TSC Summit #3 - Reverse engineering and anti debugging techniques

•

1 recomendación•430 vistas

Mikal Villa

A brief introduction overview over some beginner reverse engineering and anti debugging techniques.

Software

TSC Summit #3 - Reverse
Engineering & Anti
Debugging techniques

Why reverse engineering?
● Because it’s fun
● Malware hunting
● Curiousity
● Military or commercial espionage
● Security auditing
● Increase (reduce) public security
● Product analysis
● Loss of documentation and/or source code

What can be reverse engineered?
● Physical hardware
● PHP/Javascript/Python/Ruby code
● Microsoft’s .NET family
● Java/Scala/Clojure and other JVM languages
● C/C++/Rust and other system languages
● Swift/Objective-C and other Apple products
● More or less everything

What tools is used for reverse engineering?
● Physical hardware
● Debug tools
● Dynamic binary instrumentation
● Forensics tools
● System monitoring
● Kernel drivers
● Hardware breakpoints
● Hex editors

What about decompilers?
● Assembly/Bytecode to “source code” again
● The quality of produced code is varying
● Works best with script and VM languages

What about decompilers?
● Assembly/Bytecode to “source code” again
● The quality of produced code is varying
● Works best with script and VM languages
● Script languages are usually never “compiled”
● The .NET family is without doubt easiest
● The JVM family is next in line
● Erlang? Sorry, forgot about it, but google says it’s
doable in the minutes before this presentation :)

Decompilers in action (.NET)
● 100% reversible
● 100% readable
● Can recompile
● Symbols (names)
● Strings (text)
● Keep all metadata

Decompilers in action (JVM)
● 30-60% reversible
● 70% readable
● Can’t recompile
● Symbols (names)
● Strings (text)
● Some metadata

Decompilers in action (Apple’s Objective-C/C++)
● 20-30% reversible
● 30% readable
● Can’t recompile
● Symbols (names)
● Strings (text)
● Some metadata

Decompilers in action (Native code)
● 0-10% reversible
● 5% readable
● Can’t recompile
● Symbols optional
● Strings (text)
● Barely metadata

Why anti debug?
● Protect proprietary software
● Malware in need of hiding
● Hide baaaaad code
● Just being a douchebag
Help text

How to do anti debugging for VM code?
● Obfuscation mostly for JVM/.NET
● Hide functionality in native shared libraries
● Runtime decryption of strings
● Multiple entry points (start of application)
○
● Various of debugger detection techniques

How to do anti debugging for native code?
● All the same ways as VM code can
● Deny run in virtual machine
● Operating system hooks/API to disable “debuggable”
● Debug yourself :)
● Make sure LD_PRELOAD/DYLD_INSERT_LIBRARIES is empty
● Screw up ELF/Mach-O headers just enough
● Entry point via Unix signals (Linux / OSX)
● Entry point via Thread Local Storage (TLS) (Windows only)

How to do anti debugging
● We’ll focus on VM based languages
● Anti debugger / evasion techniques in native code
○ Hard for n00bs
○ Requires much system knowledge
● String decryption at runtime might help
● Decryption of code at runtime (Not easily done in JVM)
● Transform your code to something a little more ugly

Before obfuscation
Obfuscation in JVM: Packing local vars into bitfields (PLVB)

After obfuscation
Obfuscation in JVM: Packing local vars into bitfields (PLVB)

Before obfuscation
Obfuscation in JVM: Reorder instructions (LRAII)

After obfuscation
Obfuscation in JVM: Reorder instructions (LRAII)

Inject JavaScript to explore native apps on Windows, macOS,
Linux, iOS, Android, and QNX.
● Scriptable
○ Python
○ Javascript
○ Swift
○ C
● No root needed
● No jailbreak either
● Easy to start with

Compile your whole application with the “mov” instruction
● Horrible
○ No control flow
○ No syscalls
● C/asm products
● Only x86?
● Binary size rises

Mikal Villa
mikal.villa@knowit.no, @mikalv
2017-06-19 The Security Chapter - Summit #3
Thanks

Más contenido relacionado

La actualidad más candente

Robot Framework is a generic keyword-driven test automation framework for acceptance level testing and acceptance test-driven development (ATDD). It has an easy-to-use tabular syntax for creating test cases and its testing capabilities can be extended by test libraries implemented either with Python or Java. Users can also create new keywords from existing ones using the same simple syntax that is used for creating test cases. Old presentation was updated on 1st of September, 2014. Content stayed mostly the same but examples were enhanced. Copyrights and some links were also updated a bit later. The presentation is nowadays hosted on GitHub where you can find the original in ODP format: https://github.com/robotframework/IntroSlides

Robot Framework Introduction

Pekka Klärck

JavaScript Introduction

Charles Russell

Lighning Talk: PHP build process

Bryan Agee

Automation using RobotFramework for embedded device

Srix Sriramkumar

Swift for back end: A new generation of full stack languages?

Koombea

Sonar

Peerapat Asoktummarungsri

Why Rust? - Matthias Endler - Codemotion Amsterdam 2016

Codemotion

Introduction to Robot Framework – Exove

Exove

eLabFTW review

NicolasCARPi

Robot Framework with actual robot

Eficode

Technical screening .Net Developer

Tom Henricksen

All Aboard The Stateful Train

SmartLogic

Network Protocol Testing Using Robot Framework

Payal Jain

How aspects clean your code

Barbara Fusinska

Complete python toolbox for modern developers

Jan Giacomelli

Acceptance Test Driven Development and Robot Framework

Steve Zhang

Robot framework

boriau

Introduction to Robot Framework (external)

Zhe Li

I believe in rust

Reidar Sollid

Youtube Link: https://youtu.be/d-KWz7euLlc ** Edureka Python Certification Training: https://www.edureka.co/data-science-python-certification-course ** This Edureka PPT on 'Robot Framework With Python' explains the various aspects of robot framework in python with a use case showing web testing using selenium library. Follow us to never miss an update in the future. YouTube: https://www.youtube.com/user/edurekaIN Instagram: https://www.instagram.com/edureka_learning/ Facebook: https://www.facebook.com/edurekaIN/ Twitter: https://twitter.com/edurekain LinkedIn: https://www.linkedin.com/company/edureka Castbox: https://castbox.fm/networks/505?country=in

Robot Framework with Python | Edureka

Edureka!

La actualidad más candente (20)

Robot Framework Introduction

JavaScript Introduction

Lighning Talk: PHP build process

Automation using RobotFramework for embedded device

Swift for back end: A new generation of full stack languages?

Sonar

Why Rust? - Matthias Endler - Codemotion Amsterdam 2016

Introduction to Robot Framework – Exove

eLabFTW review

Robot Framework with actual robot

Technical screening .Net Developer

All Aboard The Stateful Train

Network Protocol Testing Using Robot Framework

How aspects clean your code

Complete python toolbox for modern developers

Acceptance Test Driven Development and Robot Framework

Robot framework

Introduction to Robot Framework (external)

I believe in rust

Robot Framework with Python | Edureka

Similar a TSC Summit #3 - Reverse engineering and anti debugging techniques

(phpconftw2012) PHP as a Middleware in Embedded Systems

sosorry

Rooted con 2020 - from the heaven to hell in the CI - CD

Daniel Garcia (a.k.a cr0hn)

Debugging in .Net

Muhammad Amir

12 tricks to avoid hackers breaks your CI / CD

Daniel Garcia (a.k.a cr0hn)

Sonatype DevSecOps Leadership forum 2020

Daniel Garcia (a.k.a cr0hn)

Machine Learning has become an integral part of all major apps. From face recognition to product recommender engines, emotion detection to automated analytics. Every product you touch contains, or can benefit from, AI — so why is it still so difficult to identify, tune, and integrate Machine Learning? We’ll investigate a number of approaches to this problem, from off-the-shelf APIs to options for training and hosting your own ML models. You’ll walk away ready to hook thousands of different ready-to-run models into your app, or to productionize your own models in an on-demand, autoscaled, language-agnostic environment.

Serverless Functions and Machine Learning: Putting the AI in APIs

Nordic APIs

Compilers and interpreters

RAJU KATHI

Hacking Vulnerable Websites to Bypass Firewalls

Netsparker

Common technique in Bypassing Stuff in Python.

Shahriman .

Getting started with Emscripten – Transpiling C / C++ to JavaScript / HTML5

David Voyles

.Net Debugging Techniques

Bala Subra

.NET Debugging Tips and Techniques

Bala Subra

Joomla Code Quality Control and Automation Testing

Shyam Sunder Verma

Native client (Евгений Эльцин)

Ontico

Anatomy of PHP Shells

Vedran Krivokuca

Debugging ZFS: From Illumos to Linux

Serapheim-Nikolaos Dimitropoulos

we offer online IT training with placements, project assistance in different platforms with real time industry consultants to provide quality training for all it professionals, corporate clients and students etc. .NET online training by quontrasolutions. we are providing excellent .NET training by real-time it industry experts. our training methodology is very unique our course content covers all the in-depth critical scenarios. we have completed more than 200+ .NET training batches through online training program. our .NET classes covers all the real time scenarios, and its completely on hands-on for each and every session. Course content: • .NET Framework XML Overview • Reading XML Streams in .NET • Flow Control in XML Using C# and .NET • Validating XML Streams • Writing XML Streams in .NET • The Document Object Model in .NET • Manipulating XML Information with the DOM • XML and ADO.NET • XPath • Introduction to XSLT • LINQ to XML

Introduction to .net FrameWork by QuontraSolutions

Quontra Solutions

Higher Level Malware

CTruncer

Assembly thy Web

Martin Ockajak

"Attestation is hard" is something you might hear from security researchers tracking nation states and APTs, but it's actually pretty true for most network-connected systems! Modern deployment methodologies mean that disparate teams create workloads for shared worker-hosts (ranging from Jenkins to Kubernetes and all the other orchestrators and CI tools in-between), meaning that at any given moment your hosts could be running any one of a number of services, connecting to who-knows-what on the internet. So when your network-based intrusion detection system (IDS) opaquely declares that one of these machines has made an "anomalous" network connection, how do you even determine if it's business as usual? Sure you can log on to the host to try and figure it out, but (in case you hadn't noticed) computers are pretty fast these days, and once the connection is closed it might as well not have happened... Assuming it wasn't actually a reverse shell... At Yelp we turned to the Linux kernel to tell us whodunit! Utilizing the Linux kernel's eBPF subsystem - an in-kernel VM with syscall hooking capabilities - we're able to aggregate metadata about the calling process tree for any internet-bound TCP connection by filtering IPs and ports in-kernel and enriching with process tree information in userland. The result is "pidtree-bcc": a supplementary IDS. Now whenever there's an alert for a suspicious connection, we just search for it in our SIEM (spoiler alert: it's nearly always an engineer doing something "innovative")! And the cherry on top? It's stupid fast with negligible overhead, creating a much higher signal-to-noise ratio than the kernels firehose-like audit subsystems. This talk will look at how you can tune the signal-to-noise ratio of your IDS by making it reflect your business logic and common usage patterns, get more work done by reducing MTTR for false positives, use eBPF and the kernel to do all the hard work for you, accidentally load test your new IDS by not filtering all RFC-1918 addresses, and abuse Docker to get to production ASAP! As well as looking at some of the technologies that the kernel puts at your disposal, this talk will also tell pidtree-bcc's road from hackathon project to production system and how focus on demonstrating business value early on allowed the organization to give us buy-in to build and deploy a brand new project from scratch.

A Kernel of Truth: Intrusion Detection and Attestation with eBPF

oholiab

Similar a TSC Summit #3 - Reverse engineering and anti debugging techniques (20)

(phpconftw2012) PHP as a Middleware in Embedded Systems

Rooted con 2020 - from the heaven to hell in the CI - CD

Debugging in .Net

12 tricks to avoid hackers breaks your CI / CD

Sonatype DevSecOps Leadership forum 2020

Serverless Functions and Machine Learning: Putting the AI in APIs

Compilers and interpreters

Hacking Vulnerable Websites to Bypass Firewalls

Common technique in Bypassing Stuff in Python.

