发布求助
文献互助 智能选刊 最新文献

Proceedings of the 3rd Reversing and Offensive-oriented Trends Symposium最新文献

筛选
英文 中文
RevEngE is a dish served cold: Debug-Oriented Malware Decompilation and Reassembly 报复是一盘冷菜:面向调试的恶意软件反编译和重组
Proceedings of the 3rd Reversing and Offensive-oriented Trends Symposium Pub Date : 2019-11-28 DOI: 10.1145/3375894.3375895
Marcus Botacin, Lucas Galante, P. De Geus, A. Grégio
{"title":"RevEngE is a dish served cold: Debug-Oriented Malware Decompilation and Reassembly","authors":"Marcus Botacin, Lucas Galante, P. De Geus, A. Grégio","doi":"10.1145/3375894.3375895","DOIUrl":"https://doi.org/10.1145/3375894.3375895","url":null,"abstract":"Malware analysis is key for cybersecurity overall improvement. Analysis tools have been evolving from complete static analyzers to decompilers. Malware decompilation allows for code inspection at higher abstraction levels, easing incident response. However, the decompilation procedure has many challenges, such as opaque constructions, irreversible mappings, semantic gap bridging, among others. In this paper, we propose a new approach that leverages the human analyst expertise to overcome decompilation challenges. We name this approach \"DoD---debug-oriented decompilation\", in which the analyst is able to reverse engineer the malware sample on his own and to instruct the decompiler to translate selected code portions (e.g., decision branches, fingerprinting functions, payloads etc.) into high level code. With DoD, the analyst might group all decompiled pieces into new code to be analyzed by other tool, or to develop a novel malware sample from previous pieces of code and thus exercise a Proof-of-Concept (PoC). To validate our approach, we propose RevEngE, the Reverse Engineering Engine for malware decompilation and reassembly, a set of GDB extensions that intercept and introspect into executed functions to build an Intermediate Representation (IR) in real-time, enabling any-time decompilation. We evaluate RevEngE with x86 ELF binaries collected from VirusShare, and show that a new malware sample created from the decompilation of independent functions of five known malware samples is considered \"clean\" by all VirusTotal's AVs.","PeriodicalId":288970,"journal":{"name":"Proceedings of the 3rd Reversing and Offensive-oriented Trends Symposium","volume":"74 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-11-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123859268","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Harzer Roller: Linker-Based Instrumentation for Enhanced Embedded Security Testing 哈泽辊:用于增强嵌入式安全测试的基于连接器的仪器
Proceedings of the 3rd Reversing and Offensive-oriented Trends Symposium Pub Date : 2019-11-28 DOI: 10.1145/3375894.3375897
Katharina Bogad, Manuel Huber
{"title":"Harzer Roller: Linker-Based Instrumentation for Enhanced Embedded Security Testing","authors":"Katharina Bogad, Manuel Huber","doi":"10.1145/3375894.3375897","DOIUrl":"https://doi.org/10.1145/3375894.3375897","url":null,"abstract":"Due to the rise of the Internet of Things, there are many new chips and platforms available for hobbyists and industry alike to build smart devices. The SDKs for these new platforms usually include closed-source binaries containing wireless protocol implementations, cryptographic implementations, or other library functions, which are shared among all user code across the platform. Leveraging such a library vulnerability has a high impact on a given platform. However, as these platforms are often shipped ready-to-use, classic debug infrastructure like JTAG is often times not available. In this paper, we present a method, called Harzer Roller, to enhance embedded firmware security testing on resource-constrained devices. With the Harzer Roller, we hook instrumentation code into function call and return. The hooking not only applies to the user application code but to the SDK used to build firmware as well. While we keep the design of the Harzer Roller generally architecture independent, we provide an implementation for the ESP8266 Wi-Fi IoT chip based on the xtensa architecture. We show that the Harzer Roller can be leveraged to trace execution flow through libraries without available source code and to detect stack-based buffer-overflows. Additionally, we showcase how the overflow detection can be used to dump debugging information for later analysis. This enables better usage of a variety of software security testing methods like fuzzing of wireless protocol implementations or proof-of-concept attack development.","PeriodicalId":288970,"journal":{"name":"Proceedings of the 3rd Reversing and Offensive-oriented Trends Symposium","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-11-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130042696","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Automatic Modulation Parameter Detection In Practice 实际应用中的自动调制参数检测
