Reverse Engineering Windows Defender's JavaScript Engine

Dive into a comprehensive reverse engineering analysis of Windows Defender's JavaScript engine in this conference talk from Recon 2018 Brussels. Explore the intricacies of the MpEngine.dll, focusing on the approximately 1,200 functions that make up Defender's proprietary JavaScript engine used for analyzing potentially malicious JS code. Learn about the engine's inner workings, including types, memory management, JS/ECMAScript features, and integration with Defender's antivirus system. Discover techniques for building tooling to interact with the engine, identifying non-security JS runtime bugs, and implementing anti-analysis tricks for malicious scripts. Gain insights into the engine's attack surface for exploitation and consider potential vulnerabilities within the remaining 98% of this enormous binary. Presented by Alexei Bulazel, a security researcher with River Loop Security and RPISEC member, this talk offers valuable knowledge for those interested in reverse engineering and security analysis of complex software systems.

Recon 2018 Brussels - Reverse Engineering Windows Defender’s JavaScript Engine