SlideShare uma empresa Scribd logo

Security Applications For Emulation

Transferir como PPT, PDF
Silvio Cesare
Silvio Cesare
Tecnologia
1 de 62
Security Applications For Emulation ,[object Object]
Speaker details ,[object Object],[object Object],[object Object]
Outline ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Virtualization ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Emulation and Dynamic Binary Translation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Dynamic Analysis and Emulation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Part i) Reverse Engineering Cisco IOS's Heap Management
Reverse Engineering Cisco IOS with Dynamips ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
IOS Heap Management Basics ,[object Object],[object Object],[object Object],[object Object],[object Object]
Dynamic Analysis Approach ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Identifying Functions with Dynamic Analysis ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Testing the results with a double free and overlapping allocation checker. ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Detecting IOS 0-day ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Reference Counting. ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
MallocLite ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Cisco IOS TODO ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Cisco IOS Summary ,[object Object],[object Object],[object Object]
Part ii) Tracing execution and evaluating the capabilities of binaries and potential malware
Tracing and evaluating the capabilities of binaries ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
TTAnalyze ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
TTAnalyze concepts ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
TTAnalyze Implementation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
TTAnalyze Implementation Challenges ,[object Object],[object Object],[object Object],[object Object],[object Object]
TTAnalyze Attacks ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Binary Tracing Summary ,[object Object],[object Object]
Part iii) Using emulation for dynamic taint analysis
Dynamic Taint Analysis ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Dynamic Taint Analysis in Vulnerability Detection ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Argos: A tool for detecting 0day attacks ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Dyanamic Taint Analysis Summary ,[object Object],[object Object],[object Object]
Part iv) Automated Unpacking
Packers ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Unpacking ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Automated Unpacking ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Automated Unpacking Implementation Approaches ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Automated Unpacking using an Emulator ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Using an AV style Emulator as a CPU checker ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Automated Unpacking using an Emulator implementation ,[object Object],[object Object],[object Object],[object Object],[object Object]
Attacks against Automated Unpackers and Emulators ,[object Object],[object Object],[object Object],[object Object]
Attacks (cont): Virtual Machine Packers ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Automated Unpacking Summary ,[object Object],[object Object],[object Object]
Part v) Using emulation to design and implement symbolic execution
Symbolic Execution ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
SMT Based Constraint Solvers ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Applications of Symbolic Execution ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Symbolic Execution Implementation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Symbolic Execution Challenges ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Symbolic Execution Summary ,[object Object],[object Object],[object Object]
Part vi) Detecting Runtime Errors in Programs
Valgrind ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Valgrind's MemCheck with uninitialized variables ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Detecting Runtime Heap Errors in the Linux Kernel ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Linux Kernel MemCheck ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Linux Kernel Heap Management ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Linux Kernel Heap Tracing and Guest Linux Implementation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
MemCheck QEMU implementation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
MemChecking the Linux Kernel ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
MemCheck Limitations ,[object Object],[object Object],[object Object],[object Object],[object Object]
MemCheck TODO ,[object Object],[object Object],[object Object],[object Object],[object Object]
MemCheck Packages ,[object Object],[object Object]
Runtime Error Detection Summary ,[object Object],[object Object],[object Object]
That’s all folks… A 2008 CQU Graduate looking for interesting employment. [email_address]

Recomendados

Application Profiling for Memory and Performance
Application Profiling for Memory and PerformanceApplication Profiling for Memory and Performance
Application Profiling for Memory and Performance
pradeepfn
 
Hs P005 Reflective Dll Injection
Hs P005 Reflective Dll InjectionHs P005 Reflective Dll Injection
Hs P005 Reflective Dll Injection
KarlFrank99
 
The Nightmare Fuzzing Suite and Blind Code Coverage Fuzzer
The Nightmare Fuzzing Suite and Blind Code Coverage FuzzerThe Nightmare Fuzzing Suite and Blind Code Coverage Fuzzer
The Nightmare Fuzzing Suite and Blind Code Coverage Fuzzer
Joxean Koret
 
Richard Johnson, high performance fuzzing
Richard Johnson, high performance fuzzingRichard Johnson, high performance fuzzing
Richard Johnson, high performance fuzzing
PacSecJP
 
Writing Metasploit Plugins
Writing Metasploit PluginsWriting Metasploit Plugins
Writing Metasploit Plugins
amiable_indian
 
Java multi thread programming on cmp system
Java multi thread programming on cmp systemJava multi thread programming on cmp system
Java multi thread programming on cmp system
QUAID-E-AWAM UNIVERSITY OF ENGINEERING, SCIENCE & TECHNOLOGY, NAWABSHAH, SINDH, PAKISTAN
 
jvm/java - towards lock-free concurrency
jvm/java - towards lock-free concurrencyjvm/java - towards lock-free concurrency
jvm/java - towards lock-free concurrency
Arvind Kalyan
 
Java Deserialization Vulnerabilities - The Forgotten Bug Class
Java Deserialization Vulnerabilities - The Forgotten Bug ClassJava Deserialization Vulnerabilities - The Forgotten Bug Class
Java Deserialization Vulnerabilities - The Forgotten Bug Class
CODE WHITE GmbH
 

Recomendados

Application Profiling for Memory and Performance
Application Profiling for Memory and PerformanceApplication Profiling for Memory and Performance
Application Profiling for Memory and Performance
pradeepfn
 
Hs P005 Reflective Dll Injection
Hs P005 Reflective Dll InjectionHs P005 Reflective Dll Injection
Hs P005 Reflective Dll Injection
KarlFrank99
 
The Nightmare Fuzzing Suite and Blind Code Coverage Fuzzer
The Nightmare Fuzzing Suite and Blind Code Coverage FuzzerThe Nightmare Fuzzing Suite and Blind Code Coverage Fuzzer
The Nightmare Fuzzing Suite and Blind Code Coverage Fuzzer
Joxean Koret
 
Richard Johnson, high performance fuzzing
Richard Johnson, high performance fuzzingRichard Johnson, high performance fuzzing
Richard Johnson, high performance fuzzing
PacSecJP
 
Writing Metasploit Plugins
Writing Metasploit PluginsWriting Metasploit Plugins
Writing Metasploit Plugins
amiable_indian
 
Java multi thread programming on cmp system
Java multi thread programming on cmp systemJava multi thread programming on cmp system
Java multi thread programming on cmp system
QUAID-E-AWAM UNIVERSITY OF ENGINEERING, SCIENCE & TECHNOLOGY, NAWABSHAH, SINDH, PAKISTAN
 
jvm/java - towards lock-free concurrency
jvm/java - towards lock-free concurrencyjvm/java - towards lock-free concurrency
jvm/java - towards lock-free concurrency
Arvind Kalyan
 
Java Deserialization Vulnerabilities - The Forgotten Bug Class
Java Deserialization Vulnerabilities - The Forgotten Bug ClassJava Deserialization Vulnerabilities - The Forgotten Bug Class
Java Deserialization Vulnerabilities - The Forgotten Bug Class
CODE WHITE GmbH
 
Profiler Guided Java Performance Tuning
Profiler Guided Java Performance TuningProfiler Guided Java Performance Tuning
Profiler Guided Java Performance Tuning
osa_ora
 
Vulnerability desing patterns
Vulnerability desing patternsVulnerability desing patterns
Vulnerability desing patterns
Peter Hlavaty
 
Slmail Buffer Overflow
Slmail Buffer OverflowSlmail Buffer Overflow
Slmail Buffer Overflow
Eric alleshouse
 
Vulnserver bufferoverflow
Vulnserver bufferoverflowVulnserver bufferoverflow
Vulnserver bufferoverflow
Eric alleshouse
 
[CCC-28c3] Post Memory Corruption Memory Analysis
[CCC-28c3] Post Memory Corruption Memory Analysis[CCC-28c3] Post Memory Corruption Memory Analysis
[CCC-28c3] Post Memory Corruption Memory Analysis
Moabi.com
 
Threads
ThreadsThreads
Threads
SURBHI SAROHA
 
FreeRTOS Course - Queue Management
FreeRTOS Course - Queue ManagementFreeRTOS Course - Queue Management
FreeRTOS Course - Queue Management
Amr Ali (ISTQB CTAL Full, CSM, ITIL Foundation)
 
Attack on the Core
Attack on the CoreAttack on the Core
Attack on the Core
Peter Hlavaty
 
Essentials of Multithreaded System Programming in C++
Essentials of Multithreaded System Programming in C++Essentials of Multithreaded System Programming in C++
Essentials of Multithreaded System Programming in C++
Shuo Chen
 