Getting started with Emscripten – Transpiling C / C++ to JavaScript / HTML5

.Net Debugging Techniques

.NET Debugging Tips and Techniques

Joomla Code Quality Control and Automation Testing

Native client (Евгений Эльцин)

Anatomy of PHP Shells

Debugging ZFS: From Illumos to Linux

Introduction to .net FrameWork by QuontraSolutions

Higher Level Malware

Assembly thy Web

A Kernel of Truth: Intrusion Detection and Attestation with eBPF

Último

introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf

VishalKumarJha10

%in Midrand+277-882-255-28 abortion pills for sale in midrand

masabamasaba

We specialize in Psychic Readings, Psychic Love Spells, Binding Love Spells, Obsession Spells, Voodoo Spells, Lottery Spells, Marriage Spells, Black Magic Spells, Palm Readings & much more. Are you depressed? We perform this come-to-me love spell that works instantly with the aim of bringing back the victim to the person performing the magic. Have you lost your lover? We perform this come-to-me love spell that works instantly with the aim of bringing back the victim to the person performing the magic. Have you lost your lover? Do u need to solve any relationship problem? Contact the powerful spells caster chief kule with love spells that work overnight and love spells that really work. Have you found yourself infatuated with a special someone you think could be the one? Are you looking for a spell to provide them with a nudge in the right direction? Or maybe the spell you cast didn’t achieve the results you were hoping for? Whether you’re new or versed in the ways of spell casting, we’re here to help. Today we’re going to provide you with a detailed guide on the types of love spells to cast. Not only that but there’s something for those who wish to find outside advice from more advanced spell casters. We’re also going to provide you with the top sites available to help you with your dilemma. Let’s begin our journey by educating ourselves on love magic and what a real love caster looks like. Love Magic and Love Casters Love magic made its first appearance back in Ancient Egypt and has been an active practice since. This type of magic is a branch of traditional magic and can be practiced in various ways. Typically the more common use of love magic is through the work of spells, but other methods look like Charms Rituals-LOVE Potions-Dolls and even Amulets If you are interested in becoming a love caster, be prepared for what’s to come. A genuine love caster knows that the art of love casting is no easy feat and shouldn’t be done casually. You should know that not only does it require you to be gifted spiritually, but you must be ready to serve others. Someone who is considered a real love caster has experience in all manner of spells, no matter the difficulty. Training yourself in attraction, commitment, and marriage spells is an excellent place to start. But this by no means will make you a professional. Practice your craft and expand your knowledge; understand that you will possess the ability to help others in time truly. Types of Love Spells What better way to start broadening your experiences with love spells than by learning more about them? These spells work like just about any other spell. Simply apply your intention, use a medium (sigils, mantras, candles, or charm bags), and top it off with establishing the belief that you will receive what you want. So what kind of spells are available and which ones suit your needs the best? Let’s take a look at the many options you have at your disposal.

%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...

masabamasaba

Generic or specific? Making sensible software design decisions

Bert Jan Schrijver

%in Lydenburg+277-882-255-28 abortion pills for sale in Lydenburg

masabamasaba

At TECUNIQUE, we're a stable and steadily growing Indian software services company with over 14 years of industry experience. Specializing in offshore software development and quality assurance services, we've built a reputation for delivering unique and effective solutions to start-ups, software development companies, enterprises, and digital agencies. We pride ourselves on our commitment to excellence and innovation. By blending insightful business domain knowledge with exceptional technical prowess, we craft tailor-made solutions that meet the unique needs of our clients. Our dedicated teams are adept in specific technologies, ensuring seamless integration of skills and delivering reliable, scalable, and high-quality software solutions aligned with our clients' preferences. Bespoke Dedicated Teams: Crafted to meet your specific needs and technology preferences, our dedicated teams are committed to delivering top-notch software solutions. Offshore Software Development: Accelerate your software development and scale up quickly with our 12+ years of expertise in offshore development. Quality Assurance Services: Ensure the quality of your software products with our dedicated teams of experienced QA professionals. IT Staff Augmentation: Overcome skill gaps with our client-centric software team, offering staff augmentation services. Expert Software Services: Unlock our capabilities in custom software development, product development, and quality assurance. Mission and Vision: Our mission at TECUNIQUE is to be the catalyst for our clients' success in the dynamic domain of software development. Rooted in our core values of respect, authenticity, and responsibility, we strive to ease the software outsourcing experience, reducing both time and cost to market for our clients. We envision ourselves as the leading Indian software services company, renowned for our unwavering commitment to excellence and innovation. www.tecunique.com

