YoVDO

Cryptographic Function Detection in Obfuscated Binaries via Bit-Precise Symbolic Loop Mapping

Offered By: IEEE via YouTube

Tags

Cryptography Courses Cybersecurity Courses Reverse Engineering Courses Malware Analysis Courses Encryption Courses Decryption Courses

Course Description

Overview

Explore a 24-minute IEEE conference talk on detecting cryptographic functions in obfuscated binaries using bit-precise symbolic loop mapping. Delve into the challenges of identifying crypto functions in malware and learn about a novel technique that captures algorithm semantics through bit-precise symbolic execution. Discover how this approach, implemented in the CryptoHunt prototype, effectively detects common cryptographic functions like TEA, AES, RC4, MD5, and RSA under various obfuscation schemes. Gain insights into the importance of crypto function detection for malware defense and forensics, and understand the limitations of existing methods when dealing with obfuscated binaries.

Syllabus

Intro
Cryptographic Function • Encryption and decryption procedure
Crypto Functions in Malware
Why Detect Crypto Functions? • Provide a starting point for reverse engineering
Crypto Function Attributes
Existing Detection Methods
Challenges
Our Method
Overview * Equivalence check on loop bodies in the
Loop Detection
Bit Symbolic Execution
Equivalence Checking • Replace the mapped input variables with new
Evaluation
Summary


Taught by

IEEE Symposium on Security and Privacy

Tags

Related Courses

Encryption And Decryption Using C++
Coursera Project Network via Coursera The Complete Android Ethical Hacking Practical Course C|AEHP
Udemy Introduction to Computer Science and Programming
Tokyo Institute of Technology via edX Python Hacking Complete Beginner to Advanced Course
Udemy Building PowerShell Security Tools in a Windows Environment
Pluralsight