No Symbols When Reversing? No Problem - Bring Your Own Symbols for Binary Analysis

Learn a powerful methodology for efficiently analyzing binaries with unknown functions in this DEF CON 32 conference talk. Discover how to overcome the challenge of reverse engineering files lacking function signatures by creating and utilizing portable symbols, FunctionID, and BSim databases. Master techniques demonstrated through Golang-based qBit malware examples that can be applied to any binary type using Ghidra or other industry tools. Explore practical approaches to significantly reduce analysis time when faced with hundreds or thousands of unidentified functions, making reverse engineering more manageable and effective. Gain insights into scaling this methodology across analyst teams, creating a collaborative environment where shared symbol databases multiply the benefits. Access accompanying resources including scripts, databases, and a comprehensive Golang symbol dataset to immediately implement these techniques in your own reverse engineering practice.