�ݺ�ߣshows by User: MalachiJones

�ݺ�ߣshows by User: MalachiJones / http://www.slideshare.net/images/logo.gif �ݺ�ߣshows by User: MalachiJones / Thu, 21 Feb 2019 04:37:19 GMT �ݺ�ߣShare feed for �ݺ�ߣshows by User: MalachiJones Automating Reverse Engineering: Function Classification and Matching /MalachiJones/automated-reverse-engineeringfunctionclassificationandmatchingv2 automatedreverseengineeringfunctionclassificationandmatchingv2-190221043719
A recurring and fundamental challenge that a reverse engineer (RE) experiences is understanding the behavior and functionality exhibited by a binary under examination. To complicate matters, skills needed to succeed in this challenge vary significantly across practitioners and can often takes a considerable amount of experience (5- 7 years) to achieve a sufficient level of competence. Recent work (performed in academia) in applying machine learning (ML) to reverse engineering shows promise in helping to address these issues in a way that can allow junior reverse engineers to make substantial contributions to RE tasking and can allow RE work to be performed in a scalable manner across platforms and architectures. In this talk, we will discuss how ML techniques can be leveraged to classify behavioral characteristics (e.g. crypto, file I/O, network, IPC, and trampoline) exhibited by a function in a manner that can scale well and without the need for humans to perform labeling. We will also discuss how these techniques can be applied to identify/recover function symbols in stripped binaries. As part of the discussion, we will also explore approaches that have the potential to allow concepts and ideas presented in these academic works to be applied to real world RE problems. ]]>
A recurring and fundamental challenge that a reverse engineer (RE) experiences is understanding the behavior and functionality exhibited by a binary under examination. To complicate matters, skills needed to succeed in this challenge vary significantly across practitioners and can often takes a considerable amount of experience (5- 7 years) to achieve a sufficient level of competence. Recent work (performed in academia) in applying machine learning (ML) to reverse engineering shows promise in helping to address these issues in a way that can allow junior reverse engineers to make substantial contributions to RE tasking and can allow RE work to be performed in a scalable manner across platforms and architectures. In this talk, we will discuss how ML techniques can be leveraged to classify behavioral characteristics (e.g. crypto, file I/O, network, IPC, and trampoline) exhibited by a function in a manner that can scale well and without the need for humans to perform labeling. We will also discuss how these techniques can be applied to identify/recover function symbols in stripped binaries. As part of the discussion, we will also explore approaches that have the potential to allow concepts and ideas presented in these academic works to be applied to real world RE problems. ]]> Thu, 21 Feb 2019 04:37:19 GMT /MalachiJones/automated-reverse-engineeringfunctionclassificationandmatchingv2 MalachiJones@slideshare.net(MalachiJones) Automating Reverse Engineering: Function Classification and Matching MalachiJones A recurring and fundamental challenge that a reverse engineer (RE) experiences is understanding the behavior and functionality exhibited by a binary under examination. To complicate matters, skills needed to succeed in this challenge vary significantly across practitioners and can often takes a considerable amount of experience (5- 7 years) to achieve a sufficient level of competence. Recent work (performed in academia) in applying machine learning (ML) to reverse engineering shows promise in helping to address these issues in a way that can allow junior reverse engineers to make substantial contributions to RE tasking and can allow RE work to be performed in a scalable manner across platforms and architectures. In this talk, we will discuss how ML techniques can be leveraged to classify behavioral characteristics (e.g. crypto, file I/O, network, IPC, and trampoline) exhibited by a function in a manner that can scale well and without the need for humans to perform labeling. We will also discuss how these techniques can be applied to identify/recover function symbols in stripped binaries. As part of the discussion, we will also explore approaches that have the potential to allow concepts and ideas presented in these academic works to be applied to real world RE problems. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/automatedreverseengineeringfunctionclassificationandmatchingv2-190221043719-thumbnail.jpg?width=120&height=120&fit=bounds" /> A recurring and fundamental challenge that a reverse engineer (RE) experiences is understanding the behavior and functionality exhibited by a binary under examination. To complicate matters, skills needed to succeed in this challenge vary significantly across practitioners and can often takes a considerable amount of experience (5- 7 years) to achieve a sufficient level of competence. Recent work (performed in academia) in applying machine learning (ML) to reverse engineering shows promise in helping to address these issues in a way that can allow junior reverse engineers to make substantial contributions to RE tasking and can allow RE work to be performed in a scalable manner across platforms and architectures. In this talk, we will discuss how ML techniques can be leveraged to classify behavioral characteristics (e.g. crypto, file I/O, network, IPC, and trampoline) exhibited by a function in a manner that can scale well and without the need for humans to perform labeling. We will also discuss how these techniques can be applied to identify/recover function symbols in stripped binaries. As part of the discussion, we will also explore approaches that have the potential to allow concepts and ideas presented in these academic works to be applied to real world RE problems.

Automating Reverse Engineering: Function Classification and Matching from Malachi Jones

]]> 272 3 https://cdn.slidesharecdn.com/ss_thumbnails/automatedreverseengineeringfunctionclassificationandmatchingv2-190221043719-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Automated In-memory Malware/Rootkit Detection via Binary Analysis and Machine Learning /slideshow/automated-inmemory-malwarerootkit-detection-via-binary-analysis-and-machine-learning/82121193 automatedinmemorymalwarerootkitdetectionviabinaryanalysisandmachinelearningsmarttalkaspresented-171115190902
Discussion and demonstration of an automated approach for pairing Memory Forensics with Binary Analysis and Machine Learning to analyze the execution behavior of binaries collected from a set of hosts to detect advanced persistent threats (APT)s that may evade detection by hooking and "traditional" emulation.]]>
Discussion and demonstration of an automated approach for pairing Memory Forensics with Binary Analysis and Machine Learning to analyze the execution behavior of binaries collected from a set of hosts to detect advanced persistent threats (APT)s that may evade detection by hooking and "traditional" emulation.]]> Wed, 15 Nov 2017 19:09:02 GMT /slideshow/automated-inmemory-malwarerootkit-detection-via-binary-analysis-and-machine-learning/82121193 MalachiJones@slideshare.net(MalachiJones) Automated In-memory Malware/Rootkit Detection via Binary Analysis and Machine Learning MalachiJones Discussion and demonstration of an automated approach for pairing Memory Forensics with Binary Analysis and Machine Learning to analyze the execution behavior of binaries collected from a set of hosts to detect advanced persistent threats (APT)s that may evade detection by hooking and "traditional" emulation. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/automatedinmemorymalwarerootkitdetectionviabinaryanalysisandmachinelearningsmarttalkaspresented-171115190902-thumbnail.jpg?width=120&height=120&fit=bounds" /> Discussion and demonstration of an automated approach for pairing Memory Forensics with Binary Analysis and Machine Learning to analyze the execution behavior of binaries collected from a set of hosts to detect advanced persistent threats (APT)s that may evade detection by hooking and "traditional" emulation.

Automated In-memory Malware/Rootkit Detection via Binary Analysis and Machine Learning from Malachi Jones

]]> 1143 3 https://cdn.slidesharecdn.com/ss_thumbnails/automatedinmemorymalwarerootkitdetectionviabinaryanalysisandmachinelearningsmarttalkaspresented-171115190902-thumbnail.jpg?width=120&height=120&fit=bounds presentation 000000 http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Embedded device hacking Session i /MalachiJones/embedded-device-hacking-session-i embeddeddevicehackingsessionirev3-170308213359
The goal of the workshop is to provide a hands-on introduction to key pen-testing tools and concepts that white-hat and black-hat hackers utilize to find and exploit vulnerabilities in real-world embedded devices. ]]>
The goal of the workshop is to provide a hands-on introduction to key pen-testing tools and concepts that white-hat and black-hat hackers utilize to find and exploit vulnerabilities in real-world embedded devices. ]]> Wed, 08 Mar 2017 21:33:59 GMT /MalachiJones/embedded-device-hacking-session-i MalachiJones@slideshare.net(MalachiJones) Embedded device hacking Session i MalachiJones The goal of the workshop is to provide a hands-on introduction to key pen-testing tools and concepts that white-hat and black-hat hackers utilize to find and exploit vulnerabilities in real-world embedded devices. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/embeddeddevicehackingsessionirev3-170308213359-thumbnail.jpg?width=120&height=120&fit=bounds" /> The goal of the workshop is to provide a hands-on introduction to key pen-testing tools and concepts that white-hat and black-hat hackers utilize to find and exploit vulnerabilities in real-world embedded devices.

