full pdf (boris_lau_virtualization_obfs.pdf)
Boris Lau, SophosLabs
CARO 2008, Amsterdam
Aim
- Theoretical research into ways of scanning through
- Virtualization obfuscators
- Synopsis
- Introduction
- Analysis case studies
- Designing Detection
- Technicality with detection
Introduction
- What is a virtualization obfuscator?
- Introduction
- Analysis case studies
- Designing Detection
- Technicality with detection
Virtualization used as an
obfuscation technique
- Making it more difficult to understand
- Opportunity to introduce extra complexity
- Render reverse engineer’s native knowledge useless
- Original code never reappears at execution time
- Used by commercial obfuscators
- For malware as well as legitimate applications
full pdf (boris_lau_virtualization_obfs.pdf)