File download information...

pdf file
 Be the first to rate this.



Modern packers use API obfuscation techniques to obstruct malware sandboxes and reverse engineers. In such packers, API call instructions are replaced with equivalent lengthy and complex code. API obfuscation techniques can be categorized into two according to the obfuscation time - static and dynamic. Static obfuscation embeds obfuscated instructions into the executable file. Dynamic obfuscation allocates a new memory block and copies obfuscated API function code into the newly allocated block. For dynamic obfuscation, I suggest memory access analysis. Previous approaches use pattern matching of the obfuscating code or code optimization on instruction trace. Pattern matching and code optimization based approaches are fragile to pattern change along the version up of the packers. My approach utilizes the API function obfuscation process which is harder to change than obfuscation pattern. Embedded obfuscator in packed file obfuscates each API function during runtime by reading the original API function code and writing the obfuscated API code on a newly allocated memory block. Memory access analysis relates memory reads of each API function and its corresponding memory writes. Memory access analysis produces a map from the obfuscated API function addresses to the original API function. Obfuscated API calls are retrieved by obfuscated call pattern at OEP. Each obfuscated call instruction is replaced by the deobfuscated API calls of which the call target is resolved by the map from memory access analysis. This deobfuscation method is implemented with Intel Pin to record each memory read/write/execute of the packed binary. For static obfuscation, I suggest iterative run-until-API method. Previous approaches used code emulators to identify obfuscated API calls. But most code emulators are not appropriate for deobfuscation because they are developed for emulating the whole operating system. Developing own emulators is time consuming because it requires implementing comple... Read more↗

Content typeapplication/pdf
Updated1 year ago
Checked4 months ago
Keywordsus pitts repurposing onionduke single case study around reusing nation state malware pdf onion duke
Download   Preview

Get it on Google Playus-15-Pitts-Repurposing-OnionDuke-A-Single-Case-Study-Around-Reusing-Nation-State-Malware.pdf is a portable multi-platform document format that may contain an ebook, report, manual or general purpose data. The download size as indicated by the server is 8.73MB (9151141 bytes). The host server on www.blackhat.com has returned application/pdf as the content type of the download which was updated on 05/11/2018 and was last checked by Webeaver.com crawlers on 01/31/2019. You may use one or more of the following keywords [us pitts repurposing onionduke single case study around reusing nation state malware pdf onion duke] to search for other files related to the one you are about to download.

→ Before use, please run an Antivirus scan to avoid any potential virus or malware infection. You can check host safe browsing here.

→ Feel free to find here some of the Best PDF Reader for pdf files.

→ Please, refer to the source page for more information about license and use conditions.

Webeaver.com does not host any files on its servers and us-15-Pitts-Repurposing-OnionDuke-A-Single-Case-Study-Around-Reusing-Nation-State-Malware.pdf remains the property of its respective owner. We have no controle over the nature, content and the availability of the file listed here for free download and hosted on www.blackhat.com.


This website uses cookies to improve your user experience. By using our website you agree to our use of cookies. OKmore...