Recognition of binary patterns by Morphological analysis

Presented at REcon 2012, June 16, 2012, 11 a.m. (60 minutes)

Morphological analysis is a method that we developed in order to recognize parts of binary programs. Our method consists in the following steps: (1) we build an abstract representation from a binary code, which is a graph structure obtained by combining static and dynamic analysis, (2) we recognize similar codes with a fast comparison algorithm, and (3) we import precise results into IDA in order to realign codes.Moreover, our code representation offers a remarkable resistance against classic obfuscation techniques, like junk-code insertion, code realignment.We plan to make a demonstration of our tool with its interface to IDA.In particular, we will show during this talk how we were able to determine in a few milliseconds what exact parts of Duqu code are shared with Stuxnet. Second, we will show how we were able to automatically detect what libraries are used in Duqu.



Similar Presentations: