Miasm: reverse engineering framework

Presented at REcon 2017, June 17, 2017, 4 p.m. (60 minutes)

Miasm is a reverse engineering framework created in 2006 and firstpublished in 2011 (https://github.com/cea-sec/miasm). Since then, it has been continuously improved through a daily use.We now considered it mature enough to introduce it to the RE community in an international conference.After a quick overview of the features, the talk will detail some of them,based on real life examples. This includes: static dependency tracking with path sensitivity symbolic / concolic execution, for deobfuscation, assisted VM mnemonic recovery, semantic ROP gadget, links with SAT solving, … multi-arch emulation and JiTted sandboxing, for Windows/Unix/firmware environment emulation, shellcode analysis, unpacking, … type propagation, and bricks for decompilation code regeneration, for deobfuscation, binary hardenning and transcompilation function identification, behavior based, in a separate tool Sibyl(https://github.com/cea-sec/Sibyl) IDA integrationThe examples will go from ExploitKit’s shellcode to Equation Groupsamples.



Similar Presentations: