Maya's Veil: Advances in Linux binary protection and anti-exploitation technology

Presented at ToorCamp 2016, June 10, 2016, 2 p.m. (60 minutes).

Maya's Veil is a binary protector that I designed for ELF binaries. It is a combination between anti-tamper and anti-exploitation. Imagine being able to instrument any program you want with an intelligent runtime engine who's sole purpose it is to dynamically arm the program against reverse engineering and exploitation. This is what Maya's Veil does, with features such as on the fly function decrypt/re-encrypt, encrypted heap implementation, advanced anti-debugging, protection against code injection, and binary instrumented control flow integrity that prevents ROP attacks. In short, Maya is possibly the most advanced userland binary protector for Linux.

Presenters:

• Ryan O'Neill / elfmaster   as elfmaster
  Ryan O'Neill (elfmaster) is a computer security researcher at Leviathan Security Group with a strong interest in researching many areas of computer security including binary protection, exploitation mitigation, and memory forensics. These interests have all led to research and development efforts, some of which can be found on http://www.bitlackeys.org.

Similar Presentations:

• DEF CON 22 (2014) / Veil-Pillage: Post-exploitation 2.0
• HushCon Seattle 2015 / Maya's Veil: Advanced Linux Binary Protection & Anti-Exploitation
• ShmooCon X (2014) / AV Evasion With the Veil Framework