To give you the best possible experience, this site uses cookies. Review our Privacy Policy and Terms of Service to learn more. Forstått!
Artwork

Tech Blackhat Briefings Blackhat Japan 2004 Hacking Computer Security Information Security InfoSec Speeches Presentations Audio Tech News Japan Jeff Moss Podcasting
Innhold levert av Black Hat and Jeff Moss. Alt podcastinnhold, inkludert episoder, grafikk og podcastbeskrivelser, lastes opp og leveres direkte av Black Hat and Jeff Moss eller deres podcastplattformpartner. Hvis du tror at noen bruker det opphavsrettsbeskyttede verket ditt uten din tillatelse, kan du følge prosessen skissert her https://no.player.fm/legal.

Lik Black Hat Briefings, Japan 2004 [Audio] Presentations from the security conference

Player FM - Podcast-app
Gå frakoblet med Player FM -appen!
Get it on App Store Get it on Google Play

Black Hat Briefings, Japan 2004 [Audio] Presentations from the security conference
Chris Eagle: Attacking Obfuscated Code with IDA Pro-(Partial Japanese)

32:28
 
Spill
Avspiller
Del
 

MP3Episoder hjem
Manage episode 155121158 series 1146743
Innhold levert av Black Hat and Jeff Moss. Alt podcastinnhold, inkludert episoder, grafikk og podcastbeskrivelser, lastes opp og leveres direkte av Black Hat and Jeff Moss eller deres podcastplattformpartner. Hvis du tror at noen bruker det opphavsrettsbeskyttede verket ditt uten din tillatelse, kan du følge prosessen skissert her https://no.player.fm/legal.
"Virtually every virus and worm that circulates the Internet today is ""protected"" by some form of obfuscation that hides the code's true intent. In the Window's world where worms prevail, the use of tools such as UPX, ASPack, and teLock has become standard. Protection of malicious code is not the only goal of binary obfuscators however which can be used to protect intellectual property. In the Linux world, tools such as Burneye and Shiva exist which can be used in ways similar to any Window's obfuscation tool. To fight such methods, analysts have created specific tools or techniques for unraveling these code obfuscators in order to reveal the software within. To date, in the fight against malware, anti-virus vendors have had the luxury of focusing on signature development since obfuscation of malware has presented little challenge. To combat this, malware authors are rapidly morphing their code in order to evade quickly developed and deployed signature-matching routines. What will happen when malware authors begin to morph their obfuscation techniques as rapidly as they morph their worms? While not designed specifically as a malware protection tool, one program, Shiva, aims to do exactly that. Shiva forces analysis of malicious code to be delayed while analysts fight through each novel mutation of Shiva's obfuscation mechanism. This, in effect, provides the malware a longer period of time to wreak havoc before countermeasures can be developed. This talk will focus on the use of emulated execution within IDA Pro to provide a generic means for rapidly deobfuscating protected code. Capabilities of the emulation engine will be discussed and the removal of several types of obfuscation will be demonstrated. Finally, the development of standalone deobfuscation tools based on the emulation engine will be discussed. Chris Eagle is the Associate Chairman of the Computer Science Department at the Naval Postgraduate School (NPS) in Monterey, CA. A computer engineer/scientist for 18 years, his research interests include computer network operations, computer forensics and reverse/anti-reverse engineering."
  continue reading

22 episoder

#Tech #Blackhat Briefings #Blackhat Japan 2004 #Hacking #Computer #Security #Information Security #InfoSec #Speeches #Presentations #Audio #Tech News #Japan #Jeff Moss #Podcasting
Artwork

Chris Eagle: Attacking Obfuscated Code with IDA Pro-(Partial Japanese)

