Reverse Engineering with Hardware Debuggers

Presented at REcon 2010, July 11, 2010, 9 a.m. (60 minutes).

This is a brief tutorial of one of the reverse engineering tools (Hardware Emulator) used by the Air Force Research Laboratory to analyze application and driver code on x86 systems. It's also a neat way to debug hypervisors!


Presenters:

  • Jason Cheatham
    Jason has been involved in the computer security field for the past 5 years. During that time he has analyzed a number of commercial and government developed software systems, contributed to some very novel attack modeling research, and has become an accomplished lurker at technical conferences. Jason has also worked on the development side, creating an encryption tool that is officially certified for use on Air Force desktops and a stealthy kernel debugger that used by the DoD. Jason is also employed by the US Air Force Research Laboratory as a reverse engineer on the other Jason's assessment team.
  • Jason Raber
    Jason has spent 9 years in the world of reverse engineering, preceded by 5 years working at Texas Instruments developing compiler tools for DSPs (code generators, assemblers, linkers, disassemblers, etc). Developing Compilers for 5 years prior to reverse engineering provided a good foundation for understanding machine language and hardware that is commonly utilized in reverse engineering tasks. Jason has significant experience in extracting intellectual property from a broad spectrum of software, including user applications, DLLs, drivers, OS kernels, and firmware, on a variety of platforms (Windows/Linux/Mac/embedded). He has also worked on identifying and analyzing malware to characterize it and/or neutralize it. Jason has also presented at 2 different Black Hat Cons, Recon 2008, and WCRE 2008. Jason currently serves as a team lead for a software assessment team in the United States Air Force Research Laboratory, providing the DoD with specialized software security support.

Links:

Similar Presentations: