the remote metamorphic engine
play

The Remote Metamorphic Engine Detecting, Evading, Attacking the AI - PowerPoint PPT Presentation

May 03, 2023 •168 likes •683 views

The Remote Metamorphic Engine Detecting, Evading, Attacking the AI and Reverse Engineering Amro Abdelgawad / REcon 2016 line46_1: mov ecx, [esp] nop nop mov dl, 0xe9 test edx, edx mov byte [ecx], dl The Remote Metamorphic Engine xor eax, 0

  1. The Remote Metamorphic Engine Detecting, Evading, Attacking the AI and Reverse Engineering Amro Abdelgawad / REcon 2016

  2. line46_1: mov ecx, [esp] nop nop mov dl, 0xe9 test edx, edx mov byte [ecx], dl The Remote Metamorphic Engine xor eax, 0 mov edx, 0x00000067 mov dword [ecx+1], edx ret line95: pushad pushf call line95_1 db 7 db 3 dd 838225172 db 2 dd 4211932376 db 4 dd 2520091426 ‣ Security as undefined expression db 3 dd 946381070 db 2 dd 3318121790 db 2 dd 1375432265 db 1 dd -1 ‣ Flux binary mutation mov ebx, 92 add eax, ebx mov ebx, eax sub dword [eax], 0xe82c334d add eax, 4 add dword [eax], 0xa1723594 add eax, 4 ‣ Resisting Reverse Engineering xor dword [eax], 0xb1c21343 add eax, 4 sub dword [eax], 0x111111ee add eax, 4 add dword [eax], 0xaaccee22 add eax, 4 jmp ebx ‣ Evading AI machine learning line95_2: popf popad nop jmp long line96 line95_1: mov eax, [esp] ‣ Artificial Immunity nop nop xor eax, eax xor ecx, ecx xor edx, edx mov cl, 0xe9 mov byte [eax], cl xor edx, 0 mov ecx, 0x00000057 mov dword [eax+1], ecx ret

  3. line46_1: mov ecx, [esp] nop nop mov dl, 0xe9 test edx, edx mov byte [ecx], dl xor eax, 0 mov edx, 0x00000067 mov dword [ecx+1], edx ret line95: pushad pushf call line95_1 db 7 db 3 dd 838225172 db 2 dd 4211932376 db 4 dd 2520091426 db 3 dd 946381070 db 2 dd 3318121790 db 2 dd 1375432265 { } db 1 dd -1 Security Patterns mov ebx, 92 add eax, ebx mov ebx, eax sub dword [eax], 0xe82c334d add eax, 4 add dword [eax], 0xa1723594 add eax, 4 xor dword [eax], 0xb1c21343 add eax, 4 Division by Zero | Division by Infinity sub dword [eax], 0x111111ee add eax, 4 add dword [eax], 0xaaccee22 add eax, 4 jmp ebx Isolation Randomization line95_2: popf popad nop jmp long line96 line95_1: mov eax, [esp] nop nop xor eax, eax xor ecx, ecx xor edx, edx mov cl, 0xe9 mov byte [eax], cl xor edx, 0 mov ecx, 0x00000057 mov dword [eax+1], ecx ret

  4. line46_1: mov ecx, [esp] nop nop The Undefined Expression mov dl, 0xe9 test edx, edx mov byte [ecx], dl xor eax, 0 mov edx, 0x00000067 mov dword [ecx+1], edx ret line95: pushad Security as Undefined & indeterminate expression pushf call line95_1 db 7 db 3 dd 838225172 db 2 dd 4211932376 db 4 dd 2520091426 db 3 dd 946381070 db 2 1 dd 3318121790 db 2 - ∞ ∞ dd 1375432265 = = db 1 dd -1 mov ebx, 92 0 add eax, ebx mov ebx, eax sub dword [eax], 0xe82c334d add eax, 4 add dword [eax], 0xa1723594 add eax, 4 xor dword [eax], 0xb1c21343 add eax, 4 Undefined sub dword [eax], 0x111111ee add eax, 4 add dword [eax], 0xaaccee22 add eax, 4 jmp ebx line95_2: popf ∞ 0 popad RE Time nop jmp long line96 line95_1: mov eax, [esp] nop nop xor eax, eax xor ecx, ecx xor edx, edx The Remote mov cl, 0xe9 mov byte [eax], cl Metamorphic xor edx, 0 mov ecx, 0x00000057 Engine mov dword [eax+1], ecx ret