TECUNIQUE: Success Stories: IT Service provider

mohitmore19

Software Quality Assurance Interview Questions

Arshad QA

Investing in AI transformation today The modern business advantage: Uncovering deep insights with AI Organizations around the world have come to recognize AI as the transformative technology that enables them to gain real business advantage. AI’s ability to organize vast quantities of data allows those who implement it to uncover deep business insights, augment human expertise, drive operational efficiency, transform their products, and better serve their customers

Microsoft AI Transformation Partner Playbook.pdf

Willy Marroquin (WillyDevNET)

10 Trends Likely to Shape Enterprise Technology in 2024

Mind IT Systems

In today's dynamic e-commerce landscape, the payment gateway emerges as a linchpin, ensuring smooth and secure transactions between buyers and sellers. In this discourse, we delve into the meticulous process of devising test cases tailored for scrutinizing payment gateways. Crafting precise test cases for payment gateways is a quintessential responsibility for testers operating within the service industry. This article meticulously explores pivotal scenarios integral to how to test payment gateways, coupled with essential guidelines for drafting effective test cases.

Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf

kalichargn70th171

Model Call Girl Services in Delhi reach out to us at 🔝 9953056974 🔝✔️✔️ Our agency presents a selection of young, charming call girls available for bookings at Oyo Hotels. Experience high-class escort services at pocket-friendly rates, with our female escorts exuding both beauty and a delightful personality, ready to meet your desires. Whether it's Housewives, College girls, Russian girls, Muslim girls, or any other preference, we offer a diverse range of options to cater to your tastes. We provide both in-call and out-call services for your convenience. Our in-call location in Delhi ensures cleanliness, hygiene, and 100% safety, while our out-call services offer doorstep delivery for added ease. We value your time and money, hence we kindly request pic collectors, time-passers, and bargain hunters to refrain from contacting us. Our services feature various packages at competitive rates: One shot: ₹2000/in-call, ₹5000/out-call Two shots with one girl: ₹3500/in-call, ₹6000/out-call Body to body massage with sex: ₹3000/in-call Full night for one person: ₹7000/in-call, ₹10000/out-call Full night for more than 1 person: Contact us at 🔝 9953056974 🔝. for details Operating 24/7, we serve various locations in Delhi, including Green Park, Lajpat Nagar, Saket, and Hauz Khas near metro stations. For premium call girl services in Delhi 🔝 9953056974 🔝. Thank you for considering us!

CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE

9953056974 Low Rate Call Girls In Saket, Delhi NCR

VTU technical seminar 8Th Sem on Scikit-learn

AmarnathKambale

Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts In Chinsurah ❤Personal Whatsapp Number Chinsurah Call Girls 8617697112 💦✅. Chinsurah escorts we are avaliable for our all types budget customers with offer great deals in Chinsurah.Call Now our Chinsurah escort service & call girls ... Independent call girls in Chinsurah escorts available 24 hours a day for discreet incall and outcall bookings from trusted call girls - Elis.in. Nitya salvi Chinsurah escorts service agency # Are you looking for sexy call girls ? Call our agency to get you dream independent call girl, ... One shot: ₹2000/in-call, ₹5000/out-call Two shots with one girl: ₹3500/in-call, ₹6000/out-call Body to body massage with sex: ₹3000/in-call Full night for one person: ₹7000/in-call, ₹10000/out-call Flexibility Choices and options Lists of many beauty fantasies Turn your dream into reality Perfect companionship Cheap and convenient In-call and Out-call services And many more. WhatsApp Chat: 📞 8617697112 Visit The Website : https://www.nityasalvi.com/

Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...