Black Hat Briefings, Japan 2004 [Audio] Presentations from the security conference

published

Spill Avspiller
iconDel
 
MP3Episoder hjem
Manage episode 155121158 series 1146743
Innhold levert av Black Hat and Jeff Moss. Alt podcastinnhold, inkludert episoder, grafikk og podcastbeskrivelser, lastes opp og leveres direkte av Black Hat and Jeff Moss eller deres podcastplattformpartner. Hvis du tror at noen bruker det opphavsrettsbeskyttede verket ditt uten din tillatelse, kan du følge prosessen skissert her https://no.player.fm/legal.
"Virtually every virus and worm that circulates the Internet today is ""protected"" by some form of obfuscation that hides the code's true intent. In the Window's world where worms prevail, the use of tools such as UPX, ASPack, and teLock has become standard. Protection of malicious code is not the only goal of binary obfuscators however which can be used to protect intellectual property. In the Linux world, tools such as Burneye and Shiva exist which can be used in ways similar to any Window's obfuscation tool. To fight such methods, analysts have created specific tools or techniques for unraveling these code obfuscators in order to reveal the software within. To date, in the fight against malware, anti-virus vendors have had the luxury of focusing on signature development since obfuscation of malware has presented little challenge. To combat this, malware authors are rapidly morphing their code in order to evade quickly developed and deployed signature-matching routines. What will happen when malware authors begin to morph their obfuscation techniques as rapidly as they morph their worms? While not designed specifically as a malware protection tool, one program, Shiva, aims to do exactly that. Shiva forces analysis of malicious code to be delayed while analysts fight through each novel mutation of Shiva's obfuscation mechanism. This, in effect, provides the malware a longer period of time to wreak havoc before countermeasures can be developed. This talk will focus on the use of emulated execution within IDA Pro to provide a generic means for rapidly deobfuscating protected code. Capabilities of the emulation engine will be discussed and the removal of several types of obfuscation will be demonstrated. Finally, the development of standalone deobfuscation tools based on the emulation engine will be discussed. Chris Eagle is the Associate Chairman of the Computer Science Department at the Naval Postgraduate School (NPS) in Monterey, CA. A computer engineer/scientist for 18 years, his research interests include computer network operations, computer forensics and reverse/anti-reverse engineering."
  continue reading

22 episoder

#Tech #Blackhat Briefings #Blackhat Japan 2004 #Hacking #Computer #Security #Information Security #InfoSec #Speeches #Presentations #Audio #Tech News #Japan #Jeff Moss #Podcasting

Alle episoder

×
 
Loading …

Velkommen til Player FM!

Player FM scanner netter for høykvalitets podcaster som du kan nyte nå. Det er den beste podcastappen og fungerer på Android, iPhone og internett. Registrer deg for å synkronisere abonnement på flere enheter.

 

Lik Black Hat Briefings, Japan 2004 [Audio] Presentations from the security conference

Lytt til 500+ tema
Player FM - Podcast-app
Gå frakoblet med Player FM -appen!
Get it on App Store Get it on Google Play

Hurtigreferanseguide

Topp podcaster
Indre bane
VG Sporten med Brenne og Borud
NIH-podden
E24-podden
Misjonen med Antonsen og Golden
Radioresepsjonen
Filmpolitiets podkast
Filmfrelst
Dine Penger - Pengerådet
Bekk Open Podcast
Ekko
Dagsnytt 18
Mentaltrener Podcasten
Rekommandert
Uillustrert Vitenskap
Lørdagsrådet
Historier fra virkeligheten
Truecrimepodden
Gåten i Isdalen
To hvite menn
Player FM logo
Hjelp/FAQ | Oppgrader | Reklamere
Kunst|Business|Komedie|Økonomi|Underholdning|Nyheter|Politikk|Religion
Vitenskap|Fotball|Sport|Historiefortelling|Teknologi|True Crime
Copyright 2024 | Sitemap | Personvern | Vilkår for bruk | | opphavsrett
Episode being played series thumbnail
icon icon
Hastighet
Serier innstillinger
1x
1x
Volume
100%
icon
icon icon
/

Se Player FM i ...
Player FM
Browser
Chrome
Safari
Firefox