Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
İçerik Black Hat and Jeff Moss tarafından sağlanmıştır. Bölümler, grafikler ve podcast açıklamaları dahil tüm podcast içeriği doğrudan Black Hat and Jeff Moss veya podcast platform ortağı tarafından yüklenir ve sağlanır. Birinin telif hakkıyla korunan çalışmanızı izniniz olmadan kullandığını düşünüyorsanız burada https://tr.player.fm/legal özetlenen süreci takip edebilirsiniz.
Player FM - Podcast Uygulaması
Player FM uygulamasıyla çevrimdışı Player FM !
Player FM uygulamasıyla çevrimdışı Player FM !
Chris Eagle: Attacking Obfuscated Code with IDA Pro ( English)
MP3•Bölüm sayfası
Manage episode 155121159 series 1146743
İçerik Black Hat and Jeff Moss tarafından sağlanmıştır. Bölümler, grafikler ve podcast açıklamaları dahil tüm podcast içeriği doğrudan Black Hat and Jeff Moss veya podcast platform ortağı tarafından yüklenir ve sağlanır. Birinin telif hakkıyla korunan çalışmanızı izniniz olmadan kullandığını düşünüyorsanız burada https://tr.player.fm/legal özetlenen süreci takip edebilirsiniz.
"Virtually every virus and worm that circulates the Internet today is ""protected"" by some form of obfuscation that hides the code's true intent. In the Window's world where worms prevail, the use of tools such as UPX, ASPack, and teLock has become standard. Protection of malicious code is not the only goal of binary obfuscators however which can be used to protect intellectual property. In the Linux world, tools such as Burneye and Shiva exist which can be used in ways similar to any Window's obfuscation tool. To fight such methods, analysts have created specific tools or techniques for unraveling these code obfuscators in order to reveal the software within. To date, in the fight against malware, anti-virus vendors have had the luxury of focusing on signature development since obfuscation of malware has presented little challenge. To combat this, malware authors are rapidly morphing their code in order to evade quickly developed and deployed signature-matching routines. What will happen when malware authors begin to morph their obfuscation techniques as rapidly as they morph their worms? While not designed specifically as a malware protection tool, one program, Shiva, aims to do exactly that. Shiva forces analysis of malicious code to be delayed while analysts fight through each novel mutation of Shiva's obfuscation mechanism. This, in effect, provides the malware a longer period of time to wreak havoc before countermeasures can be developed. This talk will focus on the use of emulated execution within IDA Pro to provide a generic means for rapidly deobfuscating protected code. Capabilities of the emulation engine will be discussed and the removal of several types of obfuscation will be demonstrated. Finally, the development of standalone deobfuscation tools based on the emulation engine will be discussed. Chris Eagle is the Associate Chairman of the Computer Science Department at the Naval Postgraduate School (NPS) in Monterey, CA. A computer engineer/scientist for 18 years, his research interests include computer network operations, computer forensics and reverse/anti-reverse engineering."
…
continue reading
22 bölüm
Chris Eagle: Attacking Obfuscated Code with IDA Pro ( English)
Black Hat Briefings, Japan 2004 [Audio] Presentations from the security conference
MP3•Bölüm sayfası
Manage episode 155121159 series 1146743
İçerik Black Hat and Jeff Moss tarafından sağlanmıştır. Bölümler, grafikler ve podcast açıklamaları dahil tüm podcast içeriği doğrudan Black Hat and Jeff Moss veya podcast platform ortağı tarafından yüklenir ve sağlanır. Birinin telif hakkıyla korunan çalışmanızı izniniz olmadan kullandığını düşünüyorsanız burada https://tr.player.fm/legal özetlenen süreci takip edebilirsiniz.
"Virtually every virus and worm that circulates the Internet today is ""protected"" by some form of obfuscation that hides the code's true intent. In the Window's world where worms prevail, the use of tools such as UPX, ASPack, and teLock has become standard. Protection of malicious code is not the only goal of binary obfuscators however which can be used to protect intellectual property. In the Linux world, tools such as Burneye and Shiva exist which can be used in ways similar to any Window's obfuscation tool. To fight such methods, analysts have created specific tools or techniques for unraveling these code obfuscators in order to reveal the software within. To date, in the fight against malware, anti-virus vendors have had the luxury of focusing on signature development since obfuscation of malware has presented little challenge. To combat this, malware authors are rapidly morphing their code in order to evade quickly developed and deployed signature-matching routines. What will happen when malware authors begin to morph their obfuscation techniques as rapidly as they morph their worms? While not designed specifically as a malware protection tool, one program, Shiva, aims to do exactly that. Shiva forces analysis of malicious code to be delayed while analysts fight through each novel mutation of Shiva's obfuscation mechanism. This, in effect, provides the malware a longer period of time to wreak havoc before countermeasures can be developed. This talk will focus on the use of emulated execution within IDA Pro to provide a generic means for rapidly deobfuscating protected code. Capabilities of the emulation engine will be discussed and the removal of several types of obfuscation will be demonstrated. Finally, the development of standalone deobfuscation tools based on the emulation engine will be discussed. Chris Eagle is the Associate Chairman of the Computer Science Department at the Naval Postgraduate School (NPS) in Monterey, CA. A computer engineer/scientist for 18 years, his research interests include computer network operations, computer forensics and reverse/anti-reverse engineering."
…
continue reading
22 bölüm
Tüm bölümler
×Player FM'e Hoş Geldiniz!
Player FM şu anda sizin için internetteki yüksek kalitedeki podcast'leri arıyor. En iyi podcast uygulaması ve Android, iPhone ve internet üzerinde çalışıyor. Aboneliklerinizi cihazlar arasında eş zamanlamak için üye olun.