Binary Obfuscation from the Top-Down: Obfuscating Executables Without Writing Assembly

Presented at DEF CON 17 (2009), July 31, 2009, 11 a.m. (50 minutes).

Binary obfuscation is commonly applied in malware and by software vendors in order to frustrate the efforts of reverse engineers to understand the underlying code. A common misconception is one must be a master of assembly in order to properly obfuscate a binary. However, with knowledge of compiler optimizations and certain keywords, one can frustratingly obfuscate their binary simply by writing specifically crafted high-level code. This talk will attempt to teach an array of methods that can be employed to obfuscate a binary as it is compiled rather than afterward. Knowledge of C/C++ is the only prerequisite for this talk.


Presenters:

  • Sean Taylor / Frank^2 - Security Engineer, Rapid7   as Sean "Frank^2" Taylor
    Sean Taylor is a candidate for a BS in Computer Science at Cal Poly Pomona. In his spare time he can be found trying to take apart various pieces of malware or tinkering with a personal project. He is one of the architects of TwatFS-- the Twitter file system-- created by DC949 and has helped develop other (perhaps questionable) tools for Twitter.

Links:

Similar Presentations: