Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 09-24-2016, 00:44
mcp mcp is offline
Friend
 
Join Date: Dec 2011
Posts: 73
Rept. Given: 4
Rept. Rcvd 12 Times in 11 Posts
Thanks Given: 7
Thanks Rcvd at 47 Times in 35 Posts
mcp Reputation: 12
VMAttack Project

An interesting IDA plugin to deal with VM based obfuscations - haven't tried it myself, yet, but certainly looks powerful.
Reply With Quote
The Following 2 Users Say Thank You to mcp For This Useful Post:
INFINITY (09-29-2016), user1 (12-01-2016)
  #2  
Old 09-29-2016, 16:52
INFINITY INFINITY is offline
Friend
 
Join Date: Sep 2015
Posts: 5
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 4
Thanks Rcvd at 1 Time in 1 Post
INFINITY Reputation: 0
Won 2nd prize in 2016 Hex-Ray plugin contest
Reply With Quote
The Following User Says Thank You to INFINITY For This Useful Post:
user1 (12-01-2016)
  #3  
Old 08-29-2017, 18:34
Shub-Nigurrath's Avatar
Shub-Nigurrath Shub-Nigurrath is offline
VIP
 
Join Date: Mar 2004
Location: Obscure Kadath
Posts: 919
Rept. Given: 60
Rept. Rcvd 419 Times in 94 Posts
Thanks Given: 68
Thanks Rcvd at 328 Times in 100 Posts
Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499
Despite some limitations (for example single threaded and stack based VMs) is a very interesting concept and does several advanced analysis. By the way there is someone who tried to use it with real targets and got some results?

Thanks,
Shub
__________________
Ŝħůb-Ňìĝùŕřaŧħ ₪)
There are only 10 types of people in the world: Those who understand binary, and those who don't
http://www.accessroot.com
Reply With Quote
The Following User Says Thank You to Shub-Nigurrath For This Useful Post:
user1 (08-30-2017)
  #4  
Old 08-30-2017, 03:50
user1 user1 is offline
Family
 
Join Date: Sep 2012
Location: OUT
Posts: 1,041
Rept. Given: 547
Rept. Rcvd 120 Times in 67 Posts
Thanks Given: 695
Thanks Rcvd at 566 Times in 337 Posts
user1 Reputation: 41
that is a good question.
Reply With Quote
  #5  
Old 09-12-2017, 17:21
Shub-Nigurrath's Avatar
Shub-Nigurrath Shub-Nigurrath is offline
VIP
 
Join Date: Mar 2004
Location: Obscure Kadath
Posts: 919
Rept. Given: 60
Rept. Rcvd 419 Times in 94 Posts
Thanks Given: 68
Thanks Rcvd at 328 Times in 100 Posts
Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499
recently seen a talk of the author of this plugin and once again I confirm that apparently works very well, but despite everything I didn't see any application so far and probably will never see because authors of VMs got their countermeasures to avoid these types of attacks.
__________________
Ŝħůb-Ňìĝùŕřaŧħ ₪)
There are only 10 types of people in the world: Those who understand binary, and those who don't
http://www.accessroot.com
Reply With Quote
  #6  
Old 09-13-2017, 17:01
deepzero's Avatar
deepzero deepzero is offline
VIP
 
Join Date: Mar 2010
Location: Germany
Posts: 300
Rept. Given: 111
Rept. Rcvd 64 Times in 42 Posts
Thanks Given: 178
Thanks Rcvd at 215 Times in 92 Posts
deepzero Reputation: 64
Is his talk available online?
Reply With Quote
  #7  
Old 09-14-2017, 05:57
sh3dow sh3dow is offline
Family
 
Join Date: Oct 2014
Posts: 158
Rept. Given: 113
Rept. Rcvd 79 Times in 24 Posts
Thanks Given: 458
Thanks Rcvd at 202 Times in 75 Posts
sh3dow Reputation: 79
Quote:
Originally Posted by deepzero View Post
Is his talk available online?
the only paper I found is "VMAttack: Deobfuscating Virtualization-Based Packed Binaries Anatoli Kalysch, Johannes Götzfried and Tilo Müller"
https://www1.cs.fau.de/content/vmattack direct link https://www1.cs.fau.de/filepool/publications/unpacking-dynamic-static.pdf
they submitted it to (ARES '17: Proceedings of the 12th International Conference on Availability, Reliability and Security) no video though
Reply With Quote
The Following User Says Thank You to sh3dow For This Useful Post:
h8er (11-20-2017)
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
it's a inscrutable project! LoveExeZ General Discussion 0 08-12-2004 09:31
Full version of Project-52 and Project-AVR Yaumen General Discussion 0 08-10-2004 16:27


All times are GMT +8. The time now is 19:04.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )