Geri Revay: Nie spłaszczaj się: usuwanie zaciemnionego kodu złośliwego systemu dzięki funkcji Control-Flow Flattening | CONFidence

youtube.com 1 tydzień temu


Control-Flow Flattening (CFF) is an obfuscation/anti-analysis method utilized by malware authors. Its goal is to alter the control flow of a function to hinder reverse engineering. utilizing CFF makes static analysis complex and increases the time investment for the analyst significantly.

Malware authors have already discovered this, and a steady increase can be seen in malware samples that usage CFF. Soon, all analyst will gotta face it daily, which calls for know-how and tooling to aid them.

This presentation intends to supply the needed know-how and tooling. First, we will discuss the general approach to fighting CFF. We will discuss identifying CFF and which components are essential to reconstruct the control flow.

We will compare 3 different approaches to fight CFF: basic pattern matching, emulation, and symbolic execution. Their implementation will be demonstrated as IDAPython scripts.

More: https://confidence-conference.org/