Binary-code obfuscations in prevalent packer tools
The first steps in analyzing defensive malware are understanding what obfuscations are
present in real-world malware binaries, how these obfuscations hinder analysis, and how …
present in real-world malware binaries, how these obfuscations hinder analysis, and how …
From hack to elaborate technique—a survey on binary rewriting
M Wenzl, G Merzdovnik, J Ullrich… - ACM Computing Surveys …, 2019 - dl.acm.org
Binary rewriting is changing the semantics of a program without having the source code at
hand. It is used for diverse purposes, such as emulation (eg, QEMU), optimization (eg …
hand. It is used for diverse purposes, such as emulation (eg, QEMU), optimization (eg …
Introduction to runtime verification
The aim of this chapter is to act as a primer for those wanting to learn about Runtime
Verification (RV). We start by providing an overview of the main specification languages …
Verification (RV). We start by providing an overview of the main specification languages …
Control flow and code integrity for COTS binaries: An effective defense against real-world ROP attacks
Despite decades of sustained effort, memory corruption attacks continue to be one of the
most serious security threats faced today. They are highly sought after by attackers, as they …
most serious security threats faced today. They are highly sought after by attackers, as they …
Droidchameleon: evaluating android anti-malware against transformation attacks
Mobile malware threats have recently become a real concern. In this paper, we evaluate the
state-of-the-art commercial mobile antimalware products for Android and test how resistant …
state-of-the-art commercial mobile antimalware products for Android and test how resistant …
Smashing the gadgets: Hindering return-oriented programming using in-place code randomization
V Pappas, M Polychronakis… - 2012 IEEE Symposium …, 2012 - ieeexplore.ieee.org
The wide adoption of non-executable page protections in recent versions of popular
operating systems has given rise to attacks that employ return-oriented programming (ROP) …
operating systems has given rise to attacks that employ return-oriented programming (ROP) …
Hybrid analysis and control of malware
Malware attacks necessitate extensive forensic analysis efforts that are manual-labor
intensive because of the analysis-resistance techniques that malware authors employ. The …
intensive because of the analysis-resistance techniques that malware authors employ. The …
Renovo: A hidden code extractor for packed executables
As reverse engineering becomes a prevalent technique to analyze malware, malware
writers leverage various anti-reverse engineering techniques to hide their code. One …
writers leverage various anti-reverse engineering techniques to hide their code. One …
[PDF][PDF] Superset Disassembly: Statically Rewriting x86 Binaries Without Heuristics.
Static binary rewriting is a core technology for many systems and security applications,
including profiling, optimization, and software fault isolation. While many static binary …
including profiling, optimization, and software fault isolation. While many static binary …
Anywhere, any-time binary instrumentation
AR Bernat, BP Miller - Proceedings of the 10th ACM SIGPLAN-SIGSOFT …, 2011 - dl.acm.org
The Dyninst binary instrumentation and analysis framework distinguishes itself from other
binary instrumentation tools through its abstract, machine independent interface; its …
binary instrumentation tools through its abstract, machine independent interface; its …