Java Core | Modern Java Concurrency | Martijn Verburg & Ben Evans
Java Core | Modern Java Concurrency | Martijn Verburg & Ben EvansJava Core | Modern Java Concurrency | Martijn Verburg & Ben Evans
Java Core | Modern Java Concurrency | Martijn Verburg & Ben Evans
JAX London
 
Understanding the Dalvik Virtual Machine
Understanding the Dalvik Virtual MachineUnderstanding the Dalvik Virtual Machine
Understanding the Dalvik Virtual Machine
National Cheng Kung University
 
Java Performance Tuning
Java Performance TuningJava Performance Tuning
Java Performance Tuning
Atthakorn Chanthong
 
JVM: A Platform for Multiple Languages
JVM: A Platform for Multiple LanguagesJVM: A Platform for Multiple Languages
JVM: A Platform for Multiple Languages
Kris Mok
 
Free FreeRTOS Course-Task Management
Free FreeRTOS Course-Task ManagementFree FreeRTOS Course-Task Management
Free FreeRTOS Course-Task Management
Amr Ali (ISTQB CTAL Full, CSM, ITIL Foundation)
 
Buffer overflow
Buffer overflowBuffer overflow
Buffer overflow
قصي نسور
 
24 33 -_metasploit
24 33 -_metasploit24 33 -_metasploit
24 33 -_metasploit
wozgeass
 
[Defcon24] Introduction to the Witchcraft Compiler Collection
[Defcon24] Introduction to the Witchcraft Compiler Collection[Defcon24] Introduction to the Witchcraft Compiler Collection
[Defcon24] Introduction to the Witchcraft Compiler Collection
Moabi.com
 
Power of linked list
Power of linked listPower of linked list
Power of linked list
Peter Hlavaty
 
Java Deserialization Vulnerabilities - The Forgotten Bug Class (DeepSec Edition)
Java Deserialization Vulnerabilities - The Forgotten Bug Class (DeepSec Edition)Java Deserialization Vulnerabilities - The Forgotten Bug Class (DeepSec Edition)
Java Deserialization Vulnerabilities - The Forgotten Bug Class (DeepSec Edition)
CODE WHITE GmbH
 
The Ruby Guide to *nix Plumbing: Hax0R R3dux
The Ruby Guide to *nix Plumbing: Hax0R R3duxThe Ruby Guide to *nix Plumbing: Hax0R R3dux
The Ruby Guide to *nix Plumbing: Hax0R R3dux
Eleanor McHugh
 
Leonardo da vinci
Leonardo da vinciLeonardo da vinci
Leonardo da vinci
Catalin Martin
 
HOOPVOLLE GESINNE #1 - Families saam op Reis!
HOOPVOLLE GESINNE #1 - Families saam op Reis!HOOPVOLLE GESINNE #1 - Families saam op Reis!
HOOPVOLLE GESINNE #1 - Families saam op Reis!
Deon Kitching
 

Mais conteúdo relacionado

Mais procurados

Essentials of Multithreaded System Programming in C++
Essentials of Multithreaded System Programming in C++Essentials of Multithreaded System Programming in C++
Essentials of Multithreaded System Programming in C++
Shuo Chen
 
Java Core | Modern Java Concurrency | Martijn Verburg & Ben Evans
Java Core | Modern Java Concurrency | Martijn Verburg & Ben EvansJava Core | Modern Java Concurrency | Martijn Verburg & Ben Evans
Java Core | Modern Java Concurrency | Martijn Verburg & Ben Evans
JAX London
 
24 33 -_metasploit
24 33 -_metasploit24 33 -_metasploit
24 33 -_metasploit
wozgeass
 
[Defcon24] Introduction to the Witchcraft Compiler Collection
[Defcon24] Introduction to the Witchcraft Compiler Collection[Defcon24] Introduction to the Witchcraft Compiler Collection
[Defcon24] Introduction to the Witchcraft Compiler Collection
Moabi.com
 

Mais procurados (20)

Profiler Guided Java Performance Tuning
Profiler Guided Java Performance TuningProfiler Guided Java Performance Tuning
Profiler Guided Java Performance Tuning
 
Vulnerability desing patterns
Vulnerability desing patternsVulnerability desing patterns
Vulnerability desing patterns
 
Slmail Buffer Overflow
Slmail Buffer OverflowSlmail Buffer Overflow
Slmail Buffer Overflow
 
Vulnserver bufferoverflow
Vulnserver bufferoverflowVulnserver bufferoverflow
Vulnserver bufferoverflow
 
