Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 09-24-2016, 00:44
mcp mcp is offline
Friend
 
Join Date: Dec 2011
Posts: 73
Rept. Given: 4
Rept. Rcvd 12 Times in 11 Posts
Thanks Given: 7
Thanks Rcvd at 47 Times in 35 Posts
mcp Reputation: 12
VMAttack Project

An interesting IDA plugin to deal with VM based obfuscations - haven't tried it myself, yet, but certainly looks powerful.
Reply With Quote
The Following 2 Users Say Thank You to mcp For This Useful Post:
INFINITY (09-29-2016), user1 (12-01-2016)
  #2  
Old 09-29-2016, 16:52
INFINITY INFINITY is offline
Friend
 
Join Date: Sep 2015
Posts: 7
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 4
Thanks Rcvd at 3 Times in 3 Posts
INFINITY Reputation: 0
Won 2nd prize in 2016 Hex-Ray plugin contest
Reply With Quote
The Following User Says Thank You to INFINITY For This Useful Post:
user1 (12-01-2016)
  #3  
Old 08-29-2017, 18:34
Shub-Nigurrath's Avatar
Shub-Nigurrath Shub-Nigurrath is offline
VIP
 
Join Date: Mar 2004
Location: Obscure Kadath
Posts: 809
Rept. Given: 47
Rept. Rcvd 391 Times in 86 Posts
Thanks Given: 21
Thanks Rcvd at 88 Times in 50 Posts
Shub-Nigurrath Reputation: 300-399 Shub-Nigurrath Reputation: 300-399 Shub-Nigurrath Reputation: 300-399 Shub-Nigurrath Reputation: 300-399
Despite some limitations (for example single threaded and stack based VMs) is a very interesting concept and does several advanced analysis. By the way there is someone who tried to use it with real targets and got some results?

Thanks,
Shub
__________________
Ŝħůb-Ňìĝùŕřaŧħ ₪)
There are only 10 types of people in the world: Those who understand binary, and those who don't
http://www.accessroot.com
Reply With Quote
The Following User Says Thank You to Shub-Nigurrath For This Useful Post:
user1 (08-30-2017)
  #4  
Old 08-30-2017, 03:50
user1's Avatar
user1 user1 is offline
Family
 
Join Date: Sep 2012
Location: Romania
Posts: 818
Rept. Given: 421
Rept. Rcvd 112 Times in 60 Posts
Thanks Given: 486
Thanks Rcvd at 433 Times in 259 Posts
user1 Reputation: 33
that is a good question.
Reply With Quote
  #5  
Old 09-12-2017, 17:21
Shub-Nigurrath's Avatar
Shub-Nigurrath Shub-Nigurrath is offline
VIP
 
Join Date: Mar 2004
Location: Obscure Kadath
Posts: 809
Rept. Given: 47
Rept. Rcvd 391 Times in 86 Posts
Thanks Given: 21
Thanks Rcvd at 88 Times in 50 Posts
Shub-Nigurrath Reputation: 300-399 Shub-Nigurrath Reputation: 300-399 Shub-Nigurrath Reputation: 300-399 Shub-Nigurrath Reputation: 300-399
recently seen a talk of the author of this plugin and once again I confirm that apparently works very well, but despite everything I didn't see any application so far and probably will never see because authors of VMs got their countermeasures to avoid these types of attacks.
__________________
Ŝħůb-Ňìĝùŕřaŧħ ₪)
There are only 10 types of people in the world: Those who understand binary, and those who don't
http://www.accessroot.com
Reply With Quote
  #6  
Old 09-13-2017, 17:01
deepzero's Avatar
deepzero deepzero is offline
VIP
 
Join Date: Mar 2010
Location: Europe
Posts: 235
Rept. Given: 100
Rept. Rcvd 60 Times in 38 Posts
Thanks Given: 101
Thanks Rcvd at 108 Times in 57 Posts
deepzero Reputation: 60
Is his talk available online?
Reply With Quote
  #7  
Old 09-14-2017, 05:57
sh3dow sh3dow is offline
Family
 
Join Date: Oct 2014
Posts: 84
Rept. Given: 93
Rept. Rcvd 76 Times in 21 Posts
Thanks Given: 202
Thanks Rcvd at 96 Times in 34 Posts
sh3dow Reputation: 76
Quote:
Originally Posted by deepzero View Post
Is his talk available online?
the only paper I found is "VMAttack: Deobfuscating Virtualization-Based Packed Binaries Anatoli Kalysch, Johannes Götzfried and Tilo Müller"
https://www1.cs.fau.de/content/vmattack direct link https://www1.cs.fau.de/filepool/publications/unpacking-dynamic-static.pdf
they submitted it to (ARES '17: Proceedings of the 12th International Conference on Availability, Reliability and Security) no video though
Reply With Quote
The Following User Says Thank You to sh3dow For This Useful Post:
h8er (11-20-2017)
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
it's a inscrutable project! LoveExeZ General Discussion 0 08-12-2004 09:31
Full version of Project-52 and Project-AVR Yaumen General Discussion 0 08-10-2004 16:27


All times are GMT +8. The time now is 06:40.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX
( 1998 - 2020 )