By: Fabrice Desclaux, Camille Mougey

Scheduled on: June 17 at 16:00

Miasm is a reverse engineering framework created in 2006 and first published in 2011 (https://github.com/cea-sec/miasm). Since then, it has been continuously improved through a daily use.

We now considered it mature enough to introduce it to the RE community in an international conference.

After a quick overview of the features, the talk will detail some of them,based on real life examples. This includes:

  • static dependency tracking with path sensitivity
  • symbolic / concolic execution, for deobfuscation, assisted VM mnemonic recovery, semantic ROP gadget, links with SAT solving, …
  • multi-arch emulation and JiTted sandboxing, for Windows/Unix/firmware environment emulation, shellcode analysis, unpacking, …
  • type propagation, and bricks for decompilation
  • code regeneration, for deobfuscation, binary hardenning and transcompilation
  • function identification, behavior based, in a separate tool Sibyl( https://github.com/cea-sec/Sibyl)
  • IDA integration

The examples will go from ExploitKit’s shellcode to Equation Group samples.