PyREBox - Making Dynamic Instrumentation Great Again

Explore PyREBox, an open-source reverse engineering tool that combines QEMU emulation with Virtual Machine Introspection in this conference talk from Hack In The Box Security Conference. Discover how PyREBox allows inspection and modification of running QEMU VMs using Python scripts, without requiring guest OS modifications. Learn about its applications in malware analysis, including process debugging, API call tracing, code coverage analysis, and unpacking. Gain insights into PyREBox's internal workings, its comparison to other tools, and challenges in implementing Python-based fine-grained instrumentation. See demonstrations of PyREBox's capabilities for malware analysis, featuring newly released open-source scripts for PyREBox and IDA Pro.