Visual Malware Reversing - Offensive Computing

Recommendations

Info

Generating Traces • Ether – Set of patches to the Xen hypervisor – Allows for covert tracing of executables • Veratrace – NEW! – Intel PIN system suitable for use in VMWare – Commercial code analysis • Output from debuggers (GDB/WinDbg/…)
Ether Improvements • Import reconstruction using kernel data structures • OEP detection from stack back-tracking technique • Antivirus scanning performance improved
Page 1 and 2: Visual Malware Reversing How to Sto
Page 3 and 4: Goals • Identify structure of mal
Page 5 and 6: Complexities of Reverse Engineering
Page 7 and 8: What is VERA? • Visualizing Execu
Page 9: What the Colors Mean • Yellow - N
Page 13 and 14: Imported API Recovery • Removing
Page 15 and 16: Which is easier to read? No Imports
Page 17 and 18: Import Repair Process • Each impo
Page 19 and 20: Import Repair Process • New Metho
Page 21 and 22: Original Entry Point Detection •
Page 23 and 24: Problems with Ether • Heavy-weigh
Page 25 and 26: Veratrace Demonstration Demo 2
Page 27 and 28: Caveat Emptor • Intel PIN is very
Page 29 and 30: VERA Analysis Machine VERA - IDA Pl
Page 31 and 32: Future Work • Memory usage analys
Page 33: http://www.offensivecomputing.net/v

Visual Malware Reversing - Offensive Computing

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?