Journals

CodeBreakers Journal
Assembly Programming Journal

Journal Issues

Vol.5, No.1, 2008
Vol.4, No.2, 2007
Vol.4, No.1, 2007
Vol.3, No.2, 2006
RECON2006 Conf. Proc.
Vol.3, No.1, 2006
RECON2005 Conf. Proc.
Vol.2, No.1, 2005
Vol.1, No.2, 2004
Vol.1, No.1, 2004

Statistics

Members: 1925
News: 292
Web Links: 1
Visitors: 3645529

Who's Online

We have 3 guests online
Damn Vulnerable LinuxDamn Vulnerable Linux (DVL) is a Linux-based (modified Damn Small Linux) tool for IT-Security & IT-Anti- Security and Attack & Defense. [CLICK HERE FOR MORE INFOS! ]

Featured Conference Video

T16-Recon2006-Joe_Stewart-OllyBonE.gif OllyBone - Semi-Automatic Unpacking on IA-32. View the conference video here!
Home
Analyzing Malicious Code - Disassembly with a time constraint
User Rating: / 1
PoorBest 
Written by Nicolas Brulez   
Side Story
Process Stalking - Run-Time Visual Reverse Engineering

Process Stalking® is a term coined to describe the combined process of run-time profiling, state mapping and tracing. Consisting of a series of tools and scripts the goal of a successful stalk is to provide the reverse engineer with a intuitive interface to run-time block-level trace data.

The Process Stalking suite is broken into three main components; an IDA Pro plug-in, a stand alone tracing tool and a series of Python scripts for instrumenting intermediary and GML graph files. The generated GML graph definitions were designed for usage with a freely available interactive graph visualization tool.

Read More >>



One of the most common examples of reverse engineering is malicious code analysis. In order to clean up after, and prevent further infection by a piece of malicious code, it must be analyzed. Such analysis is often used for generating IDS signatures, detemining exploits used (and hence which patches would be required) and writing detection modules for antivirus software. Usually, this must be done in as little time as possible.

This presentation will cover two examples of popular Windows malicious code. This will include how to unpack or decrypt it, using IDA Pro to disassemble it, and finding the most important pieces first. The speaker will demonstrate which steps to perform first, in order to perform the quickest analysis. Some knowledge of Intel assembly and Windows programming will be of benefit to attendees, but is not required. The presentation will feature a special guest to discuss packers and cryptors.
pdf Analyzing Malicious Code - Disassembly with a time constraint

pdf Analyzing Malicious Code - Disassembly with a time constraint