Recon 2012 Review – Exploit the Magic School Bus to Success

Posted: June 16, 2012 in Malware, Software Security
Tags:

Hands down Day 1 of Recon the Magic Bus by Travis Goodspeed and Sergey Bratus took the show.  Great informational and entertaining presentation!  I encourage anyone to check out the hardware Travis has developed and his papers if you are into understanding key security issues with the Bus.

Next I found the presentation by Rolf Rolles some of the best work I’ve seen in this field.  The presentation was focused on Syntax and Semantic based methods for reverse engineering.

Syntax Based

Under the Syntax based methods Rolf talked about looking for patterns that can help identify signatures such as packers, FLlRT, etc.  It seems like this could be a good idea for an offshoot tool.  However, it important to note that he said an attacker could possibly avert these patterns when a reverser is using Syntactic methods by recompiling or doing complex obfuscation.  Guess this is another reason we should all be doing obfuscation in the commercial world.

Semantics Based

For this discussion Rolf described scenarios for an automated key generator, automated bug discovery, etc.  Most of the talk was explaining the mathematics behind the analysis which overall appear to very basic in nature.  However the way Rolf has applied the math in the analysis is quiet interesting and very intelligent.

Without going into too much detail he simply replaced concrete semantics (i.e. x,y) with abstract semantics (i.e. +(positive), – (negative)).  Then using truth tables on Bits (standard bit analysis either 0 or 1) (unknown bit analysis using 0,1, ½; ½ represents unknown) he is able to map out patterns.

In general the rest of the day was filled with other speakers who were interesting but just didn’t seem to catch my full attention.  With that said Tarjei Mandt did a good job explaining atoms and string based attacks. 

All and all a pretty good first day especially since Montreal had a music festival running with Dissonant Nation, which made a great evening of entertainment.

Advertisements
Comments
  1. lazarusdeo says:

    Can you provide a little more detail on:

    Without going into too much detail he simply replaced concrete semantics (i.e. x,y) with abstract semantics (i.e. +(positive), – (negative)). Then using truth tables on Bits (standard bit analysis either 0 or 1) (unknown bit analysis using 0,1, ½; ½ represents unknown) he is able to map out patterns.

    http://www.dariosoft.com/products/quickkeygenerator/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s