[CCC-28c3] Post Memory Corruption Memory Analysis
[CCC-28c3] Post Memory Corruption Memory Analysis[CCC-28c3] Post Memory Corruption Memory Analysis
[CCC-28c3] Post Memory Corruption Memory Analysis
 
Threads
ThreadsThreads
Threads
 
FreeRTOS Course - Queue Management
FreeRTOS Course - Queue ManagementFreeRTOS Course - Queue Management
FreeRTOS Course - Queue Management
 
Attack on the Core
Attack on the CoreAttack on the Core
Attack on the Core
 
Essentials of Multithreaded System Programming in C++
Essentials of Multithreaded System Programming in C++Essentials of Multithreaded System Programming in C++
Essentials of Multithreaded System Programming in C++
 
Java Core | Modern Java Concurrency | Martijn Verburg & Ben Evans
Java Core | Modern Java Concurrency | Martijn Verburg & Ben EvansJava Core | Modern Java Concurrency | Martijn Verburg & Ben Evans
Java Core | Modern Java Concurrency | Martijn Verburg & Ben Evans
 
Understanding the Dalvik Virtual Machine
Understanding the Dalvik Virtual MachineUnderstanding the Dalvik Virtual Machine
Understanding the Dalvik Virtual Machine
 
Java Performance Tuning
Java Performance TuningJava Performance Tuning
Java Performance Tuning
 
JVM: A Platform for Multiple Languages
JVM: A Platform for Multiple LanguagesJVM: A Platform for Multiple Languages
JVM: A Platform for Multiple Languages
 
Free FreeRTOS Course-Task Management
Free FreeRTOS Course-Task ManagementFree FreeRTOS Course-Task Management
Free FreeRTOS Course-Task Management
 
Buffer overflow
Buffer overflowBuffer overflow
Buffer overflow
 
24 33 -_metasploit
24 33 -_metasploit24 33 -_metasploit
24 33 -_metasploit
 
[Defcon24] Introduction to the Witchcraft Compiler Collection
[Defcon24] Introduction to the Witchcraft Compiler Collection[Defcon24] Introduction to the Witchcraft Compiler Collection
[Defcon24] Introduction to the Witchcraft Compiler Collection
 
Power of linked list
Power of linked listPower of linked list
Power of linked list
 
Java Deserialization Vulnerabilities - The Forgotten Bug Class (DeepSec Edition)
Java Deserialization Vulnerabilities - The Forgotten Bug Class (DeepSec Edition)Java Deserialization Vulnerabilities - The Forgotten Bug Class (DeepSec Edition)
Java Deserialization Vulnerabilities - The Forgotten Bug Class (DeepSec Edition)
 
The Ruby Guide to *nix Plumbing: Hax0R R3dux
The Ruby Guide to *nix Plumbing: Hax0R R3duxThe Ruby Guide to *nix Plumbing: Hax0R R3dux
The Ruby Guide to *nix Plumbing: Hax0R R3dux
 

Destaque

Automated Detection of Software Bugs and Vulnerabilities in Linux
Automated Detection of Software Bugs and Vulnerabilities in LinuxAutomated Detection of Software Bugs and Vulnerabilities in Linux
Automated Detection of Software Bugs and Vulnerabilities in Linux
Silvio Cesare
 
Deon vyf raamwerk 27-07-2013
Deon vyf raamwerk 27-07-2013Deon vyf raamwerk 27-07-2013
Deon vyf raamwerk 27-07-2013
Deon Kitching
 
Design Authors -- Designer Candles
Design Authors -- Designer CandlesDesign Authors -- Designer Candles
Design Authors -- Designer Candles
designauthors
 
EMMAUS SENTRUM KORT KURSUSSE (enhanced by VisualBee)
EMMAUS SENTRUM KORT KURSUSSE (enhanced by VisualBee)EMMAUS SENTRUM KORT KURSUSSE (enhanced by VisualBee)
EMMAUS SENTRUM KORT KURSUSSE (enhanced by VisualBee)
Deon Kitching
 
Effective technology integration for 21st century
Effective technology integration for 21st centuryEffective technology integration for 21st century
Effective technology integration for 21st century
gennab
 
Modkats Vir Klein Gemeentes 2012 (enhanced by VisualBee)
Modkats Vir Klein Gemeentes 2012 (enhanced by VisualBee)Modkats Vir Klein Gemeentes 2012 (enhanced by VisualBee)
Modkats Vir Klein Gemeentes 2012 (enhanced by VisualBee)
Deon Kitching
 
