ebook img

Scientific but Not Academical Overview of Malware Anti-Debugging, Anti-Disassembly and Anti-VM ... PDF

50 Pages·2012·1.52 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Scientific but Not Academical Overview of Malware Anti-Debugging, Anti-Disassembly and Anti-VM ...

USA 2012 Scientific but Not Academical Overview of Malware Anti-Debugging, Anti-Disassembly and Anti-VM Technologies Rodrigo Rubira Branco (@BSDaemon ) Gabriel Negreira Barbosa (@gabrielnb ) Pedro Drimel Neto (@pdrimel ) Were we live… 2! BLACK HAT USA 2012 Nah, we live actually here… BLACK HAT USA 2012 São Paulo BLACK HAT USA 2012 Agenda Introduction / Motivation l  Objectives l  Methodology l  Dissect || PE Project l  Executive Summary l  Techniques l  Resources l  Conclusions l  5! BLACK HAT USA 2012 Introduc)on  /  Mo)va)on   Hundreds of thousands of new samples every week l  Still, automation is about single tasks or single analysis l  Presentations still pointing tens of thousands in tests (what l  about the millions of samples?) Companies promote research which uses words such as l  ‘many’ instead of X number BLACK HAT USA 2012 Before  con)nue,  some  defini)ons  ...   Anti-Debugging l  Techniques to compromise debuggers and/or the debugging process l  Anti-Disassembly l  Techniques to compromise disassemblers and/or the disassembling process l  Obfuscation l  Techniques to make the signatures creation more difficult and the disassembled l  code harder to be analyzed by a professional Anti-VM: l  Techniques to detect and/or compromise virtual machines l  BLACK HAT USA 2012 Objec)ves   Analyze millions of malware samples l  Share the current results related to: l  Anti-Debugging l  Anti-Disassembly l  Obfuscation l  Anti-VM l  Keep sharing more and better results in our portal l  (www.dissect.pe): New malware samples are always being analyzed l  Detection algorithms are constantly being improved l  The system does not analyze only anti-RE things l  BLACK HAT USA 2012 Dissect  ||  PE  Project   Scalable and flexible automated malware analysis system l  Receives malware from trusted partners l  Portal available for partners, researchers and general media l  with analysis data BLACK HAT USA 2012 Dissect  ||  PE  –  Overview   Free research malware analysis system for the community l  Open architecture l  Works with plugins l  10 dedicated machines distributed in 3 sites: l  2 sites in Brazil (São Paulo and Bauru cities) l  1 site in Germany l  Some numbers: l  Receives more than 150 GB of malwares per day l  More than 30 million unique samples l  BLACK HAT USA 2012

Description:
2 sites in Brazil (São Paulo and Bauru cities). ○. 1 site in We usually create handlers so the researcher does not need to change his actual code. ○.
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.