willy vasquez rising senior at mit › studying computer science and engineering › research with...

Report

Tags:

Post on 17-Dec-2015

218 Views

Category:

Documents

2 Downloads

Preview:

Click to see full reader

TRANSCRIPT

Visual Reverse Engineering

Willy Vasquez

Background

Willy Vasquez Rising Senior at MIT

› Studying Computer Science and Engineering

› Research with Shafi Goldwasser› Intern at Symantec Mobility Management

Group

Source

Work of Christopher Domas of the Battelle Memorial Institute

Brief overview of his talk at REcon › The Future of RE: Dynamic Binary

Visualization

Reverse Engineering

The goal is to answer “what is this and what does it do?”

From Art to Science

Lots of time to identify patterns Finding the patterns is an art.

Visual RE

Taking a computationally difficult task and translating it to a problem our brains naturally do

Traversing thousands of lines of hex and making sense of it in 20 seconds

Why improve?

Steganography Obfuscation Embedded Devices Unknown formats

Why improve?

Our current best RE tools are completely dependent on known structure

Gates’ Law› Software is getting slower more rapidly

than hardware becomes faster› Amount of Information we need to analyze

is growing exponentially

Background Ideas

Greg Conti› US Military Academy› Blackhat

Aldo Cortesi› Nullcube› corte.si

Conti’s Idea

Even in unstructured data there are relationships, especially among local hex bytes

Digraphs

Conti’s Idea

Ascii AudioImage

Cortesi’s Work

Mapping data to Hilbert curves

Building on Concepts

Goal: Understanding data independent of format

..cantor.dust..

Named after Georg Cantor Works off of emphasizing the idea of

relationships between binary information

3D Digraphs

Entropy Explorer

..cantor.dust.. classification

Bayesion Method to classify certain types of formats

..cantor.dust.. parsing

Current binary parsing› Recursive descent: IDA style that follows

patterns and calls in code› Linear sweep: objdump and goes through

in linear fashion Rely on a structures grammar ..cantor.dust.. Uses probabilistic

parsing, which does not rely on grammar

..cantor.dust.. parsing

..cantor.dust.. summary

A new way to look at binary information

Can find demo from blackhat presentation: https://media.blackhat.com/bh-us-12/Arsenal/Domas/_cantor.dust_.7z.zip

No updates since last summer

https://media.blackhat.com/bh-us-12/Arsenal/Domas/_cantor.dust_.7z.zip
https://media.blackhat.com/bh-us-12/Arsenal/Domas/_cantor.dust_.7z.zip

Sources

The full talk and slides located on the recon.cx website: › http://recon.cx/2013/schedule/events/20.ht

ml

http://recon.cx/2013/schedule/events/20.html
http://recon.cx/2013/schedule/events/20.html

top related

shafi human resource development
Documents
shafi lifestyle (pvt.) ltd - amazon s3 · 2020. 8. 31. ·...
Documents
imam shafi poem
Documents
shafi goldwasser, madhu sudan and vinod vaikuntanathan
Documents
fernando vasquez vasquez
Documents
lecture-notes ( shafi goldwasser)
Documents
1 a unifying approach for proving hardcore predicates using...
Documents
cv-mohamed shafi younus
Documents
bilal m. shafi
Documents
maulma mufti muhammad shafi
Documents
shafi s magic
Documents
tohfatul baari (shafi maslak)
Documents
groups.csail.mit.edu · probabilistic encryption* shafi...
Documents
the poetry of imam shafi
Documents
how to play mental poker keeping secret - mit...
Documents
perspectives 2017: shafi bhuiyan
Health & Medicine
wasilatush shafi
Documents
on the (in)security of the fiat-shamir...
Documents
torre shafi catalogo
Documents
dawa e shafi
Documents