Presented at
DerbyCon 7.0 Legacy (2017),
Sept. 23, 2017, 9 a.m.
(50 minutes).
JReFrameworker is a Java bytecode manipulation tool released at DEFCON 24 that lowers the barrier to entry for developing Managed Code Rootkits in the Java Virtual Machine. Bytecode manipulations are written entirely in source code, removing the need for any pre-requisite knowledge of bytecode internals and allowing anyone with a basic working knowledge of Java to develop a sophisticated rootkit. Following the tool’s original release last year, development has continued while incorporating community feedback. Along with the improved documentation, bug fixes, and rigorous unit testing comes the ability to create multiphase manipulations, incremental compilation, an improved Metasploit post module, and integrations into the Atlas program analysis framework. By including interactive visual program analysis capabilities, JReFrameworker can automatically generate payloads for arbitrary programs at the click of a mouse (think Minority Report meets rootkit development). Finally, we explore alternate applications of the framework for reverse engineering and hardening third party applications. At the end, a special Derbycon release of the tool, which includes a little something extra, will be revealed.
Ben Holland is a PhD candidate at Iowa State University with experience working on two high profile DARPA projects. He has extensive experience writing program analyzers to detect novel and sophisticated malware in Android applications and served on the ISU team as a key analyst for DARPA’s Automated Program Analysis for Cybersecurity (APAC) program. His past work experience has been in research at Iowa State University, mission assurance at MITRE, government systems at Rockwell Collins, and systems engineering at Wabtec Railway Electronics. Ben holds a M.S. degree in Computer Engineering and Information Assurance, a B.S. in Computer Engineering, and a B.S. in Computer Science. Currently he is a member of ISU’s Knowledge-Centric Software Lab working on DARPA’s Space/Time Analysis for Cybersecurity (STAC) program.
@daedared
Presenters:
Links:
Similar Presentations: