YoVDO

HARES - Hardened Anti Reverse Engineering System

Offered By: SyScan360 via YouTube

Tags

SyScan360 Courses Cybersecurity Courses Reverse Engineering Courses Windows Kernel Courses

Course Description

Overview

Explore the Hardened Anti Reverse Engineering System (HARES) in this 38-minute conference talk from SyScan'15 Singapore. Dive into the intricacies of TLB splitting, TLDB L2 cache, and program verification. Examine the implementation of HARES through kernel drivers and the Windows kernel. Analyze test cases, including randomized sort and software compatibility. Discover the system's limitations, security benefits, and potential weaknesses. Learn about engineering challenges, mixed code data, and nonpage pool considerations. Investigate heuristics on AV and unintended use cases. Gain valuable insights into advanced anti-reverse engineering techniques and their implications for software security.

Syllabus

Intro
What is HARES
Off the Station
Background
TLB Splitting
TLDB L2 Cache
Program Verification
Kernel Driver
Windows Kernel
TLB Split
Test Cases
Randomized Sort
Software Compatibility
Calculator
Limitations
Demonstration
Engineering Challenges
Mixed Code Data
NonPage Pool
Security Benefits
Security Weaknesses
How do we get past
Unintended use cases
Heuristics on AV
Conclusion


Taught by

SyScan360

Related Courses

Remote Code Execution via Java Native Deserialization
SyScan360 via YouTube
SyScan360'16 Singapore - Memory Corruption Is For Wussies
SyScan360 via YouTube
Virtualization System Vulnerability Discovery Technology
SyScan360 via YouTube
OSX El Capitan - Sinking The Ship
SyScan360 via YouTube
SyScan360'16 Singapore - Key Value Injections Here
SyScan360 via YouTube