Embedded device hacking Session i from Malachi Jones

]]> 707 4 https://cdn.slidesharecdn.com/ss_thumbnails/embeddeddevicehackingsessionirev3-170308213359-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 SmartphoneHacking_Android_Exploitation /slideshow/smartphonehackingandroidexploitation-67476955/67476955 de759d65-1e70-4ba8-a687-cbd7e04b2a69-161020231345
Security from both sides of the fence – a discussion of techniques, such as fuzzing, to reduce the likelihood of an attacker discovering exploits on smartphones and PCs; plus a demonstration of approaches hackers may use to weaponize and exploit vulnerabilities. ]]>
Security from both sides of the fence – a discussion of techniques, such as fuzzing, to reduce the likelihood of an attacker discovering exploits on smartphones and PCs; plus a demonstration of approaches hackers may use to weaponize and exploit vulnerabilities. ]]> Thu, 20 Oct 2016 23:13:45 GMT /slideshow/smartphonehackingandroidexploitation-67476955/67476955 MalachiJones@slideshare.net(MalachiJones) SmartphoneHacking_Android_Exploitation MalachiJones Security from both sides of the fence – a discussion of techniques, such as fuzzing, to reduce the likelihood of an attacker discovering exploits on smartphones and PCs; plus a demonstration of approaches hackers may use to weaponize and exploit vulnerabilities. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/de759d65-1e70-4ba8-a687-cbd7e04b2a69-161020231345-thumbnail.jpg?width=120&height=120&fit=bounds" /> Security from both sides of the fence – a discussion of techniques, such as fuzzing, to reduce the likelihood of an attacker discovering exploits on smartphones and PCs; plus a demonstration of approaches hackers may use to weaponize and exploit vulnerabilities.

SmartphoneHacking_Android_Exploitation from Malachi Jones

]]> 337 6 https://cdn.slidesharecdn.com/ss_thumbnails/de759d65-1e70-4ba8-a687-cbd7e04b2a69-161020231345-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Automating Analysis and Exploitation of Embedded Device Firmware /slideshow/automatinganalysisandexploitationofembeddeddevicefirmware-67192871/67192871 0441c361-82b4-484e-b1df-610fa1dac83f-161014184441
Dynamic binary analysis tools utilize a combination of techniques that include fuzzing, symbolic execution, and concolic execution to discover exploitable code in sophisticated binaries. Much work has been dedicated to developing automated analysis tools to target mainstream processor architectures (e.g. x86 and x86_64. ). An often overlooked and inadequately addressed area is the development of tools that target embedded systems processors that include PowerPC, MIPS, and SuperH. Historically, a challenge with targeting multiple embedded architectures was that it was often necessary to write an analysis tool for each architecture. In this talk, we'll discuss an approach for decoupling the architecture specifics from the analysis by utilizing intermediate representation (IR) languages. Intermediate representation languages provide a method to abstract out machine specifics in order to aid in the analysis of computer programs. In particular, the LLVM IR language provides an extensive set of analysis and optimization libraries, along with a JIT engine, that can be collectively utilized to develop architecture-independent automated analysis and exploitation tools.]]>
Dynamic binary analysis tools utilize a combination of techniques that include fuzzing, symbolic execution, and concolic execution to discover exploitable code in sophisticated binaries. Much work has been dedicated to developing automated analysis tools to target mainstream processor architectures (e.g. x86 and x86_64. ). An often overlooked and inadequately addressed area is the development of tools that target embedded systems processors that include PowerPC, MIPS, and SuperH. Historically, a challenge with targeting multiple embedded architectures was that it was often necessary to write an analysis tool for each architecture. In this talk, we'll discuss an approach for decoupling the architecture specifics from the analysis by utilizing intermediate representation (IR) languages. Intermediate representation languages provide a method to abstract out machine specifics in order to aid in the analysis of computer programs. In particular, the LLVM IR language provides an extensive set of analysis and optimization libraries, along with a JIT engine, that can be collectively utilized to develop architecture-independent automated analysis and exploitation tools.]]> Fri, 14 Oct 2016 18:44:41 GMT /slideshow/automatinganalysisandexploitationofembeddeddevicefirmware-67192871/67192871 MalachiJones@slideshare.net(MalachiJones) Automating Analysis and Exploitation of Embedded Device Firmware MalachiJones Dynamic binary analysis tools utilize a combination of techniques that include fuzzing, symbolic execution, and concolic execution to discover exploitable code in sophisticated binaries. Much work has been dedicated to developing automated analysis tools to target mainstream processor architectures (e.g. x86 and x86_64. ). An often overlooked and inadequately addressed area is the development of tools that target embedded systems processors that include PowerPC, MIPS, and SuperH. Historically, a challenge with targeting multiple embedded architectures was that it was often necessary to write an analysis tool for each architecture. In this talk, we'll discuss an approach for decoupling the architecture specifics from the analysis by utilizing intermediate representation (IR) languages. Intermediate representation languages provide a method to abstract out machine specifics in order to aid in the analysis of computer programs. In particular, the LLVM IR language provides an extensive set of analysis and optimization libraries, along with a JIT engine, that can be collectively utilized to develop architecture-independent automated analysis and exploitation tools. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/0441c361-82b4-484e-b1df-610fa1dac83f-161014184441-thumbnail.jpg?width=120&height=120&fit=bounds" /> Dynamic binary analysis tools utilize a combination of techniques that include fuzzing, symbolic execution, and concolic execution to discover exploitable code in sophisticated binaries. Much work has been dedicated to developing automated analysis tools to target mainstream processor architectures (e.g. x86 and x86_64. ). An often overlooked and inadequately addressed area is the development of tools that target embedded systems processors that include PowerPC, MIPS, and SuperH. Historically, a challenge with targeting multiple embedded architectures was that it was often necessary to write an analysis tool for each architecture. In this talk, we'll discuss an approach for decoupling the architecture specifics from the analysis by utilizing intermediate representation (IR) languages. Intermediate representation languages provide a method to abstract out machine specifics in order to aid in the analysis of computer programs. In particular, the LLVM IR language provides an extensive set of analysis and optimization libraries, along with a JIT engine, that can be collectively utilized to develop architecture-independent automated analysis and exploitation tools.

Automating Analysis and Exploitation of Embedded Device Firmware from Malachi Jones

]]> 573 2 https://cdn.slidesharecdn.com/ss_thumbnails/0441c361-82b4-484e-b1df-610fa1dac83f-161014184441-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Embedded Systems Security /slideshow/embedded-systems-security-54730736/54730736 05e25f2b-a362-42dd-b7fe-49c32b2ce833-151104121841-lva1-app6892
]]>
]]> Wed, 04 Nov 2015 12:18:41 GMT /slideshow/embedded-systems-security-54730736/54730736 MalachiJones@slideshare.net(MalachiJones) Embedded Systems Security MalachiJones <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/05e25f2b-a362-42dd-b7fe-49c32b2ce833-151104121841-lva1-app6892-thumbnail.jpg?width=120&height=120&fit=bounds" />

Embedded Systems Security from Malachi Jones

]]> 3753 9 https://cdn.slidesharecdn.com/ss_thumbnails/05e25f2b-a362-42dd-b7fe-49c32b2ce833-151104121841-lva1-app6892-thumbnail.jpg?width=120&height=120&fit=bounds presentation 000000 http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Offensive cyber security: Smashing the stack with Python /slideshow/offensive-cyber-security-smashing-the-stack-with-python/51011366 offensivecybersecuritysmashingthestackfinal-150728114644-lva1-app6891
: A necessary step in writing secure code is having an understanding of how vulnerable code can be exploited. This step is critical because unless you see the software from the vantage point of a hacker, what may look to be safe and harmless code, can have multiple vulnerabilities that result in systems running that software getting p0wned. The goal of this tech talk is to provide a step-by-step illustration of how not adhering to secure software design principles such as properly bounds checking buffers can open up computing devices to exploitation. Specifically, we will show that by using a very easy to use scripting language like python, we can do the following: 1) Smash the stack of a system running vulnerable code to gain arbitrary access. 2) Install a key logger that can phone home to a command and control server.]]>
: A necessary step in writing secure code is having an understanding of how vulnerable code can be exploited. This step is critical because unless you see the software from the vantage point of a hacker, what may look to be safe and harmless code, can have multiple vulnerabilities that result in systems running that software getting p0wned. The goal of this tech talk is to provide a step-by-step illustration of how not adhering to secure software design principles such as properly bounds checking buffers can open up computing devices to exploitation. Specifically, we will show that by using a very easy to use scripting language like python, we can do the following: 1) Smash the stack of a system running vulnerable code to gain arbitrary access. 2) Install a key logger that can phone home to a command and control server.]]> Tue, 28 Jul 2015 11:46:44 GMT /slideshow/offensive-cyber-security-smashing-the-stack-with-python/51011366 MalachiJones@slideshare.net(MalachiJones) Offensive cyber security: Smashing the stack with Python MalachiJones : A necessary step in writing secure code is having an understanding of how vulnerable code can be exploited. This step is critical because unless you see the software from the vantage point of a hacker, what may look to be safe and harmless code, can have multiple vulnerabilities that result in systems running that software getting p0wned. The goal of this tech talk is to provide a step-by-step illustration of how not adhering to secure software design principles such as properly bounds checking buffers can open up computing devices to exploitation. Specifically, we will show that by using a very easy to use scripting language like python, we can do the following: 1) Smash the stack of a system running vulnerable code to gain arbitrary access. 2) Install a key logger that can phone home to a command and control server. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/offensivecybersecuritysmashingthestackfinal-150728114644-lva1-app6891-thumbnail.jpg?width=120&height=120&fit=bounds" /> : A necessary step in writing secure code is having an understanding of how vulnerable code can be exploited. This step is critical because unless you see the software from the vantage point of a hacker, what may look to be safe and harmless code, can have multiple vulnerabilities that result in systems running that software getting p0wned. The goal of this tech talk is to provide a step-by-step illustration of how not adhering to secure software design principles such as properly bounds checking buffers can open up computing devices to exploitation. Specifically, we will show that by using a very easy to use scripting language like python, we can do the following: 1) Smash the stack of a system running vulnerable code to gain arbitrary access. 2) Install a key logger that can phone home to a command and control server.

