Version alpha

lecture: PreVice: Static Detection of Hooking Capabilities in Machine Code

Event large

In the future, static analysis catches hookers before they have a chance to act.

We present PreVice, a static analyzer that very quickly detects a variety of hooking capabilities--including Detours, import, and syscall hooking--in x86 and x64 Windows PEs. We discuss the inner workings of the static analyzer in theory and practice, and then we delve into some of the interesting things we found during a scan of many, many millions of files.


Day: 2018-06-15
Start time: 16:00
Duration: 01:00
Room: Grand salon
Track: Software Reverse Engineering


Concurrent Events