Simseer.com - Malware Similarity and Clustering Made Easy
Simseer.com - Malware Similarity and Clustering Made EasySimseer.com - Malware Similarity and Clustering Made Easy
Simseer.com - Malware Similarity and Clustering Made Easy
Silvio Cesare
 
A BEGINNER’S JOURNEY INTO THE WORLD OF HARDWARE HACKING
A BEGINNER’S JOURNEY INTO THE WORLD OF HARDWARE HACKINGA BEGINNER’S JOURNEY INTO THE WORLD OF HARDWARE HACKING
A BEGINNER’S JOURNEY INTO THE WORLD OF HARDWARE HACKING
Silvio Cesare
 
Kelloggs india presentation
Kelloggs india presentationKelloggs india presentation
Kelloggs india presentation
Divyanshu Mishra
 
Lux final presentation group one
Lux final presentation group oneLux final presentation group one
Lux final presentation group one
Divyanshu Mishra
 

Destaque (17)

Leonardo da vinci
Leonardo da vinciLeonardo da vinci
Leonardo da vinci
 
HOOPVOLLE GESINNE #1 - Families saam op Reis!
HOOPVOLLE GESINNE #1 - Families saam op Reis!HOOPVOLLE GESINNE #1 - Families saam op Reis!
HOOPVOLLE GESINNE #1 - Families saam op Reis!
 
Leonardo da vinci
Leonardo da vinciLeonardo da vinci
Leonardo da vinci
 
Automated Detection of Software Bugs and Vulnerabilities in Linux
Automated Detection of Software Bugs and Vulnerabilities in LinuxAutomated Detection of Software Bugs and Vulnerabilities in Linux
Automated Detection of Software Bugs and Vulnerabilities in Linux
 
Deon vyf raamwerk 27-07-2013
Deon vyf raamwerk 27-07-2013Deon vyf raamwerk 27-07-2013
Deon vyf raamwerk 27-07-2013
 
Design Authors -- Designer Candles
Design Authors -- Designer CandlesDesign Authors -- Designer Candles
Design Authors -- Designer Candles
 
Bou 'n Volhoubare Jeugbediening H J v Vuren
Bou 'n Volhoubare Jeugbediening H J v VurenBou 'n Volhoubare Jeugbediening H J v Vuren
Bou 'n Volhoubare Jeugbediening H J v Vuren
 
EMMAUS SENTRUM KORT KURSUSSE (enhanced by VisualBee)
EMMAUS SENTRUM KORT KURSUSSE (enhanced by VisualBee)EMMAUS SENTRUM KORT KURSUSSE (enhanced by VisualBee)
EMMAUS SENTRUM KORT KURSUSSE (enhanced by VisualBee)
 
Effective technology integration for 21st century
Effective technology integration for 21st centuryEffective technology integration for 21st century
Effective technology integration for 21st century
 
Modkats Vir Klein Gemeentes 2012 (enhanced by VisualBee)
Modkats Vir Klein Gemeentes 2012 (enhanced by VisualBee)Modkats Vir Klein Gemeentes 2012 (enhanced by VisualBee)
Modkats Vir Klein Gemeentes 2012 (enhanced by VisualBee)
 
A Fast Flowgraph Based Classification System for Packed and Polymorphic Malwa...
A Fast Flowgraph Based Classification System for Packed and Polymorphic Malwa...A Fast Flowgraph Based Classification System for Packed and Polymorphic Malwa...
A Fast Flowgraph Based Classification System for Packed and Polymorphic Malwa...
 
Hypertrophy of Adenoid
Hypertrophy of AdenoidHypertrophy of Adenoid
Hypertrophy of Adenoid
 
Simseer.com - Malware Similarity and Clustering Made Easy
Simseer.com - Malware Similarity and Clustering Made EasySimseer.com - Malware Similarity and Clustering Made Easy
Simseer.com - Malware Similarity and Clustering Made Easy
 
A BEGINNER’S JOURNEY INTO THE WORLD OF HARDWARE HACKING
A BEGINNER’S JOURNEY INTO THE WORLD OF HARDWARE HACKINGA BEGINNER’S JOURNEY INTO THE WORLD OF HARDWARE HACKING
A BEGINNER’S JOURNEY INTO THE WORLD OF HARDWARE HACKING
 