Nitya salvi

(Vivek)Call Us, 8448380779,Call girls in Delhi NCr – We Offer best in class call girls. escort Service At Affordable Price At low Rate with Space Night 8000 We Are One Of The Oldest Escort and Call girls Agencies in Delhi. You Will Find That Our Female Escorts Are Full Of Fun, Sexy And They Would Love Enjoy Your Company. We Have A Fantastic Selection Of Escort Ladies Available For In-Calls As Well As Out-Calls. Our Escorts Are Not Only Beautiful But All Have Great Personalities Making Them The Perfect Companion For Any Occasion. In-Call:- You Can Come At Our Place in Delhi Our place Which Is Very Clean Hygienic 100% safe Accommodation. Out-Call:- You have To Come Pick The Girl From My Place We Are Also Provide Door Step Services (Delhi Ncr, Noida, Gurgaon, Faridabad, Ghaziabad Note:- Pic Collectors Time Passers Bargainers Stay Away As We Respect The Value For Your Money Time And Expect The Same From You Hygienic:- Full Ac room And Clean Rooms Available In Hotel 24 * 7 Hourly In Delhi NCR More Details, With WhatsApp Number, +91-8448380779

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️

Delhi Call girls

+971565801893 Mtp-Kit (500MG) Prices » Dubai [(+971565801893**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Leen Whatsapp +971565801893 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971565801893''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971565801893' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Clinic in Abu Dhabi, United Arab Emirates.+971565801893

+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...

Health

Abortion Clinic And Abortion Pills For Sale in Oman MEDICAL ABORTION PILLS FOR SALE in Fujairah , Ajman, Al Ain Quality Abortion services provided by specialists. Women's health problems. A same day service, safe, legal & pain free Abortions. From 1 week to 5 months. We use tested and approved pills. It's 100% guaranteed & safe. No side effects at all. We also do free womb cleaning and free pills delivery. We sell pregnancy termination pills {ABORTION PILLS} Our service is ever private with all our clients. Call/WhatsApp:

%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...

masabamasaba

InShot proinshot.com stands tall among its peers as the ultimate video editing app, offering simplicity, versatility, and power in one package. With its intuitive interface and comprehensive feature set, InShot caters to both beginners and seasoned editors alike. Whether you're creating content for social media, YouTube, or personal projects, InShot empowers you to unleash your creativity and transform your videos into captivating masterpieces. Join the millions of users who trust InShot https://www.proinshot.com/ for all their video editing needs and discover the difference for yourself!

Exploring the Best Video Editing App.pdf

proinshot.com

Announcing Codolex 2.0 from GDK Software

Jim McKeeth

SHRMPro HRMS Software Solutions Presentation

Shrmpro

Craft an AI & Machine Learning Pitch with our Editable Professional PowerPoint Template. Ignite your AI & Machine Learning pitch with our cutting-edge PowerPoint template tailored for the industry. Perfect for AI conferences, investor presentations, sales pitches to tech-focused companies, training sessions, and educational programs. - 20+ editable slides: Get a variety of options to choose from for your presentation. - Time-saving solution: Download, replace text/images with a few clicks. - User-friendly customization: Easy to use and personalize. - Modern and attractive design: Captivating visuals, sleek layout. - Tailored to your requirements: Fully alterable for customization. - Well-organized slides: Complete control over content. - Thematic specificity: Reflects healthcare industry with relevant graphics. - Showcase your business idea: Communicate value proposition effectively.

