Static instrumentation based on executable file formats: A novel approach for binaries analysis

Presented at REcon 2018, June 16, 2018, 10:30 a.m. (30 minutes)

Many instrumentation techniques are based on modifying code or system environment of the target. It can be suitable for scenarios but it could not work under certain circumstance (integrity checking, non-rooted environment...) In this talk we propose similar techniques by only modifying the executable format. This enables to be architecture independent, injection and hooking does not require privileged environment.

Presenters:

• Romain Thomas
  Romain Thomas is a security engineering working on the development of new tools to assist security researchers. He is also interested in Android internal, (de)obfuscation and software protections. He previously contributed to the Triton project, a dynamic binary analysis framework.

Links:

• https://recon.cx/2018/montreal/schedule/events/131.html

Similar Presentations:

• Black Hat Asia 2020 Virtual / Redback: Advanced Static Binary Injection
• BruCON 0x0A (2018) / Simplifying the art of instrumentation Workshop
• REcon 2015 / Hooking Nirvana: Stealthy Instrumentation Techniques for Windows 10