Malware Classification Using Structured Control Flow
Malware Classification Using Structured Control FlowMalware Classification Using Structured Control Flow
Malware Classification Using Structured Control Flow
 
Kelloggs india presentation
Kelloggs india presentationKelloggs india presentation
Kelloggs india presentation
 
Lux final presentation group one
Lux final presentation group oneLux final presentation group one
Lux final presentation group one
 

Semelhante a Security Applications For Emulation

Exploit Frameworks
Exploit FrameworksExploit Frameworks
Exploit Frameworks
phanleson
 
Concurrency Learning From Jdk Source
Concurrency Learning From Jdk SourceConcurrency Learning From Jdk Source
Concurrency Learning From Jdk Source
Kaniska Mandal
 
What
WhatWhat
What
anity
 
Debugging With Id
Debugging With IdDebugging With Id
Debugging With Id
guest215c4e
 
Describe synchronization techniques used by programmers who develop .pdf
Describe synchronization techniques used by programmers who develop .pdfDescribe synchronization techniques used by programmers who develop .pdf
Describe synchronization techniques used by programmers who develop .pdf
excellentmobiles
 
Linux kernel-rootkit-dev - Wonokaerun
Linux kernel-rootkit-dev - WonokaerunLinux kernel-rootkit-dev - Wonokaerun
Linux kernel-rootkit-dev - Wonokaerun
idsecconf
 

Semelhante a Security Applications For Emulation (20)

Metasploit
MetasploitMetasploit
Metasploit
 
Linux Internals - Interview essentials - 1.0
Linux Internals - Interview essentials - 1.0Linux Internals - Interview essentials - 1.0
Linux Internals - Interview essentials - 1.0
 
Metasploit
MetasploitMetasploit
Metasploit
 
Exploit Frameworks
Exploit FrameworksExploit Frameworks
Exploit Frameworks
 
Linux Assignment 3
Linux Assignment 3Linux Assignment 3
Linux Assignment 3
 
Fun and Games with Mac OS X and iPhone Payloads White Paper, Black Hat EU 2009
Fun and Games with Mac OS X and iPhone Payloads White Paper, Black Hat EU 2009Fun and Games with Mac OS X and iPhone Payloads White Paper, Black Hat EU 2009
Fun and Games with Mac OS X and iPhone Payloads White Paper, Black Hat EU 2009
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacks
 
Advanced malwareanalysis training session2 botnet analysis part1
Advanced malwareanalysis training session2 botnet analysis part1Advanced malwareanalysis training session2 botnet analysis part1
Advanced malwareanalysis training session2 botnet analysis part1
 
Exploring .NET memory management - JetBrains webinar
Exploring .NET memory management - JetBrains webinarExploring .NET memory management - JetBrains webinar
Exploring .NET memory management - JetBrains webinar
 
Metasploit Basics
Metasploit BasicsMetasploit Basics
Metasploit Basics
 
JetBrains Day Seoul - Exploring .NET’s memory management – a trip down memory...
JetBrains Day Seoul - Exploring .NET’s memory management – a trip down memory...JetBrains Day Seoul - Exploring .NET’s memory management – a trip down memory...
JetBrains Day Seoul - Exploring .NET’s memory management – a trip down memory...
 
Binary translation
Binary translationBinary translation
Binary translation
 
Concurrency Learning From Jdk Source
Concurrency Learning From Jdk SourceConcurrency Learning From Jdk Source
Concurrency Learning From Jdk Source
 
Breakfast cereal for advanced beginners
Breakfast cereal for advanced beginnersBreakfast cereal for advanced beginners
Breakfast cereal for advanced beginners
 
What
WhatWhat
What
 
Debugging With Id
Debugging With IdDebugging With Id
Debugging With Id
 
Concurrency and parallel in .net
Concurrency and parallel in .netConcurrency and parallel in .net
Concurrency and parallel in .net
 
Describe synchronization techniques used by programmers who develop .pdf
Describe synchronization techniques used by programmers who develop .pdfDescribe synchronization techniques used by programmers who develop .pdf
Describe synchronization techniques used by programmers who develop .pdf
 
DotNetFest - Let’s refresh our memory! Memory management in .NET
DotNetFest - Let’s refresh our memory! Memory management in .NETDotNetFest - Let’s refresh our memory! Memory management in .NET
DotNetFest - Let’s refresh our memory! Memory management in .NET
 
Linux kernel-rootkit-dev - Wonokaerun
Linux kernel-rootkit-dev - WonokaerunLinux kernel-rootkit-dev - Wonokaerun
Linux kernel-rootkit-dev - Wonokaerun
 

Mais de Silvio Cesare

A WHIRLWIND TOUR OF ACADEMIC TECHNIQUES FOR REAL-WORLD SECURITY RESEARCHERS
A WHIRLWIND TOUR OF ACADEMIC TECHNIQUES FOR REAL-WORLD SECURITY RESEARCHERSA WHIRLWIND TOUR OF ACADEMIC TECHNIQUES FOR REAL-WORLD SECURITY RESEARCHERS
A WHIRLWIND TOUR OF ACADEMIC TECHNIQUES FOR REAL-WORLD SECURITY RESEARCHERS
Silvio Cesare
 
Simseer and Bugwise - Web Services for Binary-level Software Similarity and D...
Simseer and Bugwise - Web Services for Binary-level Software Similarity and D...Simseer and Bugwise - Web Services for Binary-level Software Similarity and D...
Simseer and Bugwise - Web Services for Binary-level Software Similarity and D...
Silvio Cesare
 
FooCodeChu - Services for Software Analysis, Malware Detection, and Vulnerabi...
FooCodeChu - Services for Software Analysis, Malware Detection, and Vulnerabi...FooCodeChu - Services for Software Analysis, Malware Detection, and Vulnerabi...
FooCodeChu - Services for Software Analysis, Malware Detection, and Vulnerabi...
Silvio Cesare
 
Detecting Bugs in Binaries Using Decompilation and Data Flow Analysis
Detecting Bugs in Binaries Using Decompilation and Data Flow AnalysisDetecting Bugs in Binaries Using Decompilation and Data Flow Analysis
Detecting Bugs in Binaries Using Decompilation and Data Flow Analysis
Silvio Cesare
 
Clonewise - Automatically Detecting Package Clones and Inferring Security Vu...
Clonewise - Automatically Detecting Package Clones and Inferring Security Vu...Clonewise - Automatically Detecting Package Clones and Inferring Security Vu...
Clonewise - Automatically Detecting Package Clones and Inferring Security Vu...
Silvio Cesare
 
Wire - A Formal Intermediate Language for Binary Analysis
Wire - A Formal Intermediate Language for Binary AnalysisWire - A Formal Intermediate Language for Binary Analysis
Wire - A Formal Intermediate Language for Binary Analysis
Silvio Cesare
 
Effective flowgraph-based malware variant detection
Effective flowgraph-based malware variant detectionEffective flowgraph-based malware variant detection
Effective flowgraph-based malware variant detection
Silvio Cesare
 
Simseer - A Software Similarity Web Service
Simseer - A Software Similarity Web ServiceSimseer - A Software Similarity Web Service
Simseer - A Software Similarity Web Service
Silvio Cesare
 
Faster, More Effective Flowgraph-based Malware Classification
Faster, More Effective Flowgraph-based Malware ClassificationFaster, More Effective Flowgraph-based Malware Classification
Faster, More Effective Flowgraph-based Malware Classification
Silvio Cesare
 
Malware Variant Detection Using Similarity Search over Sets of Control Flow G...
Malware Variant Detection Using Similarity Search over Sets of Control Flow G...Malware Variant Detection Using Similarity Search over Sets of Control Flow G...
Malware Variant Detection Using Similarity Search over Sets of Control Flow G...
Silvio Cesare
 
Simple Bugs and Vulnerabilities in Linux Distributions
Simple Bugs and Vulnerabilities in Linux DistributionsSimple Bugs and Vulnerabilities in Linux Distributions
Simple Bugs and Vulnerabilities in Linux Distributions
Silvio Cesare
 
Fast Automated Unpacking and Classification of Malware
Fast Automated Unpacking and Classification of MalwareFast Automated Unpacking and Classification of Malware
Fast Automated Unpacking and Classification of Malware
Silvio Cesare
 
Auditing the Opensource Kernels
Auditing the Opensource KernelsAuditing the Opensource Kernels
Auditing the Opensource Kernels
Silvio Cesare
 

Mais de Silvio Cesare (13)

