Explore the intricacies of emulating packed Linux malware using the Unicorn Emulator Framework in this 30-minute conference talk from DefCamp 2019. Delve into the world of malware packing, understanding its mechanisms and purposes, while learning about various unpacking tools and techniques. Discover the power of the Unicorn framework for executing binaries and emulating operating system services. Examine real-world examples, including UPX packing, ELF files, and code caves. Gain insights into debugging, malware analysis, and the importance of statically compiled binaries. Conclude with practical Python code examples and engage in a Q&A session to deepen your understanding of this crucial aspect of information security.
Emulating Packed Linux Malware Using the Unicorn Emulator Framework - DefCamp - 2019
Overview
Syllabus
Introduction
Who am I
What is malware packing
How malware packing works
Why people pack malware
Unpacking tools
Using a sandbox
Using kimoon
Overloading the Linux system
What is Unicorn
Executing a binary
Operating system
Loading into memory
Operating System Services
System Write Command
Bindings
Testing
Why reallife applications need more memory
System calls
Examples
Upx
Upx header
No idea
First things first
Unicorn Dump
PackerElf
ElfPacker
Code Cave
Why need a statically compiled binary
A typo
Documentation
MidgetPack
PasswordBased
Cryptography
Debugging
Malware Analysis
Conclusion
Python Code
Questions
Taught by
DefCamp