  5. line46_1: mov ecx, [esp] nop nop mov dl, 0xe9 test edx, edx The Unbreakable Code mov byte [ecx], dl xor eax, 0 mov edx, 0x00000067 mov dword [ecx+1], edx ret line95: pushad pushf call line95_1 db 7 db 3 dd 838225172 db 2 dd 4211932376 Unpredictable db 4 dd 2520091426 db 3 dd 946381070 db 2 dd 3318121790 un · pre · dict · a · ble db 2 dd 1375432265 db 1 dd -1 mov ebx, 92 adjective:/ ˌə npr əˈ dikt ə b( ə )l/ add eax, ebx mov ebx, eax sub dword [eax], 0xe82c334d add eax, 4 add dword [eax], 0xa1723594 add eax, 4 xor dword [eax], 0xb1c21343 add eax, 4 sub dword [eax], 0x111111ee add eax, 4 add dword [eax], 0xaaccee22 add eax, 4 Likely to change suddenly and without reason jmp ebx line95_2: popf popad nop jmp long line96 and therefore not able to be predicted line95_1: mov eax, [esp] nop nop xor eax, eax (= expected before it happens) xor ecx, ecx xor edx, edx mov cl, 0xe9 mov byte [eax], cl xor edx, 0 mov ecx, 0x00000057 mov dword [eax+1], ecx ret

  6. line46_1: mov ecx, [esp] nop nop mov dl, 0xe9 test edx, edx mov byte [ecx], dl xor eax, 0 mov edx, 0x00000067 mov dword [ecx+1], edx ret The Breakable Code line95: pushad pushf call line95_1 db 7 db 3 dd 838225172 db 2 dd 4211932376 The Fixed Static Code Problem db 4 dd 2520091426 db 3 dd 946381070 db 2 dd 3318121790 db 2 Static Code Dynamic Data dd 1375432265 db 1 dd -1 mov ebx, 92 add eax, ebx mov ebx, eax sub dword [eax], 0xe82c334d add eax, 4 add dword [eax], 0xa1723594 add eax, 4 xor dword [eax], 0xb1c21343 add eax, 4 sub dword [eax], 0x111111ee add eax, 4 Core security weakness in all today’s software add dword [eax], 0xaaccee22 add eax, 4 jmp ebx line95_2: popf popad nop jmp long line96 Enables all sorts of replicable software line95_1: mov eax, [esp] nop nop security exploits xor eax, eax xor ecx, ecx xor edx, edx mov cl, 0xe9 mov byte [eax], cl xor edx, 0 mov ecx, 0x00000057 mov dword [eax+1], ecx ret

  7. line46_1: mov ecx, [esp] nop nop mov dl, 0xe9 test edx, edx mov byte [ecx], dl xor eax, 0 Unpredictable Code Evolution mov edx, 0x00000067 mov dword [ecx+1], edx ret line95: pushad pushf call line95_1 db 7 db 3 Dynamic Code Dynamic Data dd 838225172 db 2 dd 4211932376 db 4 dd 2520091426 db 3 dd 946381070 db 2 dd 3318121790 db 2 Code evolution across time dd 1375432265 db 1 dd -1 mov ebx, 92 add eax, ebx mov ebx, eax sub dword [eax], 0xe82c334d Functionality evolution across location add eax, 4 add dword [eax], 0xa1723594 add eax, 4 xor dword [eax], 0xb1c21343 add eax, 4 sub dword [eax], 0x111111ee Self contained autonomous code add eax, 4 add dword [eax], 0xaaccee22 add eax, 4 jmp ebx line95_2: popf popad Unpredictable nop jmp long line96 line95_1: mov eax, [esp] nop nop Self aware xor eax, eax xor ecx, ecx xor edx, edx mov cl, 0xe9 mov byte [eax], cl xor edx, 0 mov ecx, 0x00000057 mov dword [eax+1], ecx ret

  8. line46_1: mov ecx, [esp] nop nop mov dl, 0xe9 test edx, edx mov byte [ecx], dl Code Evolution xor eax, 0 mov edx, 0x00000067 mov dword [ecx+1], edx ret line95: pushad pushf call line95_1 Resisting Reverse Engineering db 7 db 3 dd 838225172 db 2 dd 4211932376 db 4 dd 2520091426 db 3 dd 946381070 db 2 dd 3318121790 Locate the Code db 2 dd 1375432265 db 1 dd -1 not locatable mov ebx, 92 add eax, ebx mov ebx, eax Remote Execution sub dword [eax], 0xe82c334d add eax, 4 add dword [eax], 0xa1723594 add eax, 4 xor dword [eax], 0xb1c21343 add eax, 4 Analyze the Code sub dword [eax], 0x111111ee add eax, 4 add dword [eax], 0xaaccee22 add eax, 4 Sho ru Lifetime jmp ebx line95_2: popf Flux Mutation popad nop jmp long line96 line95_1: mov eax, [esp] Break the Code nop nop Unbreakable xor eax, eax xor ecx, ecx Self aware xor edx, edx mov cl, 0xe9 mov byte [eax], cl xor edx, 0 mov ecx, 0x00000057 mov dword [eax+1], ecx ret

  9. line46_1: mov ecx, [esp] nop nop mov dl, 0xe9 test edx, edx mov byte [ecx], dl The Remote Metamorphic Engine xor eax, 0 mov edx, 0x00000067 mov dword [ecx+1], edx ret line95: pushad pushf call line95_1 Remote Flux Mutation db 7 db 3 dd 838225172 db 2 dd 4211932376 db 4 dd 2520091426 db 3 dd 946381070 db 2 dd 3318121790 db 2 Tru su ed Zone Untru su ed Zone dd 1375432265 db 1 dd -1 mov ebx, 92 add eax, ebx mov ebx, eax sub dword [eax], 0xe82c334d add eax, 4 add dword [eax], 0xa1723594 add eax, 4 xor dword [eax], 0xb1c21343 Remote Mutation Thread/Process add eax, 4 sub dword [eax], 0x111111ee add eax, 4 add dword [eax], 0xaaccee22 add eax, 4 jmp ebx Mutation Engine Morphed Code Execution line95_2: popf popad nop jmp long line96 line95_1: mov eax, [esp] nop nop xor eax, eax Challenge xor ecx, ecx Response xor edx, edx mov cl, 0xe9 mov byte [eax], cl xor edx, 0 mov ecx, 0x00000057 mov dword [eax+1], ecx ret

  10. line46_1: mov ecx, [esp] nop nop mov dl, 0xe9 test edx, edx The Remote Metamorphic Engine mov byte [ecx], dl xor eax, 0 mov edx, 0x00000067 mov dword [ecx+1], edx ret line95: pushad pushf Challenge Response Metamorphic Protocol call line95_1 db 7 db 3 dd 838225172 db 2 dd 4211932376 db 4 dd 2520091426 db 3 dd 946381070 db 2 Tru su ed Zone Untru su ed Zone dd 3318121790 db 2 dd 1375432265 Challenge db 1 dd -1 mov ebx, 92 add eax, ebx mov ebx, eax sub dword [eax], 0xe82c334d 4 bytes size Code add eax, 4 add dword [eax], 0xa1723594 add eax, 4 xor dword [eax], 0xb1c21343 Remote Mutation Thread/Process add eax, 4 sub dword [eax], 0x111111ee add eax, 4 Clock Synced add dword [eax], 0xaaccee22 add eax, 4 Mutation Engine jmp ebx Morphed Code Execution line95_2: popf Response popad nop jmp long line96 line95_1: mov eax, [esp] nop nop xor eax, eax xor ecx, ecx xor edx, edx Communication protocol made of morphed clock mov cl, 0xe9 mov byte [eax], cl xor edx, 0 synchronized machine code rather than data mov ecx, 0x00000057 mov dword [eax+1], ecx ret

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Remote controlled tractor TECHNICAL with attachments SPECIFICATIONS LV300 Green Climber: REMOTE

Remote controlled tractor TECHNICAL with attachments SPECIFICATIONS LV300 Green Climber: REMOTE

Remote controlled tractor TECHNICAL with attachments SPECIFICATIONS LV300 Green Climber: REMOTE CONTROLLED TRACTOR WITH FLAIL Capable of working on 60 slopes Extendable tracks Side-shifting of attachment Engine: EPA - TIER 4 final

219 views • 5 slides
Engineering Geology Metamorphic Rocks Hussien Al - deeky 1 Engineering Geology Definition

Engineering Geology Metamorphic Rocks Hussien Al - deeky 1 Engineering Geology Definition

Engineering Geology Metamorphic Rocks Hussien Al - deeky 1 Engineering Geology Definition Metamorphic rock is the result of the transformation of an existing rock type, the protolith ( parent rock ) , in a process called metamorphism, which means

804 views • 23 slides
Whats New in Alibabas X-DB SQL Engine Min Qiu, Alibaba Group Santa Clara, California |

Whats New in Alibabas X-DB SQL Engine Min Qiu, Alibaba Group Santa Clara, California |

Whats New in Alibabas X-DB SQL Engine Min Qiu, Alibaba Group Santa Clara, California | April 23th 25th, 2018 Agenda Introduction to X-DB Features in X-DB SQL Engine Query Plan Cache Remote Execution Distributed SQL

727 views • 34 slides
Remote Vehicle Interface (RVI) Remote Vehicle Interface (RVI) Travis Johnson Ben Moon 1

Remote Vehicle Interface (RVI) Remote Vehicle Interface (RVI) Travis Johnson Ben Moon 1

Remote Vehicle Interface (RVI) Remote Vehicle Interface (RVI) Travis Johnson Ben Moon 1 Project Goals Project Goals Interface with vehicle using phone or WWW Start / Kill engine Lock / Unlock doors Pop trunk Must provide

396 views • 20 slides
Metamorphic Rocks Basement of Parashant Geological Adventures at Parashant Lesson 4

Metamorphic Rocks Basement of Parashant Geological Adventures at Parashant Lesson 4

Metamorphic Rocks Basement of Parashant Geological Adventures at Parashant Lesson 4 Objectives Metamorphism changes one kind of rock into another kind of rock. Several ways that heat and pressure change rocks. Metamorphic

277 views • 16 slides
RUXCON Courtesy of google images Metamorphic template with

RUXCON Courtesy of google images Metamorphic template with

Oct, 2016 Senior Malware Scientist ,Trend Micro spark@trendmicro.com RUXCON Courtesy of google images Metamorphic template with parameters #1 Original Code

701 views • 43 slides
Search Engine Optimization What is Search Engine Optimization Search Engine Optimization is the

Search Engine Optimization What is Search Engine Optimization Search Engine Optimization is the

Search Engine Optimization What is Search Engine Optimization Search Engine Optimization is the process of improving the visibility of a website on organic ("natural" or un-paid) search engine result pages (SERPs), by incorporating

1.54k views • 35 slides
Metamorphic rocks What is metamorphism? Process by which a rock in a solid state experiences a

Metamorphic rocks What is metamorphism? Process by which a rock in a solid state experiences a

FUNDAMENTALS OF EARTH SCIENCE I FALL SEMESTER 2018 Metamorphic rocks What is metamorphism? Process by which a rock in a solid state experiences a transformation of one or a combination of the following characteristics: Chemical

557 views • 31 slides
MetaCAPTCHA: A Metamorphic Throttling Service for the Web Akshay Dua, Thai Bui, Tien Le, Nhan

MetaCAPTCHA: A Metamorphic Throttling Service for the Web Akshay Dua, Thai Bui, Tien Le, Nhan

Introduction System Architecture Evaluations References MetaCAPTCHA: A Metamorphic Throttling Service for the Web Akshay Dua, Thai Bui, Tien Le, Nhan Huynh, Wu-chang Feng { akshay, buithai, letien, nhhuyng, wuchang } @cs.pdx.edu Portland

913 views • 57 slides
A Revisit of the Integration of Metamorphic Testing and Test Suite Based Automated Program

A Revisit of the Integration of Metamorphic Testing and Test Suite Based Automated Program

A Revisit of the Integration of Metamorphic Testing and Test Suite Based Automated Program Repair Mingyue Jiang 1,2, Tsong Yueh Chen 2, Fei-Ching Kuo 2, Zuohua Ding 1, Eun-Hye Choi 3, Osamu Mizuno 4 1 Zhejiang Sci-Tech University,

465 views • 19 slides
Quantitative Texture Analysis of shells, Palm Canyon mylonites, natural ice, metamorphic

Quantitative Texture Analysis of shells, Palm Canyon mylonites, natural ice, metamorphic

Quantitative Texture Analysis of shells, Palm Canyon mylonites, natural ice, metamorphic amphibolites and SCT-microquartz D. Chateigner - Laboratoire de Cristallographie et Sciences des Matriaux (CRISMAT) - Ecole Nationale Suprieure

943 views • 49 slides
RESEARCH TOPICS Metamorphic testing OVERVIEW Fuzz testing Regression testing:

RESEARCH TOPICS Metamorphic testing OVERVIEW Fuzz testing Regression testing:

3/31/17 TOPICS 2 RESEARCH TOPICS Metamorphic testing OVERVIEW Fuzz testing Regression testing: selection, prioritization T est input generation CS580A5 SPRING 2017 Fault localization SUDIPTO GHOSH Automatic program

276 views • 3 slides
Search Engine Research and Color, Design, and Usability CS 115 Computing for the Socio-Techno Web

Search Engine Research and Color, Design, and Usability CS 115 Computing for the Socio-Techno Web

Search Engine Research and Color, Design, and Usability CS 115 Computing for the Socio-Techno Web Instructor: Brian Brubach Announcements Remote project milestone 2 meetings tomorrow Reading for guest speaker on Tuesday Assignment 4

783 views • 31 slides
Remote Access Plus Enterprise Remote Access Sofuware - Product Overview Covers all your

Remote Access Plus Enterprise Remote Access Sofuware - Product Overview Covers all your

Remote Access Plus Enterprise Remote Access Sofuware - Product Overview Covers all your troubleshooting needs ! On Premises Available on cloud Feature Highlights Advanced remote desktop sharing Voice, video and text chat Remote

222 views • 11 slides
Automated Test Data Generation on the Analyses of Feature Models A Metamorphic Testing Approach

Automated Test Data Generation on the Analyses of Feature Models A Metamorphic Testing Approach

Automated Test Data Generation on the Analyses of Feature Models A Metamorphic Testing Approach Sergio Segura 1 , Robert M. Hierons 2 , David Benavides 1 and Antonio Ruiz-Corts 1 1 Department of Computer Languages and Systems, Univesity of

330 views • 28 slides
Reducing Remote Read Footprint Bartek Plotka @bwplotka Getting samples from TSDB /api/v1/query

Reducing Remote Read Footprint Bartek Plotka @bwplotka Getting samples from TSDB /api/v1/query

