Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

GRAP - Define and Match Graph Patterns Within Binaries

Recon Conference via YouTube

Overview

Explore a powerful tool for malware analysis and binary code pattern matching in this conference talk from Recon 2017 Brussels. Learn about GRAP, a YARA-like detection tool that matches user-defined graph patterns against Control Flow Graphs (CFGs) of disassembled binary code. Discover how GRAP utilizes Capstone-based disassembly to generate CFGs and employs a simplified subgraph isomorphism algorithm for quick pattern matching. Gain insights into practical applications, including detecting generic patterns like loops and creating signatures for malware variants. Explore the IDA plugin that enables direct detection and browsing of matches within the GUI. Delve into the tool's Python bindings for creating scripts and extracting valuable information from matched instructions. Follow along as the speakers demonstrate real-world use cases, from command-line pattern detection to malware pattern creation and information extraction. Benefit from the expertise of Aurelien Thierry, a reverse engineer and forensics analyst at Airbus Defence & Space - CyberSecurity, and Jonathan Thieuleux, a junior malware analyst at Stormshield, as they share their knowledge on this open-source tool designed to enhance malware analysis capabilities.

Syllabus

Recon 2017 Brussels - GRAP: define and match graph patterns within binaries

Taught by

Recon Conference

Reviews

Start your review of GRAP - Define and Match Graph Patterns Within Binaries

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.