Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   VMAttack Project (https://forum.exetools.com/showthread.php?t=17942)

mcp 09-24-2016 00:44
VMAttack Project
 
An interesting IDA plugin to deal with VM based obfuscations - haven't tried it myself, yet, but certainly looks powerful.

INFINITY 09-29-2016 16:52
Won 2nd prize in 2016 Hex-Ray plugin contest

Shub-Nigurrath 08-29-2017 18:34
Despite some limitations (for example single threaded and stack based VMs) is a very interesting concept and does several advanced analysis. By the way there is someone who tried to use it with real targets and got some results?

Thanks,
Shub

user1 08-30-2017 03:50
that is a good question.

Shub-Nigurrath 09-12-2017 17:21
recently seen a talk of the author of this plugin and once again I confirm that apparently works very well, but despite everything I didn't see any application so far and probably will never see because authors of VMs got their countermeasures to avoid these types of attacks.

deepzero 09-13-2017 17:01
Is his talk available online?

sh3dow 09-14-2017 05:57
Quote:
Originally Posted by deepzero (Post 110468)
Is his talk available online?
the only paper I found is "VMAttack: Deobfuscating Virtualization-Based Packed Binaries Anatoli Kalysch, Johannes Götzfried and Tilo Müller"
https://www1.cs.fau.de/content/vmattack direct link https://www1.cs.fau.de/filepool/publications/unpacking-dynamic-static.pdf
they submitted it to (ARES '17: Proceedings of the 12th International Conference on Availability, Reliability and Security) no video though :mad:


All times are GMT +8. The time now is 12:38.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX