ABD is the course materials for Advanced Binary Deobfuscation by NTT Secure Platform Laboratories
Advanced Binary Deobfuscation
This repository contains the course materials of Advanced Binary Deobfuscation at the Global Cybersecurity Camp (GCC) Tokyo in 2020.
Reverse engineering is not easy, especially if a binary code is obfuscated. Once obfuscation performed, the binary would not be analyzed accurately with naive techniques alone.
In this course, you will learn obfuscation principles (especially used by malware), theory and practice of obfuscated code analysis, and how to write your own tool for deobfuscation.
In particular, we delve into data-flow analysis and SAT/SMT-based binary analysis (e.g., symbolic execution) to render obfuscation ineffective.
Also Read – DLLPasswordFilterImplant : DLL Password Filter Implant With Exfiltration Capabilities
This course is about binary deobfuscation, meant for security analysts and researchers (in embryo) looking to add a skill set on writing your own tool to their arsenal. At the end of this class, attendees will be able to:
Towards this end, the course was held in the form of a combination of classroom learning and hands-on training at GCC.
Attendees should have:
The following links are useful to bridge the gap.
We assume Ubuntu 18.04 with Miasm, Z3, and Jupyter Notebook.
./setup.sh ./
Advanced-Binary-Deobfuscation.pdf
and enjoy!The cp command, short for "copy," is the main Linux utility for duplicating files and directories. Whether…
Introduction In digital investigations, images often hold more information than meets the eye. With the…
The cat command short for concatenate, It is a fast and versatile tool for viewing and merging…
What is a Port? A port in networking acts like a gateway that directs data…
The ls command is fundamental for anyone working with Linux. It’s used to display the files and…
The pwd (Print Working Directory) command is essential for navigating the Linux filesystem. It instantly shows your…