code with IDA Pro ( English)

Black Hat Briefings, Japan 2004 [Audio] Presentations from the security conference

published

Spela Nu spelas
iconDela
 
MP3Episod hem
Manage episode 155121159 series 1146743
Innehåll tillhandahållet av Black Hat and Jeff Moss. Allt poddinnehåll inklusive avsnitt, grafik och podcastbeskrivningar laddas upp och tillhandahålls direkt av Black Hat and Jeff Moss eller deras podcastplattformspartner. Om du tror att någon använder ditt upphovsrättsskyddade verk utan din tillåtelse kan du följa processen som beskrivs här https://sv.player.fm/legal.
"Virtually every virus and worm that circulates the Internet today is ""protected"" by some form of obfuscation that hides the code's true intent. In the Window's world where worms prevail, the use of tools such as UPX, ASPack, and teLock has become standard. Protection of malicious code is not the only goal of binary obfuscators however which can be used to protect intellectual property. In the Linux world, tools such as Burneye and Shiva exist which can be used in ways similar to any Window's obfuscation tool. To fight such methods, analysts have created specific tools or techniques for unraveling these code obfuscators in order to reveal the software within. To date, in the fight against malware, anti-virus vendors have had the luxury of focusing on signature development since obfuscation of malware has presented little challenge. To combat this, malware authors are rapidly morphing their code in order to evade quickly developed and deployed signature-matching routines. What will happen when malware authors begin to morph their obfuscation techniques as rapidly as they morph their worms? While not designed specifically as a malware protection tool, one program, Shiva, aims to do exactly that. Shiva forces analysis of malicious code to be delayed while analysts fight through each novel mutation of Shiva's obfuscation mechanism. This, in effect, provides the malware a longer period of time to wreak havoc before countermeasures can be developed. This talk will focus on the use of emulated execution within IDA Pro to provide a generic means for rapidly deobfuscating protected code. Capabilities of the emulation engine will be discussed and the removal of several types of obfuscation will be demonstrated. Finally, the development of standalone deobfuscation tools based on the emulation engine will be discussed. Chris Eagle is the Associate Chairman of the Computer Science Department at the Naval Postgraduate School (NPS) in Monterey, CA. A computer engineer/scientist for 18 years, his research interests include computer network operations, computer forensics and reverse/anti-reverse engineering."
  continue reading

22 episoder

#Tech #Blackhat Briefings #Blackhat Japan 2004 #Hacking #Computer #Security #Information Security #InfoSec #Speeches #Presentations #Audio #Tech News #Japan #Jeff Moss #Podcasting

همه قسمت ها

×
 
Loading …

Välkommen till Player FM

Player FM scannar webben för högkvalitativa podcasts för dig att njuta av nu direkt. Den är den bästa podcast-appen och den fungerar med Android, Iphone och webben. Bli medlem för att synka prenumerationer mellan enheter.

 

Liknande Black Hat Briefings, Japan 2004 [Audio] Presentations from the security conference

Lyssna på 500+ ämnen
Player FM - Podcast-app
Gå offline med appen Player FM !
Get it on App Store Get it on Google Play

Snabbguide

Topp podcast
Pådden med Olsson & Ekwall
Sporthuset
Radiosporten Dokumentär
Kapitalet
Arkiv Samtal
Lillelördag
Brita Zackari och Parisa Amiri
Seriemördarna - Med Magnus Betnér & Erik Rosenberg
En podd om teknik
P3 Dokumentär
Radiokorrespondenterna Ryssland
Säker stil
Allt du velat veta
Vetenskapsradion På djupet
forstagangenpodden's podcast
P1 Dokumentär
Mordpodden
BT Dokumentär
Palmemordet
Player FM logo
Hjälp/FAQ | Uppgradera | Annonsera
Konst|Näringsliv|Komedi|Ekonomi|Underhållning|Nyheter|Politik|Religion
Vetenskap|Fotboll|Sport|Sagoberättande|Teknologi|Verkliga brott
Upphovsrätt 2024 | Sitemap | Integritetspolicy | Användarvillkor | | upphovsrätt
Episode being played series thumbnail
icon icon
Hastighet
Inställningar för serie
1x
1x
Volume
100%
icon
icon icon
/

Visa Player FM i ...
Player FM
Browser
Chrome
Safari
Firefox