YoVDO

GRAP - Define and Match Graph Patterns Within Binaries

Offered By: Recon Conference via YouTube

Tags

REcon Conference Courses Cybersecurity Courses Reverse Engineering Courses Malware Analysis Courses Algorithms Courses Binary Analysis Courses

Course Description

Overview

Explore a powerful tool for malware analysis and binary code pattern matching in this conference talk from Recon 2017 Brussels. Learn about GRAP, a YARA-like detection tool that matches user-defined graph patterns against Control Flow Graphs (CFGs) of disassembled binary code. Discover how GRAP utilizes Capstone-based disassembly to generate CFGs and employs a simplified subgraph isomorphism algorithm for quick pattern matching. Gain insights into practical applications, including detecting generic patterns like loops and creating signatures for malware variants. Explore the IDA plugin that enables direct detection and browsing of matches within the GUI. Delve into the tool's Python bindings for creating scripts and extracting valuable information from matched instructions. Follow along as the speakers demonstrate real-world use cases, from command-line pattern detection to malware pattern creation and information extraction. Benefit from the expertise of Aurelien Thierry, a reverse engineer and forensics analyst at Airbus Defence & Space - CyberSecurity, and Jonathan Thieuleux, a junior malware analyst at Stormshield, as they share their knowledge on this open-source tool designed to enhance malware analysis capabilities.

Syllabus

Recon 2017 Brussels - GRAP: define and match graph patterns within binaries


Taught by

Recon Conference

Related Courses

Threat Hunting with Yara
Pluralsight
Reverse Engineering 3201: Symbolic Analysis
OpenSecurityTraining2 via Independent
Firing Rounds at the Analysis Shooting Gallery - CSAW'16 Security Workshop
New York University (NYU) via YouTube
angr: Binary Analysis Framework - Demonstration and Analysis
New York University (NYU) via YouTube
Debin: Predicting Debug Information in Stripped Binaries
Association for Computing Machinery (ACM) via YouTube