Memory analysis - Looking into the eye of the bits

Presented at REcon 2010, July 11, 2010, 10 a.m. (60 minutes).

Memory analysis is a reverse engineering method every reverser uses, but we rarely pay attention to doing it right, and the abundance of information that we can gain by it. Besides reverse engineering, this method can be used for security, debugging, monitoring, cheating in games, fun and profit. Assaf Nativ shares with the audience his tools for a new type of software analysis which allows recovering internal implementation details using only passive memory analysis, and without requiring any disassembly. He explains the benefits of this method. Assaf discusses a major application of this technique (monitoring application activity), and demonstrates recovering the internal structures of a complex program, as well as a new security problem he had discovered in Microsoft SQL Server while applying this technique.

Presenters:

• Assaf Nativ
  Assaf Nativ is a leading security researcher at Sentrigo. He has been active as an SRE during the last 10 years in various positions. Assaf is credited for discovering various DBMS vulnerabilities. In his free time he practices professional cheating in Facebook games.

Links:

• https://recon.cx/2010/speakers.html#memory
• https://recon.cx/2010/slides/2010_07_12_Looking_In_The_Eye_Of_The_Bits.pdf

Similar Presentations:

• REcon 2006 / Reverse Engineering Microsoft Binaries
• DEF CON 30 (2022) / Master Class: Delivering a New Construct in Advanced Volatile Memory Analysis for Fun and Profit Workshop
• DEF CON 30 (2022) / Xavier Memory Analysis Framework Demo