communication
RECON-BRX-2017-GRAP
RECON-BRX-2017-GRAP
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Disassembly Graph matching Patterns Bindings IDA plugin Perspectives<br />
Pattern example<br />
© 2017 Cassidian Cybersecurity SAS - All rights reserved. The reproduction, distribution and utilization of this document as well as the <strong>communication</strong> of its contents to others<br />
without express authorization is prohibited. Offenders will be held liable for the payment of damages. All right reserved in the event of the grand of a patent, utility model or design.<br />
Patterns:<br />
◮ DOT files with specific fields<br />
◮ condition on opcode, arguments, address,<br />
number of incoming and outgoing edges<br />
digraph decrypt xor sub {<br />
A [cond=”opcode is xor and arg2 is 0x11”]<br />
B [cond=”opcode is sub and arg2 is 0x25”]<br />
A −> B<br />
}<br />
10 / 39