Machine-Code Analysis With Open-Source Decompiler RetDec

0 %
Timeline Slides Search Info
Loading Click here to add:
Search in this video:

Creation date:
July 2nd, 2018, 4:20 p.m.
Add date:
July 2nd, 2018, 4:20 p.m.
Number of views:
69 (this month: 9)
Speaker:
Jakub Kroustek and Peter Matula
License:
CC BY-SA v4

When we need to deeply analyze a binary application (e.g. for malware dissection, vulnerability research, code optimization), static code analysis is what we use most of the time. However, static analysis of machine-code is usually not an easy task. It is actually a tough one in case of malware analysis. Luckily, existing machine-code decompilers help with this task significantly. On the other hand, the most well-known decompilers are either proprietary, cannot be easily modified for a given task, or both.

In this talk, we would like to depict our machine-code decompiler called RetDec(Retargetable Decompiler) that we are developing in Avast since 2011 and which we have open-sourced a few months ago under the MIT license. Its primary goal is, of course, decompilation of binary (malicious) applications, but its components can also be used for other tasks, such as disassembly, extraction of basic blocks, or initial assessment of malware samples. 

Jakub Kroustek 
Jakub is leading the threat intelligence team at Avast Software and previously at AVG, 7 years in total. Jakub is a malware analyst and reverse engineer with expertise in ransomware, botnets, and cryptography. He has his Ph.D. for a machine-code analysis. 

Peter Matula 
Peter is a senior software developer at Avast Software. He focuses on reverse-engineering research and is currently the main developer of the RetDec decompiler. He received his MSc. degree from the Faculty of Information Technology, Brno University of Technology, Czech Republic.

Visibility:
This media is published
Add to notification list

My favorites With attachments Unanswered New My annotations
Reset filters
Get notified of changes by email

When we need to deeply analyze a binary application (e.g. for malware dissection, vulnerability research, code optimization), static code analysis is what we use most of the time. However, static analysis of machine-code is usually not an easy task. It is actually a tough one in case of malware analysis. Luckily, existing machine-code decompilers help with this task significantly. On the other hand, the most well-known decompilers are either proprietary, cannot be easily modified for a given task, or both.

In this talk, we would like to depict our machine-code decompiler called RetDec(Retargetable Decompiler) that we are developing in Avast since 2011 and which we have open-sourced a few months ago under the MIT license. Its primary goal is, of course, decompilation of binary (malicious) applications, but its components can also be used for other tasks, such as disassembly, extraction of basic blocks, or initial assessment of malware samples. 

Jakub Kroustek 
Jakub is leading the threat intelligence team at Avast Software and previously at AVG, 7 years in total. Jakub is a malware analyst and reverse engineer with expertise in ransomware, botnets, and cryptography. He has his Ph.D. for a machine-code analysis. 

Peter Matula 
Peter is a senior software developer at Avast Software. He focuses on reverse-engineering research and is currently the main developer of the RetDec decompiler. He received his MSc. degree from the Faculty of Information Technology, Brno University of Technology, Czech Republic.

Other media in the channel "2018 Lille"

July 6th, 2018 Glassfish from (IN)Secure admin 7 m 7 s 52 views, 2 this month Glassfish from (IN)Secure admin
July 6th, 2018 Shadow on the Wall - Risks and Flaws with Shadowsocks 15 m 36 s 121 views, 5 this month Shadow on the Wall - Risks and Flaws with Shadowsocks
July 6th, 2018 Open Hardware for (software) offensive security 16 m 3 s 31 views, 1 this month Open Hardware for (software) offensive security
July 6th, 2018 Freedom Fighting Mode - Open Source Hacking Harness 19 m 46 s 21 views, 1 this month Freedom Fighting Mode - Open Source Hacking Harness
July 6th, 2018 Expl-iot: IoT Security Testing Framework 29 m 22 s 46 views, 6 this month Expl-iot: IoT Security Testing Framework
July 6th, 2018 Io(M)T Security: A year in review 45 m 21 s 19 views, 1 this month Io(M)T Security: A year in review