Scheduled on: June 17 at 16:00
Miasm is a reverse engineering framework created in 2006 and first published in 2011 (https://github.com/cea-sec/miasm). Since then, it has been continuously improved through a daily use.
We now considered it mature enough to introduce it to the RE community in an international conference.
After a quick overview of the features, the talk will detail some of them,based on real life examples. This includes:
- static dependency tracking with path sensitivity
- symbolic / concolic execution, for deobfuscation, assisted VM mnemonic recovery, semantic ROP gadget, links with SAT solving, …
- multi-arch emulation and JiTted sandboxing, for Windows/Unix/firmware environment emulation, shellcode analysis, unpacking, …
- type propagation, and bricks for decompilation
- code regeneration, for deobfuscation, binary hardenning and transcompilation
- function identification, behavior based, in a separate tool Sibyl( https://github.com/cea-sec/Sibyl)
- IDA integration
The examples will go from ExploitKit’s shellcode to Equation Group samples.