Overview
Explore the Miasm reverse engineering framework in this 50-minute Black Hat conference talk. Delve into the framework's fundamentals, covering disassembly, assembly code, and ARM architecture. Examine symbolic execution challenges and virtual machine protection techniques. Learn about code emulation, shellcode analysis, and function stubbing. Discover different emulation levels and syscall stubbing. Gain insights into DSE/concolic execution for advanced reverse engineering tasks. Presented by Camille Mougey and Fabrice Desclaux, this talk equips security professionals with powerful tools for malware analysis and reverse engineering.
Syllabus
Intro
Disassembler
Assembly code
Same code from ARM
Symbolic execution: known issues
Virtual Machine (VM) protection
VM protection attack
First mnemonic
Reduction example
Mnemonics
String decryption
Code emulation
Implementation
Shellcode output
Shellcode analysis
Function stubs
Different level of emulation
Syscall: stub example
DSE / concolic execution
Taught by
Black Hat