Explore the innovative Xori disassembler for malware analysis triage in this Black Hat conference talk. Discover how Xori addresses limitations of traditional open-source disassemblers, learn techniques for identifying suspicious functionality, and examine interesting applications of the library. Gain insights into light emulation, PE parsing, memory management, load library analysis, code vs. data differentiation, queue and loop tracking, signature analysis, and performance optimization. Understand the potential of Xori as a valuable tool in the ongoing cybersecurity arms race and learn how to contribute to its development.
Finding Xori - Malware Analysis Triage with Automated Disassembly
Overview
Syllabus
Introduction
Light Emulation
PE Parser
Memory Manager
Load Library A
Code vs Data
Queue
Loop Tracking
Signatures
Speed
Taught by
Black Hat