Offensive cyber security: Smashing the stack with Python from Malachi Jones

]]> 1438 5 https://cdn.slidesharecdn.com/ss_thumbnails/offensivecybersecuritysmashingthestackfinal-150728114644-lva1-app6891-thumbnail.jpg?width=120&height=120&fit=bounds presentation 000000 http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Cyber_Attack_Forecasting_Jones_2015 /slideshow/cyberattackforecastingjones2015-46873214/46873214 7f81cc79-a785-4dbf-83eb-ec666c67abb7-150410191705-conversion-gate01
]]>
]]> Fri, 10 Apr 2015 19:17:05 GMT /slideshow/cyberattackforecastingjones2015-46873214/46873214 MalachiJones@slideshare.net(MalachiJones) Cyber_Attack_Forecasting_Jones_2015 MalachiJones <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/7f81cc79-a785-4dbf-83eb-ec666c67abb7-150410191705-conversion-gate01-thumbnail.jpg?width=120&height=120&fit=bounds" />

Cyber_Attack_Forecasting_Jones_2015 from Malachi Jones

]]> 950 6 https://cdn.slidesharecdn.com/ss_thumbnails/7f81cc79-a785-4dbf-83eb-ec666c67abb7-150410191705-conversion-gate01-thumbnail.jpg?width=120&height=120&fit=bounds presentation 000000 http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 https://cdn.slidesharecdn.com/profile-photo-MalachiJones-48x48.jpg?cb=1623332265 Dr. Malachi Jones is a security researcher at Booz Allen Dark Labs located in Central Maryland and has over 8 years of combined experience performing security research work in academia and industry. As a Dark Labs security researcher, he specializes in embedded systems vulnerability assessment and is also an instructor with Booz Allen’s internal reverse engineering training program. Before joining Dark Labs in March 2016, he worked as a vulnerability researcher at a defense contractor in Melbourne, FL for over two years. Dr. Jones holds a B.S. in Computer Engineering from the University of Florida and an M.S. and PhD from Georgia Tech. His graduate work at Georgia Tech focused on model... https://cdn.slidesharecdn.com/ss_thumbnails/automatedreverseengineeringfunctionclassificationandmatchingv2-190221043719-thumbnail.jpg?width=320&height=320&fit=bounds MalachiJones/automated-reverse-engineeringfunctionclassificationandmatchingv2 Automating Reverse Eng... https://cdn.slidesharecdn.com/ss_thumbnails/automatedinmemorymalwarerootkitdetectionviabinaryanalysisandmachinelearningsmarttalkaspresented-171115190902-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/automated-inmemory-malwarerootkit-detection-via-binary-analysis-and-machine-learning/82121193 Automated In-memory Ma... https://cdn.slidesharecdn.com/ss_thumbnails/embeddeddevicehackingsessionirev3-170308213359-thumbnail.jpg?width=320&height=320&fit=bounds MalachiJones/embedded-device-hacking-session-i Embedded device hackin...