AI & Machine Learning Presentation Template

Presentation.STUDIO

TSC Summit #3 - Reverse engineering and anti debugging techniques

1. TSC Summit #3 - Reverse Engineering & Anti Debugging techniques

2. Why reverse engineering? ● Because it’s fun ● Malware hunting ● Curiousity ● Military or commercial espionage ● Security auditing ● Increase (reduce) public security ● Product analysis ● Loss of documentation and/or source code

3. What can be reverse engineered? ● Physical hardware ● PHP/Javascript/Python/Ruby code ● Microsoft’s .NET family ● Java/Scala/Clojure and other JVM languages ● C/C++/Rust and other system languages ● Swift/Objective-C and other Apple products ● More or less everything

4. What tools is used for reverse engineering? ● Physical hardware ● Debug tools ● Dynamic binary instrumentation ● Forensics tools ● System monitoring ● Kernel drivers ● Hardware breakpoints ● Hex editors

5. What about decompilers? ● Assembly/Bytecode to “source code” again ● The quality of produced code is varying ● Works best with script and VM languages

6. What about decompilers? ● Assembly/Bytecode to “source code” again ● The quality of produced code is varying ● Works best with script and VM languages ● Script languages are usually never “compiled” ● The .NET family is without doubt easiest ● The JVM family is next in line ● Erlang? Sorry, forgot about it, but google says it’s doable in the minutes before this presentation :)

7. Decompilers in action (.NET) ● 100% reversible ● 100% readable ● Can recompile ● Symbols (names) ● Strings (text) ● Keep all metadata

8. Decompilers in action (JVM) ● 30-60% reversible ● 70% readable ● Can’t recompile ● Symbols (names) ● Strings (text) ● Some metadata

9. Decompilers in action (Apple’s Objective-C/C++) ● 20-30% reversible ● 30% readable ● Can’t recompile ● Symbols (names) ● Strings (text) ● Some metadata

10. Decompilers in action (Native code) ● 0-10% reversible ● 5% readable ● Can’t recompile ● Symbols optional ● Strings (text) ● Barely metadata

11. Why anti debug? ● Protect proprietary software ● Malware in need of hiding ● Hide baaaaad code ● Just being a douchebag Help text

12. How to do anti debugging for VM code? ● Obfuscation mostly for JVM/.NET ● Hide functionality in native shared libraries ● Runtime decryption of strings ● Multiple entry points (start of application) ○ ● Various of debugger detection techniques

13. How to do anti debugging for native code? ● All the same ways as VM code can ● Deny run in virtual machine ● Operating system hooks/API to disable “debuggable” ● Debug yourself :) ● Make sure LD_PRELOAD/DYLD_INSERT_LIBRARIES is empty ● Screw up ELF/Mach-O headers just enough ● Entry point via Unix signals (Linux / OSX) ● Entry point via Thread Local Storage (TLS) (Windows only)

14. How to do anti debugging ● We’ll focus on VM based languages ● Anti debugger / evasion techniques in native code ○ Hard for n00bs ○ Requires much system knowledge ● String decryption at runtime might help ● Decryption of code at runtime (Not easily done in JVM) ● Transform your code to something a little more ugly

15. Before obfuscation Obfuscation in JVM: Packing local vars into bitfields (PLVB)

16. After obfuscation Obfuscation in JVM: Packing local vars into bitfields (PLVB)

17. Before obfuscation Obfuscation in JVM: Reorder instructions (LRAII)

18. After obfuscation Obfuscation in JVM: Reorder instructions (LRAII)

19. Inject JavaScript to explore native apps on Windows, macOS, Linux, iOS, Android, and QNX. ● Scriptable ○ Python ○ Javascript ○ Swift ○ C ● No root needed ● No jailbreak either ● Easy to start with

20. Compile your whole application with the “mov” instruction ● Horrible ○ No control flow ○ No syscalls ● C/asm products ● Only x86? ● Binary size rises

21. Mikal Villa mikal.villa@knowit.no, @mikalv 2017-06-19 The Security Chapter - Summit #3 Thanks

TSC Summit #3 - Reverse engineering and anti debugging techniques

Recomendados

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente (20)

Similar a TSC Summit #3 - Reverse engineering and anti debugging techniques

Similar a TSC Summit #3 - Reverse engineering and anti debugging techniques (20)

Último

Último (20)

TSC Summit #3 - Reverse engineering and anti debugging techniques