狠狠撸shows by User: MalachiJones
/
http://www.slideshare.net/images/logo.gif狠狠撸shows by User: MalachiJones
/
Thu, 21 Feb 2019 04:37:19 GMT狠狠撸Share feed for 狠狠撸shows by User: MalachiJonesAutomating Reverse Engineering: Function Classification and Matching
/MalachiJones/automated-reverse-engineeringfunctionclassificationandmatchingv2
automatedreverseengineeringfunctionclassificationandmatchingv2-190221043719 A recurring and fundamental challenge that a reverse engineer (RE) experiences is understanding the behavior and functionality exhibited by a binary under examination. To complicate matters, skills needed to succeed in this challenge vary significantly across practitioners and can often takes a considerable amount of experience (5- 7 years) to achieve a sufficient level of competence. Recent work (performed in academia) in applying machine learning (ML) to reverse engineering shows promise in helping to address these issues in a way that can allow junior reverse engineers to make substantial contributions to RE tasking and can allow RE work to be performed in a scalable manner across platforms and architectures.
In this talk, we will discuss how ML techniques can be leveraged to classify behavioral characteristics (e.g. crypto, file I/O, network, IPC, and trampoline) exhibited by a function in a manner that can scale well and without the need for humans to perform labeling. We will also discuss how these techniques can be applied to identify/recover function symbols in stripped binaries. As part of the discussion, we will also explore approaches that have the potential to allow concepts and ideas presented in these academic works to be applied to real world RE problems.
]]>
A recurring and fundamental challenge that a reverse engineer (RE) experiences is understanding the behavior and functionality exhibited by a binary under examination. To complicate matters, skills needed to succeed in this challenge vary significantly across practitioners and can often takes a considerable amount of experience (5- 7 years) to achieve a sufficient level of competence. Recent work (performed in academia) in applying machine learning (ML) to reverse engineering shows promise in helping to address these issues in a way that can allow junior reverse engineers to make substantial contributions to RE tasking and can allow RE work to be performed in a scalable manner across platforms and architectures.
In this talk, we will discuss how ML techniques can be leveraged to classify behavioral characteristics (e.g. crypto, file I/O, network, IPC, and trampoline) exhibited by a function in a manner that can scale well and without the need for humans to perform labeling. We will also discuss how these techniques can be applied to identify/recover function symbols in stripped binaries. As part of the discussion, we will also explore approaches that have the potential to allow concepts and ideas presented in these academic works to be applied to real world RE problems.
]]>
Thu, 21 Feb 2019 04:37:19 GMT/MalachiJones/automated-reverse-engineeringfunctionclassificationandmatchingv2MalachiJones@slideshare.net(MalachiJones)Automating Reverse Engineering: Function Classification and MatchingMalachiJonesA recurring and fundamental challenge that a reverse engineer (RE) experiences is understanding the behavior and functionality exhibited by a binary under examination. To complicate matters, skills needed to succeed in this challenge vary significantly across practitioners and can often takes a considerable amount of experience (5- 7 years) to achieve a sufficient level of competence. Recent work (performed in academia) in applying machine learning (ML) to reverse engineering shows promise in helping to address these issues in a way that can allow junior reverse engineers to make substantial contributions to RE tasking and can allow RE work to be performed in a scalable manner across platforms and architectures.
In this talk, we will discuss how ML techniques can be leveraged to classify behavioral characteristics (e.g. crypto, file I/O, network, IPC, and trampoline) exhibited by a function in a manner that can scale well and without the need for humans to perform labeling. We will also discuss how these techniques can be applied to identify/recover function symbols in stripped binaries. As part of the discussion, we will also explore approaches that have the potential to allow concepts and ideas presented in these academic works to be applied to real world RE problems.
<img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/automatedreverseengineeringfunctionclassificationandmatchingv2-190221043719-thumbnail.jpg?width=120&height=120&fit=bounds" /><br> A recurring and fundamental challenge that a reverse engineer (RE) experiences is understanding the behavior and functionality exhibited by a binary under examination. To complicate matters, skills needed to succeed in this challenge vary significantly across practitioners and can often takes a considerable amount of experience (5- 7 years) to achieve a sufficient level of competence. Recent work (performed in academia) in applying machine learning (ML) to reverse engineering shows promise in helping to address these issues in a way that can allow junior reverse engineers to make substantial contributions to RE tasking and can allow RE work to be performed in a scalable manner across platforms and architectures.
In this talk, we will discuss how ML techniques can be leveraged to classify behavioral characteristics (e.g. crypto, file I/O, network, IPC, and trampoline) exhibited by a function in a manner that can scale well and without the need for humans to perform labeling. We will also discuss how these techniques can be applied to identify/recover function symbols in stripped binaries. As part of the discussion, we will also explore approaches that have the potential to allow concepts and ideas presented in these academic works to be applied to real world RE problems.
]]>
2993https://cdn.slidesharecdn.com/ss_thumbnails/automatedreverseengineeringfunctionclassificationandmatchingv2-190221043719-thumbnail.jpg?width=120&height=120&fit=boundspresentationBlackhttp://activitystrea.ms/schema/1.0/posthttp://activitystrea.ms/schema/1.0/posted0Automated In-memory Malware/Rootkit Detection via Binary Analysis and Machine Learning
/slideshow/automated-inmemory-malwarerootkit-detection-via-binary-analysis-and-machine-learning/82121193
automatedinmemorymalwarerootkitdetectionviabinaryanalysisandmachinelearningsmarttalkaspresented-171115190902 Discussion and demonstration of an automated approach
for pairing Memory Forensics with Binary Analysis and
Machine Learning to analyze the execution behavior of
binaries collected from a set of hosts to detect advanced
persistent threats (APT)s that may evade detection by
hooking and "traditional" emulation.]]>
Discussion and demonstration of an automated approach
for pairing Memory Forensics with Binary Analysis and
Machine Learning to analyze the execution behavior of
binaries collected from a set of hosts to detect advanced
persistent threats (APT)s that may evade detection by
hooking and "traditional" emulation.]]>
Wed, 15 Nov 2017 19:09:02 GMT/slideshow/automated-inmemory-malwarerootkit-detection-via-binary-analysis-and-machine-learning/82121193MalachiJones@slideshare.net(MalachiJones)Automated In-memory Malware/Rootkit Detection via Binary Analysis and Machine LearningMalachiJonesDiscussion and demonstration of an automated approach
for pairing Memory Forensics with Binary Analysis and
Machine Learning to analyze the execution behavior of
binaries collected from a set of hosts to detect advanced
persistent threats (APT)s that may evade detection by
hooking and "traditional" emulation.<img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/automatedinmemorymalwarerootkitdetectionviabinaryanalysisandmachinelearningsmarttalkaspresented-171115190902-thumbnail.jpg?width=120&height=120&fit=bounds" /><br> Discussion and demonstration of an automated approach
for pairing Memory Forensics with Binary Analysis and
Machine Learning to analyze the execution behavior of
binaries collected from a set of hosts to detect advanced
persistent threats (APT)s that may evade detection by
hooking and "traditional" emulation.
]]>
11623https://cdn.slidesharecdn.com/ss_thumbnails/automatedinmemorymalwarerootkitdetectionviabinaryanalysisandmachinelearningsmarttalkaspresented-171115190902-thumbnail.jpg?width=120&height=120&fit=boundspresentation000000http://activitystrea.ms/schema/1.0/posthttp://activitystrea.ms/schema/1.0/posted0Embedded device hacking Session i
/MalachiJones/embedded-device-hacking-session-i
embeddeddevicehackingsessionirev3-170308213359 The goal of the workshop is to provide a hands-on introduction to key pen-testing tools and concepts that white-hat and black-hat hackers utilize to find and exploit vulnerabilities in real-world embedded devices. ]]>
The goal of the workshop is to provide a hands-on introduction to key pen-testing tools and concepts that white-hat and black-hat hackers utilize to find and exploit vulnerabilities in real-world embedded devices. ]]>
Wed, 08 Mar 2017 21:33:59 GMT/MalachiJones/embedded-device-hacking-session-iMalachiJones@slideshare.net(MalachiJones)Embedded device hacking Session iMalachiJonesThe goal of the workshop is to provide a hands-on introduction to key pen-testing tools and concepts that white-hat and black-hat hackers utilize to find and exploit vulnerabilities in real-world embedded devices. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/embeddeddevicehackingsessionirev3-170308213359-thumbnail.jpg?width=120&height=120&fit=bounds" /><br> The goal of the workshop is to provide a hands-on introduction to key pen-testing tools and concepts that white-hat and black-hat hackers utilize to find and exploit vulnerabilities in real-world embedded devices.
]]>
7114https://cdn.slidesharecdn.com/ss_thumbnails/embeddeddevicehackingsessionirev3-170308213359-thumbnail.jpg?width=120&height=120&fit=boundspresentationBlackhttp://activitystrea.ms/schema/1.0/posthttp://activitystrea.ms/schema/1.0/posted0SmartphoneHacking_Android_Exploitation
/slideshow/smartphonehackingandroidexploitation-67476955/67476955
de759d65-1e70-4ba8-a687-cbd7e04b2a69-161020231345 Security from both sides of the fence 鈥� a discussion of techniques, such as fuzzing, to reduce the likelihood of an attacker
discovering exploits on smartphones and PCs;
plus a demonstration of approaches hackers may use to weaponize and exploit vulnerabilities. ]]>
Security from both sides of the fence 鈥� a discussion of techniques, such as fuzzing, to reduce the likelihood of an attacker
discovering exploits on smartphones and PCs;
plus a demonstration of approaches hackers may use to weaponize and exploit vulnerabilities. ]]>
Thu, 20 Oct 2016 23:13:45 GMT/slideshow/smartphonehackingandroidexploitation-67476955/67476955MalachiJones@slideshare.net(MalachiJones)SmartphoneHacking_Android_ExploitationMalachiJonesSecurity from both sides of the fence 鈥� a discussion of techniques, such as fuzzing, to reduce the likelihood of an attacker
discovering exploits on smartphones and PCs;
plus a demonstration of approaches hackers may use to weaponize and exploit vulnerabilities. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/de759d65-1e70-4ba8-a687-cbd7e04b2a69-161020231345-thumbnail.jpg?width=120&height=120&fit=bounds" /><br> Security from both sides of the fence 鈥� a discussion of techniques, such as fuzzing, to reduce the likelihood of an attacker
discovering exploits on smartphones and PCs;
plus a demonstration of approaches hackers may use to weaponize and exploit vulnerabilities.
]]>
3506https://cdn.slidesharecdn.com/ss_thumbnails/de759d65-1e70-4ba8-a687-cbd7e04b2a69-161020231345-thumbnail.jpg?width=120&height=120&fit=boundspresentationBlackhttp://activitystrea.ms/schema/1.0/posthttp://activitystrea.ms/schema/1.0/posted0Automating Analysis and Exploitation of Embedded Device Firmware
/slideshow/automatinganalysisandexploitationofembeddeddevicefirmware-67192871/67192871
0441c361-82b4-484e-b1df-610fa1dac83f-161014184441 Dynamic binary analysis tools utilize a combination of techniques that include fuzzing, symbolic execution, and concolic execution to discover exploitable code in sophisticated binaries. Much work has been dedicated to developing automated analysis tools to target mainstream processor architectures (e.g. x86 and x86_64. ). An often overlooked and inadequately addressed area is the development of tools that target embedded systems processors that include PowerPC, MIPS, and SuperH. Historically, a challenge with targeting multiple embedded architectures was that it was often necessary to write an analysis tool for each architecture.
In this talk, we'll discuss an approach for decoupling the architecture specifics from the analysis by utilizing intermediate representation (IR) languages. Intermediate representation languages provide a method to abstract out machine specifics in order to aid in the analysis of computer programs. In particular, the LLVM IR language provides an extensive set of analysis and optimization libraries, along with a JIT engine, that can be collectively utilized to develop architecture-independent automated analysis and exploitation tools.]]>
Dynamic binary analysis tools utilize a combination of techniques that include fuzzing, symbolic execution, and concolic execution to discover exploitable code in sophisticated binaries. Much work has been dedicated to developing automated analysis tools to target mainstream processor architectures (e.g. x86 and x86_64. ). An often overlooked and inadequately addressed area is the development of tools that target embedded systems processors that include PowerPC, MIPS, and SuperH. Historically, a challenge with targeting multiple embedded architectures was that it was often necessary to write an analysis tool for each architecture.
In this talk, we'll discuss an approach for decoupling the architecture specifics from the analysis by utilizing intermediate representation (IR) languages. Intermediate representation languages provide a method to abstract out machine specifics in order to aid in the analysis of computer programs. In particular, the LLVM IR language provides an extensive set of analysis and optimization libraries, along with a JIT engine, that can be collectively utilized to develop architecture-independent automated analysis and exploitation tools.]]>
Fri, 14 Oct 2016 18:44:41 GMT/slideshow/automatinganalysisandexploitationofembeddeddevicefirmware-67192871/67192871MalachiJones@slideshare.net(MalachiJones)Automating Analysis and Exploitation of Embedded Device FirmwareMalachiJonesDynamic binary analysis tools utilize a combination of techniques that include fuzzing, symbolic execution, and concolic execution to discover exploitable code in sophisticated binaries. Much work has been dedicated to developing automated analysis tools to target mainstream processor architectures (e.g. x86 and x86_64. ). An often overlooked and inadequately addressed area is the development of tools that target embedded systems processors that include PowerPC, MIPS, and SuperH. Historically, a challenge with targeting multiple embedded architectures was that it was often necessary to write an analysis tool for each architecture.
In this talk, we'll discuss an approach for decoupling the architecture specifics from the analysis by utilizing intermediate representation (IR) languages. Intermediate representation languages provide a method to abstract out machine specifics in order to aid in the analysis of computer programs. In particular, the LLVM IR language provides an extensive set of analysis and optimization libraries, along with a JIT engine, that can be collectively utilized to develop architecture-independent automated analysis and exploitation tools.<img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/0441c361-82b4-484e-b1df-610fa1dac83f-161014184441-thumbnail.jpg?width=120&height=120&fit=bounds" /><br> Dynamic binary analysis tools utilize a combination of techniques that include fuzzing, symbolic execution, and concolic execution to discover exploitable code in sophisticated binaries. Much work has been dedicated to developing automated analysis tools to target mainstream processor architectures (e.g. x86 and x86_64. ). An often overlooked and inadequately addressed area is the development of tools that target embedded systems processors that include PowerPC, MIPS, and SuperH. Historically, a challenge with targeting multiple embedded architectures was that it was often necessary to write an analysis tool for each architecture.
In this talk, we'll discuss an approach for decoupling the architecture specifics from the analysis by utilizing intermediate representation (IR) languages. Intermediate representation languages provide a method to abstract out machine specifics in order to aid in the analysis of computer programs. In particular, the LLVM IR language provides an extensive set of analysis and optimization libraries, along with a JIT engine, that can be collectively utilized to develop architecture-independent automated analysis and exploitation tools.
]]>
37859https://cdn.slidesharecdn.com/ss_thumbnails/05e25f2b-a362-42dd-b7fe-49c32b2ce833-151104121841-lva1-app6892-thumbnail.jpg?width=120&height=120&fit=boundspresentation000000http://activitystrea.ms/schema/1.0/posthttp://activitystrea.ms/schema/1.0/posted0Offensive cyber security: Smashing the stack with Python
/slideshow/offensive-cyber-security-smashing-the-stack-with-python/51011366
offensivecybersecuritysmashingthestackfinal-150728114644-lva1-app6891 : A necessary step in writing secure code is having an understanding of how vulnerable code can be exploited. This step is critical because unless you see the software from the vantage point of a hacker, what may look to be safe and harmless code, can have multiple vulnerabilities that result in systems running that software getting p0wned. The goal of this tech talk is to provide a step-by-step illustration of how not adhering to secure software design principles such as properly bounds checking buffers can open up computing devices to exploitation. Specifically, we will show that by using a very easy to use scripting language like python, we can do the following: 1) Smash the stack of a system running vulnerable code to gain arbitrary access. 2) Install a key logger that can phone home to a command and control server.]]>
