YoVDO

GRAP - Define and Match Graph Patterns Within Binaries

Offered By: Recon Conference via YouTube

Tags

REcon Conference Courses Cybersecurity Courses Reverse Engineering Courses Malware Analysis Courses Algorithms Courses Binary Analysis Courses

Course Description

Overview

Explore a powerful tool for malware analysis and binary code pattern matching in this conference talk from Recon 2017 Brussels. Learn about GRAP, a YARA-like detection tool that matches user-defined graph patterns against Control Flow Graphs (CFGs) of disassembled binary code. Discover how GRAP utilizes Capstone-based disassembly to generate CFGs and employs a simplified subgraph isomorphism algorithm for quick pattern matching. Gain insights into practical applications, including detecting generic patterns like loops and creating signatures for malware variants. Explore the IDA plugin that enables direct detection and browsing of matches within the GUI. Delve into the tool's Python bindings for creating scripts and extracting valuable information from matched instructions. Follow along as the speakers demonstrate real-world use cases, from command-line pattern detection to malware pattern creation and information extraction. Benefit from the expertise of Aurelien Thierry, a reverse engineer and forensics analyst at Airbus Defence & Space - CyberSecurity, and Jonathan Thieuleux, a junior malware analyst at Stormshield, as they share their knowledge on this open-source tool designed to enhance malware analysis capabilities.

Syllabus

Recon 2017 Brussels - GRAP: define and match graph patterns within binaries


Taught by

Recon Conference

Related Courses

Information Theory
The Chinese University of Hong Kong via Coursera
Intro to Computer Science
University of Virginia via Udacity
Analytic Combinatorics, Part I
Princeton University via Coursera
Algorithms, Part I
Princeton University via Coursera
Divide and Conquer, Sorting and Searching, and Randomized Algorithms
Stanford University via Coursera