YoVDO

Cryptographic Function Detection in Obfuscated Binaries via Bit-Precise Symbolic Loop Mapping

Offered By: IEEE via YouTube

Tags

Cryptography Courses Cybersecurity Courses Reverse Engineering Courses Malware Analysis Courses Encryption Courses Decryption Courses

Course Description

Overview

Explore a 24-minute IEEE conference talk on detecting cryptographic functions in obfuscated binaries using bit-precise symbolic loop mapping. Delve into the challenges of identifying crypto functions in malware and learn about a novel technique that captures algorithm semantics through bit-precise symbolic execution. Discover how this approach, implemented in the CryptoHunt prototype, effectively detects common cryptographic functions like TEA, AES, RC4, MD5, and RSA under various obfuscation schemes. Gain insights into the importance of crypto function detection for malware defense and forensics, and understand the limitations of existing methods when dealing with obfuscated binaries.

Syllabus

Intro
Cryptographic Function • Encryption and decryption procedure
Crypto Functions in Malware
Why Detect Crypto Functions? • Provide a starting point for reverse engineering
Crypto Function Attributes
Existing Detection Methods
Challenges
Our Method
Overview * Equivalence check on loop bodies in the
Loop Detection
Bit Symbolic Execution
Equivalence Checking • Replace the mapped input variables with new
Evaluation
Summary


Taught by

IEEE Symposium on Security and Privacy

Tags

Related Courses

Applied Cryptography
University of Virginia via Udacity Cryptography II
Stanford University via Coursera Coding the Matrix: Linear Algebra through Computer Science Applications
Brown University via Coursera Cryptography I
Stanford University via Coursera Unpredictable? Randomness, Chance and Free Will
National University of Singapore via Coursera