medusa
play

Medusa A disassembler and something more... Angelin Njakasoa BOOZ - PowerPoint PPT Presentation

Dec 18, 2023 •244 likes •453 views

Medusa A disassembler and something more... Angelin Njakasoa BOOZ LSE Summer Week 2016 Quarkslab Angelin Njakasoa BOOZ (LSE Summer Week 2016) Medusa LSE Week 2016 1 / 20 Presentation Whoami? Where do I work? What do I do? Angelin

  1. Medusa A disassembler and something more... Angelin Njakasoa BOOZ LSE Summer Week 2016 Quarkslab Angelin Njakasoa BOOZ (LSE Summer Week 2016) Medusa LSE Week 2016 1 / 20

  2. Presentation Whoami? Where do I work? What do I do? Angelin Njakasoa BOOZ (LSE Summer Week 2016) Medusa LSE Week 2016 2 / 20

  3. Reverse Engineering What is Reverse Engineering? Reverse engineering, also called back engineering, is the processes of extracting knowledge or design information from anything man-made and re-producing it or re-producing anything based on the extracted information. The process often involves disassembling something and analyzing its components and workings in detail. Angelin Njakasoa BOOZ (LSE Summer Week 2016) Medusa LSE Week 2016 3 / 20

  4. Why using reverse engineering? Analyze goodware for security reinforcement. Analyze malware to identify it easier and develop counter-measure. Angelin Njakasoa BOOZ (LSE Summer Week 2016) Medusa LSE Week 2016 4 / 20

  5. Financial impact of malware At rate, ransomware is on pace to be a $1 billion a year crime this year. The recent cyber attack on Bangladesh’s central bank that let hackers stole over $80 Million from the institutes’ Federal Reserve bank account was reportedly caused due to the Malware installed on the Bank’s computer systems. Although the malware type has not been identified, the malicious software likely included spying programs that let the group learn how money was processed, sent and received. Angelin Njakasoa BOOZ (LSE Summer Week 2016) Medusa LSE Week 2016 5 / 20

  6. What is Medusa? Medusa A disassembler with semantic, emulation and symbolic execution. It was made to have a more detailed analysis of binaries. Medusa is composed by: Loaders Architectures Passes Databases Analyzers Disassembler Emulator Symbolic Execution Engine Angelin Njakasoa BOOZ (LSE Summer Week 2016) Medusa LSE Week 2016 6 / 20

  7. Design Simplifier X86 Constant folder ARM Symbolic execution ... ... Configuation and disassembling Symbolic execution PE Interpreter Executable Opening Mapping Core Emulation ELF LLVM Analizing Loading and saving Disassembler Text Symbolic disassembler SOCI (WIP) ... Your contribution here Angelin Njakasoa BOOZ (LSE Summer Week 2016) Medusa LSE Week 2016 7 / 20

  8. Emulator CPU: Medusa relies on YAML files to describe each instructions, most of them also contain a specific field name semantic. Memory: Create a memory context to execute a program OS: We emulate function’s behavior in python Angelin Njakasoa BOOZ (LSE Summer Week 2016) Medusa LSE Week 2016 8 / 20

  9. Why emulation? Control what the target can access by managing memory, API, etc; Modify the execution on the fly Monitoring the context of the program Angelin Njakasoa BOOZ (LSE Summer Week 2016) Medusa LSE Week 2016 9 / 20

  10. Semantic Architectures: arm: .yaml 11485 loc - .py of 681 loc x86: .yaml 14121 - .py 794 loc z80: .yaml 4151 loc - .py 187 loc st62: .yaml 589 loc - .py 348 loc Angelin Njakasoa BOOZ (LSE Summer Week 2016) Medusa LSE Week 2016 10 / 20

  11. Semantic Into yaml file: opcode 0x00 mnemonic add operand Eb, Gb update_flags: cf, pf, af, zf, sf, of semantic add The generator is written in python because it’s easier to parse. Angelin Njakasoa BOOZ (LSE Summer Week 2016) Medusa LSE Week 2016 11 / 20

  12. How does it works? Demo Angelin Njakasoa BOOZ (LSE Summer Week 2016) Medusa LSE Week 2016 12 / 20

  13. Obfuscation Obfuscation Obfuscation is the obscuring of intended meaning in communication, making the message confusing, willfully ambiguous, or harder to understand. Angelin Njakasoa BOOZ (LSE Summer Week 2016) Medusa LSE Week 2016 13 / 20

  14. Symbolic Execution Definition Symbolic execution (also symbolic evaluation) is a means of analyzing a program to determine what inputs cause each part of a program to execute. Angelin Njakasoa BOOZ (LSE Summer Week 2016) Medusa LSE Week 2016 14 / 20

  15. Obfuscation Some methods of obfuscations: Constant unfolding Obfuscated pattern Data flattening Code flattening Angelin Njakasoa BOOZ (LSE Summer Week 2016) Medusa LSE Week 2016 15 / 20

  16. Symbolic execution on Constant unfolding x = 0xf9cbe47a + 0x6341b86 Angelin Njakasoa BOOZ (LSE Summer Week 2016) Medusa LSE Week 2016 16 / 20

  17. Symbolic execution on Pattern of obfuscation Demo Angelin Njakasoa BOOZ (LSE Summer Week 2016) Medusa LSE Week 2016 17 / 20

  18. Conclusion Questions Angelin Njakasoa BOOZ (LSE Summer Week 2016) Medusa LSE Week 2016 18 / 20

  19. Github https://github.com/wisk/medusa Angelin Njakasoa BOOZ (LSE Summer Week 2016) Medusa LSE Week 2016 19 / 20

  20. Big Thanks! Thanks to Wisk, Quarkslab and the LSE! Angelin Njakasoa BOOZ (LSE Summer Week 2016) Medusa LSE Week 2016 20 / 20

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Medusa Explorations www.medusa-online.com fenny@medusa-online.com Sensing Soil Physical

Medusa Explorations www.medusa-online.com fenny@medusa-online.com Sensing Soil Physical

Fenny van Egmond Medusa Explorations www.medusa-online.com fenny@medusa-online.com Sensing Soil Physical Properties Slide n 1 Physical soil properties Soil physical properties measured in 2012 and 2015 to: - Provide quantitative data for

593 views • 22 slides
Medusa Simplified Graph Processing on GPUs Motivation Graph processing algorithms are often

Medusa Simplified Graph Processing on GPUs Motivation Graph processing algorithms are often

Medusa Simplified Graph Processing on GPUs Motivation Graph processing algorithms are often inherently parallel GPUs consist of many processors running in parallel But writing this code is hard The Solution... Medusa is a

735 views • 18 slides
Network distribution in music applications with Medusa Fl avio Luiz SCHIAVONI Marcelo QUEIROZ

Network distribution in music applications with Medusa Fl avio Luiz SCHIAVONI Marcelo QUEIROZ

Network distribution in music applications with Medusa Network distribution in music applications with Medusa Fl avio Luiz SCHIAVONI Marcelo QUEIROZ Computer Science Department University of S ao Paulo S ao Paulo Brazil, { fls, mqz

386 views • 17 slides
Early Diagenesis Modelling with MEDUSA Guy Munhoven Laboratory for Planetary and Atmospheric

Early Diagenesis Modelling with MEDUSA Guy Munhoven Laboratory for Planetary and Atmospheric

Early Diagenesis Modelling with MEDUSA Guy Munhoven Laboratory for Planetary and Atmospheric Physics Fonds de la Recherche ScientifiqueFNRS AWI Bremerhaven 19th September 2017 Terrestrial Atmosphere and Carbon Cycle Atmosphere ocean

196 views • 16 slides
MEDUSA Quantitative Airborne Pollution Surveillance: Technology and Recent Results Presented by

MEDUSA Quantitative Airborne Pollution Surveillance: Technology and Recent Results Presented by

MEDUSA Quantitative Airborne Pollution Surveillance: Technology and Recent Results Presented by : Dr. Theo Hengstermann Business Development & Sales Optimare Systems GmbH Overview Company Introduction Airborne Pollution

289 views • 26 slides
Medusa: Microarchitectural Data Leakage via Automated Attack Synthesis Daniel Moghimi

Medusa: Microarchitectural Data Leakage via Automated Attack Synthesis Daniel Moghimi

Medusa: Microarchitectural Data Leakage via Automated Attack Synthesis Daniel Moghimi Moritz Lipp Berk Sunar Michael Schwarz 2018: Meltdown Attack? 2 2018: Meltdown Attack? Virtual Address Space User Space CPU Registers

1.14k views • 63 slides
PROJECT M EDU S A PROJECT M EDU S A Pact o por la Educacin La calidad, compromiso de todos

PROJECT M EDU S A PROJECT M EDU S A Pact o por la Educacin La calidad, compromiso de todos

