Artwork

Content provided by Black Hat/ CMP Media, Inc. and Jeff Moss. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Black Hat/ CMP Media, Inc. and Jeff Moss or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Player FM - Podcast App
Go offline with the Player FM app!

Chris Wysopal & Chris Eng: Static Detection of Application Backdoors

1:11:09
 
Share
 

Manage episode 153226767 series 1085097
Content provided by Black Hat/ CMP Media, Inc. and Jeff Moss. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Black Hat/ CMP Media, Inc. and Jeff Moss or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Backdoors have been part of software since the first security feature was implemented. So unless there is a process to detect backdoors they will inevitably be inserted into software. Requiring source code is a hurdle to detecting backdoors since it isn't typically available for off the shelf software or for many of the libraries developers link to. And what about your developer tool chain? Ken Thompson in "Reflections on Trusting Trust" showed your compiler can't be trusted. What about your linker, obfuscator or packer? To find backdoors in these scenarios you need to inspect the software executable binary.
We will present techniques for inspecting binaries for backdoors. We will discuss the different backdoor approaches that have been discovered in the wild and hypothesize other approaches that are likely to be used. We will give examples of how the backdoors present themselves in the binary and how to find them.
  continue reading

89 episodes

Artwork
iconShare
 
Manage episode 153226767 series 1085097
Content provided by Black Hat/ CMP Media, Inc. and Jeff Moss. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Black Hat/ CMP Media, Inc. and Jeff Moss or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Backdoors have been part of software since the first security feature was implemented. So unless there is a process to detect backdoors they will inevitably be inserted into software. Requiring source code is a hurdle to detecting backdoors since it isn't typically available for off the shelf software or for many of the libraries developers link to. And what about your developer tool chain? Ken Thompson in "Reflections on Trusting Trust" showed your compiler can't be trusted. What about your linker, obfuscator or packer? To find backdoors in these scenarios you need to inspect the software executable binary.
We will present techniques for inspecting binaries for backdoors. We will discuss the different backdoor approaches that have been discovered in the wild and hypothesize other approaches that are likely to be used. We will give examples of how the backdoors present themselves in the binary and how to find them.
  continue reading

89 episodes

All episodes

×
 
Loading …

Welcome to Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

 

Quick Reference Guide