Packer Genetics: The Selfish Code

Presented at REcon 2010, July 10, 2010, 10 a.m. (60 minutes).

Unpacking automation has been attacked in many different ways. In this paper we propose a new method based on the detection of unique characteristics in unpacked code. Using proper monitorization of the process it's possible to determine when the unpacking is done, even if multiple chained packers have been used.


Presenters:

  • Ero Carrera
    Ero Carrera is currently Chief Research Officer of Collaborative Security at VirusTotal and a reverse engineering automation researcher at zynamics GmbH (was SABRE Security GmbH), home of BinDiff and BinNavi. While working at F-Secure he advanced the field of malware classification introducing a joint paper with Gergely Erdelyi on applying genomic methods to binary structural classification. Other projects he's worked on include seminal research on generic unpacking. Ero has presented in conferences such as HackInTheBox, RSA, BlackHat and Source in addition of also teaching a reverse engineering course in the BlackHat conferences.
  • Jose Duart
    Jose Duart, also known as Tora, started doing reverse engineering in the late 90s and he's a big fan of death listing, zen cracking and wargames (as part of the inglorious Sexy Pandas team). His work has been always focused on reverse engineering and in most cases applied to several side-fields like anti-forensics, behaviour analysis or software optimization. He recently joined Zynamics to work inside the VxClass team.

Links:

Similar Presentations: