[ mainpage :: register :: conference :: training :: the venue ]
[ capture the flag (CTF) :: zone-h/hitb hacking challenge :: bzflag ]
[ call for papers (CFP) :: conference agenda :: sponsors :: press/media :: forum ]
[ conference kit (PDF) :: past conferences :: contact us ]

Keynote Videos Now Available for Download

Day 1 Keynote: Bruce Schneier - Schneier on Security
Day 2 Keynote: Jeremiah Grossman - Hacks Happen

Ero Carrera (Reverse Engineering Automation Researcher, zynamics GmbH)

Filed under: Main Page — Administrator @ 3:13 pm

Presentation Title: Malware - Behavior, Tools, Scripting and Advanced Analysis
Presentation Details:

In this talk I will introduce a previously unreleased, new tool; an extension to Bochs, a popular open-source CPU emulator. This extension will provide with advanced debugging and scripting functionality enabling the easy creation of a wide range of tools. The scripting interface of this tool provides a full Python environment to control the whole CPU, memory, devices, etc. Among the examples that will be presented, time allowing, will be generic unpacking techniques, monitoring of malware behavior or low-level system access to kernel/administrative objects. The tool was created to assist the process of automated malware analysis but its flexibility make it a good candidate to also assist in vulnerability discovery.

The talk will first detail the architecture of the Bochs CPU emulator and quickly review some of its advantages over other systems. Secondly the extension will be introduced together will small usage examples. As a third and final part, different projects developed on top of this tool (such a generic malware unpacker or a monitor of an executable’s activity) will be previewed.

This tool will be open-source.

About Ero:

Ero Carrera is currently a reverse engineering automation researcher at zynamics GmbH (was SABRE Security Gmbh), home of BinDiff and BinNavi. He is a recurring trainer at the trainings held by Black Hat conference. Ero has previously spent several years as a Virus Researcher at F-Secure where his main duties ranged from reverse engineering of malware to research in analysis automation methods. Prior to F-Secure, he was involved in miscellaneous research and development projects and always had a passion for mathematics, reverse engineering and computer security.

While at F-Secure he advanced the field of malware classification introducing a joint paper with Gergely Erdelyi on applying genomic methods to binary structural classification. Other projects he’s worked on include seminal research on generic unpacking. Additionally, Ero is a habitual lurker on OpenRCE and has contributed to miscellaneous reverse engineering tools such as pydot, ida2sql, Pythonika and the broadly used pefile.



Event Organizer


Hack In The Box (M) Sdn. Bhd.

Event Partner


SCANIT ME LLC


OGER SYSTEMS

Supported & Endorsed By


UAE Telecommunications Regulatory Authority (TRA)


Malaysian Communications and Multimedia Commission (MCMC)


Malaysian Administrative Modernisation & Management Planning Unit

Platinum Sponsors

Titanium Sponsor (Post Conference Reception)


ArgenISS

Gold Sponsors


Google


Microsoft Corporation

Official Media Partner (Magazine)


Network Middle East


Arabian Computer News


ITP Business

Official Airline Partner


Emirates Airlines

Our Speakers are Supported By


Bellua Asia Pacific

Supporting Media:

Virus Bulletin

Virus Bulletin (VB)

InfoSec News

(ISN) InfoSec News

InfoSec News

XAKEP (Russia)

Insecure Magazine

PHRACK Magazine

Hakin9 Magazine

Supporting Organizations



CONFidence


ISECOM - Insititue for Security and Open Methodologies


ISACA Malaysia


IT Underground


X-Focus China

Zone-H Defacement Mirror


Xatrix Security


Special Interest Group in Security & Information InteGrity Singapore


Syscan