Explore a DBI-based generic unpacker for Windows executables in this 25-minute Black Hat conference talk. Dive into the world of malware obfuscation and packing techniques, and learn how Pindemonium leverages Dynamic Binary Instrumentation (DBI) to combat these threats. Discover how this tool extracts and reconstructs original programs from packed versions, aiding in the analysis of obfuscated binaries. Examine the generic unpacking algorithm designed to detect and defeat popular packing techniques, including those that employ Import Address Table (IAT) obfuscation. Gain insights into the tool's effectiveness against various packers and malware samples, and understand its ability to reconstruct working unpacked binaries. For cases where full reconstruction is not possible, learn how Pindemonium provides valuable memory dumps and logs to assist malware analysts in their work. Access the open-source code on GitHub to further explore this innovative approach to unpacking and malware analysis.
Overview
Syllabus
Pindemonium: A DBI-Based Generic Unpacker for Windows Executable
Taught by
Black Hat