CONSEJ ERA DE EDUCACIN CULTURA Y DEPORTES mEDUXa Educational linux distribution of the Canarian Goverment ANTONIO J IM NEZ M ORILLA MEDUSA TECHNICAL COORDINATOR OF INFRAESTRUCTURE & SYSTEMS AGUSTN BENITO BETHENCOURT DEVELOPER

485 views • 36 slides
Co- -located halogenated greenhouse gases located halogenated greenhouse gases Co measurements

Co- -located halogenated greenhouse gases located halogenated greenhouse gases Co measurements

Materials Sci ence & Technolog y Co- -located halogenated greenhouse gases located halogenated greenhouse gases Co measurements by GC- -ECDs ECDs and and measurements by GC Medusa- -GC/MS at the GC/MS at the Shangdianzi Shangdianzi

677 views • 26 slides
SOCI 210: Sociological Perspectives Nov. 10 1. Relational sociology 2. Network relations 3.

SOCI 210: Sociological Perspectives Nov. 10 1. Relational sociology 2. Network relations 3.

SOCI 210: Sociological Perspectives Nov. 10 1. Relational sociology 2. Network relations 3. Position and juxtaposition 4. Networks and mobilization 1 Networks and Mobilization Gould (1991) 2 Paris Commune Radical socialist government

388 views • 18 slides
Colossians Series Lesson #45 February 5, 2012 Dean Bible Ministries www.deanbible.org Dr.

Colossians Series Lesson #45 February 5, 2012 Dean Bible Ministries www.deanbible.org Dr.

Colossians Series Lesson #45 February 5, 2012 Dean Bible Ministries www.deanbible.org Dr. Robert L. Dean, Jr. C OLOSSIANS : Jesus Christ is All-Sufficient Christs Triumph Over Sin, Satan, and the Demons Colossians 2:15 Col. 2:11,

161 views • 12 slides
Lusteral Uniform and Modular Composition of Data-flow & Control-flow in the Lazy

Lusteral Uniform and Modular Composition of Data-flow & Control-flow in the Lazy

Lusteral Uniform and Modular Composition of Data-flow & Control-flow in the Lazy -Calculus joint work with Marc Pouzet M. Mendler, University of Bamberg Synchron 2008 CPL Aussois Synchron 2008 CPL Aussois 1 Constructive Data

491 views • 48 slides
Lec04: Writing Exploits Taesoo Kim 2 Scoreboard 3 Administrivia Join Piazza! An

Lec04: Writing Exploits Taesoo Kim 2 Scoreboard 3 Administrivia Join Piazza! An

1 Lec04: Writing Exploits Taesoo Kim 2 Scoreboard 3 Administrivia Join Piazza! An optional recitation on every Wed 5:00-6:00pm (in Klaus 1447) 6:00-6:30pm ( in Klaus 3126 ) Due: Lab03 (stack overflow) on Sept 22

698 views • 17 slides
Securing Untrusted Code via Compiler-Agnostic Binary Rewriting Richard Wartell, Vishwath Mohan,

Securing Untrusted Code via Compiler-Agnostic Binary Rewriting Richard Wartell, Vishwath Mohan,

Securing Untrusted Code via Compiler-Agnostic Binary Rewriting Richard Wartell, Vishwath Mohan, Kevin W. Hamlen, Zhiqiang Lin Department of Computer Science, The University of Texas at Dallas Presented by David Gloe Outline Introduction

576 views • 23 slides
Program Code Analyzers Agenda The Problem Dynamic and Static Tools Examples of

Program Code Analyzers Agenda The Problem Dynamic and Static Tools Examples of

Generic Programming and Library Development The Problems Presentation on Program Code Analyzers Dynamic and Static Tools May 18 th 2007 Examples of Tools Program Code Analyzers Agenda The Problem Dynamic and Static Tools

388 views • 13 slides
Instruction Set Architectures ! ISAs ! Brief history of processors and architectures ! C, assembly,

Instruction Set Architectures ! ISAs ! Brief history of processors and architectures ! C, assembly,

University of Washington Instruction Set Architectures ! ISAs ! Brief history of processors and architectures ! C, assembly, machine code ! Assembly basics: registers, operands, move instructions 1 University of Washington What should the HW/SW

925 views • 27 slides
Runtime Security Lab Michael Schwarz Friday 31 st August, 2018 Graz Security Week 2018

Runtime Security Lab Michael Schwarz Friday 31 st August, 2018 Graz Security Week 2018

Runtime Security Lab Michael Schwarz Friday 31 st August, 2018 Graz Security Week 2018 https://www.incapsula.com/blog/malware-analysis-mirai-ddos-botnet.html www.tugraz.at Large IoT Incidents September 21, 2016 > 600 Gbps on Brian Krebs

1.19k views • 71 slides
Graphs "Graph theory is a terminological jungle, in which any newcomer may plant a

Graphs "Graph theory is a terminological jungle, in which any newcomer may plant a

9/3/19 DCS/CSCI 2350: Social & Economic Networks Graphs Reading: Ch 2 (Easley-Kleinberg) Mohammad T . Irfan Email: mirfan@bowdoin.edu Graphs "Graph theory is a terminological jungle, in which any newcomer may plant a tree."

518 views • 8 slides
Conjunctive Queries on Probabilistic Graphs: Combined Complexity Antoine Amarilli 1 , Mikal

Conjunctive Queries on Probabilistic Graphs: Combined Complexity Antoine Amarilli 1 , Mikal

Conjunctive Queries on Probabilistic Graphs: Combined Complexity Antoine Amarilli 1 , Mikal Monet 1 , 2 , Pierre Senellart 2 , 3 May 16th, 2017 1 LTCI, Tlcom ParisTech, Universit Paris-Saclay; Paris, France 2 Inria Paris; Paris, France 3

1.3k views • 86 slides
Graph Theory Mongi BLEL King Saud University August 30, 2019 Mongi BLEL Graph Theory Table of

Graph Theory Mongi BLEL King Saud University August 30, 2019 Mongi BLEL Graph Theory Table of

Graph Theory Mongi BLEL King Saud University August 30, 2019 Mongi BLEL Graph Theory Table of contents Mongi BLEL Graph Theory Definition A graph G = ( V , E ) is a structure consisting of a set V of

1.17k views • 81 slides
CS 401: Computer Algorithm I Complexity / Graphs Xiaorui Sun 1 Complexity Given two positive

CS 401: Computer Algorithm I Complexity / Graphs Xiaorui Sun 1 Complexity Given two positive

CS 401: Computer Algorithm I Complexity / Graphs Xiaorui Sun 1 Complexity Given two positive functions f and g f(N) is O(g(N)) iff there is a constant c > 0 s.t., f(N) is eventually always c g(N) f(N) is W (g(N)) iff there is a

515 views • 24 slides
Topic II: Graph Mining Discrete Topics in Data Mining Universitt des Saarlandes, Saarbrcken

Topic II: Graph Mining Discrete Topics in Data Mining Universitt des Saarlandes, Saarbrcken

Topic II: Graph Mining Discrete Topics in Data Mining Universitt des Saarlandes, Saarbrcken Winter Semester 2012/13 T II.Intro- 1 Topic II Intro: Graph Mining 1. Why Graphs? 2. What is Graph Mining 3. Graphs: Definitions 4. Centrality

712 views • 40 slides
CS 574: Randomized Algorithms Lecture 6. Expander Graphs September 10, 2015 Lecture 6. Expander

CS 574: Randomized Algorithms Lecture 6. Expander Graphs September 10, 2015 Lecture 6. Expander

CS 574: Randomized Algorithms Lecture 6. Expander Graphs September 10, 2015 Lecture 6. Expander Graphs CS 574: Randomized Algorithms Expanders d -regular graphs, ( S ) is set of neighbors of set S . Lecture 6. Expander Graphs CS 574:

470 views • 44 slides
Te Text Generation from Kn Knowledge Graphs with Gr Graph Transforme rmers NAACL19 Rik

Te Text Generation from Kn Knowledge Graphs with Gr Graph Transforme rmers NAACL19 Rik

Te Text Generation from Kn Knowledge Graphs with Gr Graph Transforme rmers NAACL19 Rik Koncel-Kedziorski , Dhanush Bekal , Yi Luan , Mirella Lapata , and Hannaneh Hajishirzi University of Washington University of Edinburgh Allen

535 views • 22 slides
What are we going to study in this class? Ling324 Meaning from Linguistic Expression: Semantics

What are we going to study in this class? Ling324 Meaning from Linguistic Expression: Semantics

What are we going to study in this class? Ling324 Meaning from Linguistic Expression: Semantics Sentences in natural language convey information. The information conveyed by a linguistic expression is the MEANING of that expression. If we

179 views • 5 slides

More recommend