boris_lau_virtualization_obfs

CARO2008 Dealing with Virtualization packer

Spread the word, be Cyber Aware!

full pdf (boris_lau_virtualization_obfs.pdf)

Boris Lau, SophosLabs
CARO 2008, Amsterdam

Sophos on VMProtect

Aim

  • Theoretical research into ways of scanning through
  • Virtualization obfuscators
  • Synopsis
  • Introduction
  • Analysis case studies
  • Designing Detection
  • Technicality with detection

Introduction

  • What is a virtualization obfuscator?
  • Introduction
  • Analysis case studies
  • Designing Detection
  • Technicality with detection

Virtualization used as an
obfuscation technique

  • Making it more difficult to understand
  • Opportunity to introduce extra complexity
  • Render reverse engineer’s native knowledge useless
  • Original code never reappears at execution time
  • Used by commercial obfuscators
  • For malware as well as legitimate applications
boris_lau_virtualization_obfs

full pdf (boris_lau_virtualization_obfs.pdf)

Spread the word, be Cyber Aware!

Leave a Comment

Your email address will not be published.