#1
|
|||
|
|||
VMAttack Project
An interesting IDA plugin to deal with VM based obfuscations - haven't tried it myself, yet, but certainly looks powerful.
|
#2
|
|||
|
|||
Won 2nd prize in 2016 Hex-Ray plugin contest
|
The Following User Says Thank You to INFINITY For This Useful Post: | ||
user1 (12-01-2016) |
#3
|
||||
|
||||
Despite some limitations (for example single threaded and stack based VMs) is a very interesting concept and does several advanced analysis. By the way there is someone who tried to use it with real targets and got some results?
Thanks, Shub
__________________
Ŝħůb-Ňìĝùŕřaŧħ ₪) There are only 10 types of people in the world: Those who understand binary, and those who don't http://www.accessroot.com |
The Following User Says Thank You to Shub-Nigurrath For This Useful Post: | ||
user1 (08-30-2017) |
#4
|
|||
|
|||
that is a good question.
|
#5
|
||||
|
||||
recently seen a talk of the author of this plugin and once again I confirm that apparently works very well, but despite everything I didn't see any application so far and probably will never see because authors of VMs got their countermeasures to avoid these types of attacks.
__________________
Ŝħůb-Ňìĝùŕřaŧħ ₪) There are only 10 types of people in the world: Those who understand binary, and those who don't http://www.accessroot.com |
#6
|
||||
|
||||
Is his talk available online?
|
#7
|
|||
|
|||
the only paper I found is "VMAttack: Deobfuscating Virtualization-Based Packed Binaries Anatoli Kalysch, Johannes Götzfried and Tilo Müller"
https://www1.cs.fau.de/content/vmattack direct link https://www1.cs.fau.de/filepool/publications/unpacking-dynamic-static.pdf they submitted it to (ARES '17: Proceedings of the 12th International Conference on Availability, Reliability and Security) no video though |
The Following User Says Thank You to sh3dow For This Useful Post: | ||
h8er (11-20-2017) |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
it's a inscrutable project! | LoveExeZ | General Discussion | 0 | 08-12-2004 09:31 |
Full version of Project-52 and Project-AVR | Yaumen | General Discussion | 0 | 08-10-2004 16:27 |