Version alpha
lecture: PreVice: Static Detection of Hooking Capabilities in Machine Code
In the future, static analysis catches hookers before they have a chance to act.
We present PreVice, a static analyzer that very quickly detects a variety of hooking capabilities--including Detours, import, and syscall hooking--in x86 and x64 Windows PEs. We discuss the inner workings of the static analyzer in theory and practice, and then we delve into some of the interesting things we found during a scan of many, many millions of files.
Info
Day:
2018-06-15
Start time:
16:00
Duration:
01:00
Room:
Grand salon
Track:
Software Reverse Engineering
Links:
Concurrent Events
Speakers
 |
Andy Wortman |
|
Claudiu Teodorescu |
|
Derek Soeder |