Recognition of binary patterns by Morphological analysis

Presented at REcon 2012, June 16, 2012, 11 a.m. (60 minutes).

Morphological analysis is a method that we developed in order to recognize parts of binary programs. Our method consists in the following steps: (1) we build an abstract representation from a binary code, which is a graph structure obtained by combining static and dynamic analysis, (2) we recognize similar codes with a fast comparison algorithm, and (3) we import precise results into IDA in order to realign codes.Moreover, our code representation offers a remarkable resistance against classic obfuscation techniques, like junk-code insertion, code realignment.We plan to make a demonstration of our tool with its interface to IDA.In particular, we will show during this talk how we were able to determine in a few milliseconds what exact parts of Duqu code are shared with Stuxnet. Second, we will show how we were able to automatically detect what libraries are used in Duqu.


Presenters:

Links:

Similar Presentations: