Session 2 - 1 - Efficient analysis of malicious bytecode linespeed shellcode detection and fast sandboxing
|
Presentation Abstract Generic shellcode detection at arbitrary bytestream level has been discussed before, this implementation takes it to a performant level where a commodity laptop can do it on 1 Gbit linespeed. The LDT in conjunction with a disassembler engine is used to execute potential malicious bytecode in a secure fashion and thereby identify shellcode. It is explained how the engine works and some real-world shellcode from DefCon CTF, real incidents and Metasploit is briefly analyzed and demo'ed. Get the slides here View the video here |
 pic by Cedric Blancher (CC BY-SA-NC) |
| Attachment | Size |
|---|---|
| HPW2011 - Efficient analysis of malicious bytecode linespeed shellcode detection - Georg Wicherski.pdf | 294.33 KB |
| HPW2011_georg_wicherski.jpg | 134.37 KB |
We are a 501c3 non-profit, all volunteer organization. Consider donating to support our forensic challenges, tools development, and research.