Proceedings of the 3rd Reversing and Offensive-oriented Trends Symposium Pub Date : 2019-11-28 DOI: 10.1145/3375894.3375896
Johannes Pohl, A. Noack
{"title":"Automatic Modulation Parameter Detection In Practice","authors":"Johannes Pohl, A. Noack","doi":"10.1145/3375894.3375896","DOIUrl":"https://doi.org/10.1145/3375894.3375896","url":null,"abstract":"Internet of Things (IoT) devices have to be small and energy efficient so that resources for security mechanisms tend to be limited. Due to the lack of open source or license free standards, device manufacturers often use proprietary protocols. Software Defined Radios (SDR) provide a generic way to investigate wireless protocols because they operate on nearly arbitrary frequencies, but they output sine waves that have to be demodulated. This demodulation process slows down security investigations because it forces researchers to start on the physical layer while the real reverse-engineering is performed on the logical layer. We contribute an auto-detection system that estimates all demodulation parameters of a wireless signal and, additionally, explicitly returns all these parameters so that they can be fine-tuned afterwards. This allows security researchers to skip the physical layer and work with the bits and bytes instead of sine waves. The contributed system is evaluated with both simulated signals and ten real-world signals captured from various IoT devices with SDRs. Furthermore, we show how parameters can be estimated during recording time and evaluate this technique by attacking an AES secured wireless door lock. Our solution is available as part of the open source software Universal Radio Hacker and follows the ergonomic philosophy of the main application.","PeriodicalId":288970,"journal":{"name":"Proceedings of the 3rd Reversing and Offensive-oriented Trends Symposium","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-11-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122398925","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Shallow Security: on the Creation of Adversarial Variants to Evade Machine Learning-Based Malware Detectors 浅安全:关于创建对抗性变体以逃避基于机器学习的恶意软件检测器
Proceedings of the 3rd Reversing and Offensive-oriented Trends Symposium Pub Date : 2019-11-28 DOI: 10.1145/3375894.3375898
Fabrício Ceschin, Marcus Botacin, Heitor Murilo Gomes, Luiz Oliveira, A. Grégio
{"title":"Shallow Security: on the Creation of Adversarial Variants to Evade Machine Learning-Based Malware Detectors","authors":"Fabrício Ceschin, Marcus Botacin, Heitor Murilo Gomes, Luiz Oliveira, A. Grégio","doi":"10.1145/3375894.3375898","DOIUrl":"https://doi.org/10.1145/3375894.3375898","url":null,"abstract":"The use of Machine Learning (ML) techniques for malware detection has been a trend in the last two decades. More recently, researchers started to investigate adversarial approaches to bypass these ML-based malware detectors. Adversarial attacks became so popular that a large Internet company has launched a public challenge to encourage researchers to bypass their (three) ML-based static malware detectors. Our research group teamed to participate in this challenge in August/2019, accomplishing the bypass of all 150 tests proposed by the company. To do so, we implemented an automatic exploitation method which moves the original malware binary sections to resources and includes new chunks of data to it to create adversarial samples that not only bypassed their ML detectors, but also real AV engines as well (with a lower detection rate than the original samples). In this paper, we detail our methodological approach to overcome the challenge and report our findings. With these results, we expect to contribute with the community and provide better understanding on ML-based detectors weaknesses. We also pinpoint future research directions toward the development of more robust malware detectors against adversarial machine learning.","PeriodicalId":288970,"journal":{"name":"Proceedings of the 3rd Reversing and Offensive-oriented Trends Symposium","volume":"46 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-11-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126164461","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 32
Proceedings of the 3rd Reversing and Offensive-oriented Trends Symposium 第三届逆向与进攻性趋势研讨会论文集
Proceedings of the 3rd Reversing and Offensive-oriented Trends Symposium Pub Date : 1900-01-01 DOI: 10.1145/3375894
{"title":"Proceedings of the 3rd Reversing and Offensive-oriented Trends Symposium","authors":"","doi":"10.1145/3375894","DOIUrl":"https://doi.org/10.1145/3375894","url":null,"abstract":"","PeriodicalId":288970,"journal":{"name":"Proceedings of the 3rd Reversing and Offensive-oriented Trends Symposium","volume":"204 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131221788","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信