A WHIRLWIND TOUR OF ACADEMIC TECHNIQUES FOR REAL-WORLD SECURITY RESEARCHERS
A WHIRLWIND TOUR OF ACADEMIC TECHNIQUES FOR REAL-WORLD SECURITY RESEARCHERSA WHIRLWIND TOUR OF ACADEMIC TECHNIQUES FOR REAL-WORLD SECURITY RESEARCHERS
A WHIRLWIND TOUR OF ACADEMIC TECHNIQUES FOR REAL-WORLD SECURITY RESEARCHERS
 
Simseer and Bugwise - Web Services for Binary-level Software Similarity and D...
Simseer and Bugwise - Web Services for Binary-level Software Similarity and D...Simseer and Bugwise - Web Services for Binary-level Software Similarity and D...
Simseer and Bugwise - Web Services for Binary-level Software Similarity and D...
 
FooCodeChu - Services for Software Analysis, Malware Detection, and Vulnerabi...
FooCodeChu - Services for Software Analysis, Malware Detection, and Vulnerabi...FooCodeChu - Services for Software Analysis, Malware Detection, and Vulnerabi...
FooCodeChu - Services for Software Analysis, Malware Detection, and Vulnerabi...
 
Detecting Bugs in Binaries Using Decompilation and Data Flow Analysis
Detecting Bugs in Binaries Using Decompilation and Data Flow AnalysisDetecting Bugs in Binaries Using Decompilation and Data Flow Analysis
Detecting Bugs in Binaries Using Decompilation and Data Flow Analysis
 
Clonewise - Automatically Detecting Package Clones and Inferring Security Vu...
Clonewise - Automatically Detecting Package Clones and Inferring Security Vu...Clonewise - Automatically Detecting Package Clones and Inferring Security Vu...
Clonewise - Automatically Detecting Package Clones and Inferring Security Vu...
 
Wire - A Formal Intermediate Language for Binary Analysis
Wire - A Formal Intermediate Language for Binary AnalysisWire - A Formal Intermediate Language for Binary Analysis
Wire - A Formal Intermediate Language for Binary Analysis
 
Effective flowgraph-based malware variant detection
Effective flowgraph-based malware variant detectionEffective flowgraph-based malware variant detection
Effective flowgraph-based malware variant detection
 
Simseer - A Software Similarity Web Service
Simseer - A Software Similarity Web ServiceSimseer - A Software Similarity Web Service
Simseer - A Software Similarity Web Service
 
Faster, More Effective Flowgraph-based Malware Classification
Faster, More Effective Flowgraph-based Malware ClassificationFaster, More Effective Flowgraph-based Malware Classification
Faster, More Effective Flowgraph-based Malware Classification
 
Malware Variant Detection Using Similarity Search over Sets of Control Flow G...
Malware Variant Detection Using Similarity Search over Sets of Control Flow G...Malware Variant Detection Using Similarity Search over Sets of Control Flow G...
Malware Variant Detection Using Similarity Search over Sets of Control Flow G...
 
Simple Bugs and Vulnerabilities in Linux Distributions
Simple Bugs and Vulnerabilities in Linux DistributionsSimple Bugs and Vulnerabilities in Linux Distributions
Simple Bugs and Vulnerabilities in Linux Distributions
 
Fast Automated Unpacking and Classification of Malware
Fast Automated Unpacking and Classification of MalwareFast Automated Unpacking and Classification of Malware
Fast Automated Unpacking and Classification of Malware
 
Auditing the Opensource Kernels
Auditing the Opensource KernelsAuditing the Opensource Kernels
Auditing the Opensource Kernels
 

Último

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 

Último (20)

Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 

Security Applications For Emulation

  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7. Part i) Reverse Engineering Cisco IOS's Heap Management
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18. Part ii) Tracing execution and evaluating the capabilities of binaries and potential malware
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26. Part iii) Using emulation for dynamic taint analysis
  • 27.
  • 28.
  • 29.
  • 30.
  • 31. Part iv) Automated Unpacking
  • 32.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
  • 39.
  • 40.
  • 41.
  • 42. Part v) Using emulation to design and implement symbolic execution
  • 43.
  • 44.
  • 45.
  • 46.
  • 47.
  • 48.
  • 49. Part vi) Detecting Runtime Errors in Programs
  • 50.
  • 51.
  • 52.
  • 53.
  • 54.
  • 55.
  • 56.
  • 57.
  • 58.
  • 59.
  • 60.
  • 61.
  • 62. That’s all folks… A 2008 CQU Graduate looking for interesting employment. [email_address]