Reducing Remote Read Footprint Bartek Plotka @bwplotka Getting samples from TSDB /api/v1/query /api/v1/query_range Prometheus PromQL Engine Select() Select() /read Queryable Interface TSDB @bwplotka Remote Read: Response /read

418 views • 13 slides
StreamIt: A Language for Streaming Applications William Thies, Michal Karczmarek, Michael

StreamIt: A Language for Streaming Applications William Thies, Michal Karczmarek, Michael

StreamIt: A Language for Streaming Applications William Thies, Michal Karczmarek, Michael Gordon, David Maze, Jasper Lin, Ali Meli, Andrew Lamb, Chris Leger and Saman Amarasinghe MIT Laboratory for Computer Science New England Programming

1.32k views • 86 slides
Synthesizing Normalized Faces from Facial Identity Features Forrester Cole, David Belanger,

Synthesizing Normalized Faces from Facial Identity Features Forrester Cole, David Belanger,

Synthesizing Normalized Faces from Facial Identity Features Forrester Cole, David Belanger, Dilip Krishnan, Aaron Sarna, Inbar Mosseri, William T. Freeman, Google, Inc. University of Massachusetts Amherst, MIT CSAIL CVPR 2017 Presented by:

462 views • 30 slides
iOS Animation with Swift Part 9: Shape and Mask Animations CAShapeLayer Animatable Properties

iOS Animation with Swift Part 9: Shape and Mask Animations CAShapeLayer Animatable Properties

iOS Animation with Swift Part 9: Shape and Mask Animations CAShapeLayer Animatable Properties strokeColor path lineWidth fi llColor strokeStart strokeEnd Demo: Shape morphing Masks Demo: Mask morphing Challenge Time!

1.31k views • 8 slides
Image Based Rendering Hua Zhong 2004/11 Render from images Image Morphing (has nothing to do

Image Based Rendering Hua Zhong 2004/11 Render from images Image Morphing (has nothing to do

Image Based Rendering Hua Zhong 2004/11 Render from images Image Morphing (has nothing to do with the real physical world) View Morphing Panorama Even in your roller coaster project: Your world is a box with texture! *View

444 views • 17 slides
Object-Oriented GUIs Andrew P . Black 1 Object-Oriented GUIs In the beginning, there was

Object-Oriented GUIs Andrew P . Black 1 Object-Oriented GUIs In the beginning, there was

Object-Oriented GUIs Andrew P . Black 1 Object-Oriented GUIs In the beginning, there was Chaos And then, there was MVC Model View Controller 2 ModelViewController The key idea is to separate the application logic

761 views • 10 slides
Global Instruction Selection A Proposal Quentin Colombet Apple What Is Instruction Selection?

Global Instruction Selection A Proposal Quentin Colombet Apple What Is Instruction Selection?

Global Instruction Selection A Proposal Quentin Colombet Apple What Is Instruction Selection? Translation from target independent intermediate representation (IR) to target specific IR. LLVM IR -> MachineInstr 2 SelectionDAG (SD) ISel

1.35k views • 82 slides
Interactive multimedia news presentation on very low bitrates Igor S. Pandi Department of

Interactive multimedia news presentation on very low bitrates Igor S. Pandi Department of

Zavod za telekom Interactive multimedia news presentation on very low bitrates Igor S. Pandi Department of telecommunications Faculty of electrical engineering and computing University of Zagreb, Croatia www.tel.fer.hr Objectives Zavod

642 views • 19 slides
Executive Summary SMC is an engineering consulting firm focused on modeling, simulation, &

Executive Summary SMC is an engineering consulting firm focused on modeling, simulation, &

2/18/2011 Advan dvance ced Modelin d Modeling, g, g, Simula g, Simulati tion on, and , and Desi Design g Design and Fabrication of High Performance Metallic and Composite Aerospace Structures Tomoya T. Ochinero, Ph.D.

115 views • 8 slides

More recommend