: A necessary step in writing secure code is having an understanding of how vulnerable code can be exploited. This step is critical because unless you see the software from the vantage point of a hacker, what may look to be safe and harmless code, can have multiple vulnerabilities that result in systems running that software getting p0wned. The goal of this tech talk is to provide a step-by-step illustration of how not adhering to secure software design principles such as properly bounds checking buffers can open up computing devices to exploitation. Specifically, we will show that by using a very easy to use scripting language like python, we can do the following: 1) Smash the stack of a system running vulnerable code to gain arbitrary access. 2) Install a key logger that can phone home to a command and control server.]]>
Tue, 28 Jul 2015 11:46:44 GMT/slideshow/offensive-cyber-security-smashing-the-stack-with-python/51011366MalachiJones@slideshare.net(MalachiJones)Offensive cyber security: Smashing the stack with PythonMalachiJones: A necessary step in writing secure code is having an understanding of how vulnerable code can be exploited. This step is critical because unless you see the software from the vantage point of a hacker, what may look to be safe and harmless code, can have multiple vulnerabilities that result in systems running that software getting p0wned. The goal of this tech talk is to provide a step-by-step illustration of how not adhering to secure software design principles such as properly bounds checking buffers can open up computing devices to exploitation. Specifically, we will show that by using a very easy to use scripting language like python, we can do the following: 1) Smash the stack of a system running vulnerable code to gain arbitrary access. 2) Install a key logger that can phone home to a command and control server.<img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/offensivecybersecuritysmashingthestackfinal-150728114644-lva1-app6891-thumbnail.jpg?width=120&height=120&fit=bounds" /><br> : A necessary step in writing secure code is having an understanding of how vulnerable code can be exploited. This step is critical because unless you see the software from the vantage point of a hacker, what may look to be safe and harmless code, can have multiple vulnerabilities that result in systems running that software getting p0wned. The goal of this tech talk is to provide a step-by-step illustration of how not adhering to secure software design principles such as properly bounds checking buffers can open up computing devices to exploitation. Specifically, we will show that by using a very easy to use scripting language like python, we can do the following: 1) Smash the stack of a system running vulnerable code to gain arbitrary access. 2) Install a key logger that can phone home to a command and control server.
]]>
9566https://cdn.slidesharecdn.com/ss_thumbnails/7f81cc79-a785-4dbf-83eb-ec666c67abb7-150410191705-conversion-gate01-thumbnail.jpg?width=120&height=120&fit=boundspresentation000000http://activitystrea.ms/schema/1.0/posthttp://activitystrea.ms/schema/1.0/posted0https://cdn.slidesharecdn.com/profile-photo-MalachiJones-48x48.jpg?cb=1623332265Dr. Malachi Jones is a security researcher at Booz Allen Dark Labs located in Central Maryland and has over 8 years of combined experience performing security research work in academia and industry. As a Dark Labs security researcher, he specializes in embedded systems vulnerability assessment and is also an instructor with Booz Allen鈥檚 internal reverse engineering training program. Before joining Dark Labs in March 2016, he worked as a vulnerability researcher at a defense contractor in Melbourne, FL for over two years. Dr. Jones holds a B.S. in Computer Engineering from the University of Florida and an M.S. and PhD from Georgia Tech. His graduate work at Georgia Tech focused on model...https://cdn.slidesharecdn.com/ss_thumbnails/automatedreverseengineeringfunctionclassificationandmatchingv2-190221043719-thumbnail.jpg?width=320&height=320&fit=boundsMalachiJones/automated-reverse-engineeringfunctionclassificationandmatchingv2Automating Reverse Eng...https://cdn.slidesharecdn.com/ss_thumbnails/automatedinmemorymalwarerootkitdetectionviabinaryanalysisandmachinelearningsmarttalkaspresented-171115190902-thumbnail.jpg?width=320&height=320&fit=boundsslideshow/automated-inmemory-malwarerootkit-detection-via-binary-analysis-and-machine-learning/82121193Automated In-memory Ma...https://cdn.slidesharecdn.com/ss_thumbnails/embeddeddevicehackingsessionirev3-170308213359-thumbnail.jpg?width=320&height=320&fit=boundsMalachiJones/embedded-device-hacking-session-iEmbedded device hackin...