Win at Reversing: Tracing and Sandboxing through Inline Hooking

Presented at DEF CON 17 (2009), Aug. 2, 2009, 11 a.m. (50 minutes).

This presentation will discuss a new free tool for Reverse Engineering called API Thief, the "I Win" button for malware analysis. The unique way the tool operates will be explored as well as how it is able to provide better quality data than other tracing tools currently available. Advanced usage of the tool for malware analysis will be demonstrated such as Sandboxing functionality and a new technique for automated unpacking.


Presenters:

  • Nick Harbour - Principal Consultant, Mandiant
    Nick Harbour is a Principal Consultant with Mandiant. He specializes in Malware Analysis and Incident Response as well as both offensive and defensive research and development. He also teaches malware analysis and reverse engineering. Nick's ten year history in the security industry began as a researcher and forensic examiner at the DoD Computer Forensics Lab (DCFL) where he helped pioneer the field of computer forensics. Nick is a developer of both free software including most notably dcfldd, the popular forensic disk imaging tool, tcpxtract, a tool for carving files out of network traffic and Mandiant Red Curtain and FindEvil, tools for identifying malicious binaries. He is also an expert in anti-reverse engineering technologies and has developed binary hardening tools such as PE-Scrambler. Nick is also a trained chef!

Links:

Similar Presentations: