This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
Content provided by DEF CON. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by DEF CON or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Similar to DEF CON 24 [Audio] Speeches from the Hacker Convention
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
The latest in-depth coverage covering the intersection of technology and culture will help you make sense of a world in constant transformation. Join us as we explore the ways technology is changing our lives.
…
continue reading
Hungry for Technology Talk? Get All You Can Eat at the Android Buffet
…
continue reading
BBC Radio 5 live’s award winning gaming podcast, discussing the world of video games and games culture.
…
continue reading
Embedded is the show for people who love gadgets. Making them, breaking them, and everything in between. Weekly interviews with engineers, educators, and enthusiasts. Find the show, blog, and more at embedded.fm.
…
continue reading
Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
…
continue reading
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
A free-ranging set of discussions on matters of interest to people involved in user experience design, website design, and usability in general.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
))
Amro Abdelgawad - The Remote Metamorphic Engine: Detecting, Evading, Attacking the AI and Reverse Engineering
Archived series ("Inactive feed" status)
When?
This feed was archived on August 20, 2020 08:09 (
Why? Inactive feed status. Our servers were unable to retrieve a valid podcast feed for a sustained period.
What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.
Manage episode 215601409 series 2427673
Content provided by DEF CON. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by DEF CON or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Materials:
https://media.defcon.org/DEF CON 24/DEF CON 24 presentations/DEFCON-24-Amro-Abdelgawad-The-Remote-Metamorphic-Engine-UPDATED.pdf
https://media.defcon.org/DEF CON 24/DEF CON 24 presentations/DEFCON-24-Amro-Abdelgawad-Extras
The Remote Metamorphic Engine: Detecting, Evading, Attacking the AI and Reverse Engineering
Amro Abdelgawad Founder, Immuneye
As a matter of fact, it is all about time to reverse engineer the most complex piece of code. Code complicity techniques are usually used just to increase the time and effort needed for reverse engineering. The desired effect of code complicity can be magnified using mechanisms that decrease and narrow the allowed time frame for any reverse engineering attempt into few milliseconds. Such approach can be applied using a metamorphic engine that is aware of the time dimension.
Beyond metamorphic applications for AV evasion, in this talk, we will present a novel approach to resist and evade reverse engineering using a remote metamorphic engine that generates diversified morphed machine code of a very short expiration lifetime. Our approach is based on a client-server model using challenge-response communication protocol made of morphed machine code rather than data. We will show how any reverse engineering attempt on such model will be forced to execute or emulate the morphed code. Thus the code will always have an upper hand to detect, evade and attack the reverse engineering environment. Our approach is immune to static code analysis as the functionalities and the communication protocol used are dynamically diversified remotely and do not exist in packed executable files. On the other hand, clock synchronized morphed machine code driven by a remote metamorphic engine would trap dynamic RE attempts in the maze of metamorphism. One that is immune to code tampering and reversing by detecting the non-self.
We will present the fundamental difference between metamorphic and polymorphic techniques used to evade AV compared to the ones that can be used to resist RE. We will show how a remote diversified metamorphic self-modifying code with a very short expiration lifetime can detect, evade, and resist any code analysis, reverse engineering, machine learning and tampering attempts.
Amro Abdelgawad is a security researcher and the founder of Immuneye. He has more than 15 years experience in software security and reverse engineering. He has experienced both sides of software security in vulnerability researching, penetration testing, reverse engineering, exploit development and the defensive side as a chief security officer for software companies running wide infrastructures. Amro is currently working as a security researcher where his main interests are analyzing malware, vulnerability researching and developing artificial software immunity.
104 episodes
Share
Archived series ("Inactive feed" status)
When?
This feed was archived on August 20, 2020 08:09 (
Why? Inactive feed status. Our servers were unable to retrieve a valid podcast feed for a sustained period.
What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.
Manage episode 215601409 series 2427673
Content provided by DEF CON. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by DEF CON or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Materials:
https://media.defcon.org/DEF CON 24/DEF CON 24 presentations/DEFCON-24-Amro-Abdelgawad-The-Remote-Metamorphic-Engine-UPDATED.pdf
https://media.defcon.org/DEF CON 24/DEF CON 24 presentations/DEFCON-24-Amro-Abdelgawad-Extras
The Remote Metamorphic Engine: Detecting, Evading, Attacking the AI and Reverse Engineering
Amro Abdelgawad Founder, Immuneye
As a matter of fact, it is all about time to reverse engineer the most complex piece of code. Code complicity techniques are usually used just to increase the time and effort needed for reverse engineering. The desired effect of code complicity can be magnified using mechanisms that decrease and narrow the allowed time frame for any reverse engineering attempt into few milliseconds. Such approach can be applied using a metamorphic engine that is aware of the time dimension.
Beyond metamorphic applications for AV evasion, in this talk, we will present a novel approach to resist and evade reverse engineering using a remote metamorphic engine that generates diversified morphed machine code of a very short expiration lifetime. Our approach is based on a client-server model using challenge-response communication protocol made of morphed machine code rather than data. We will show how any reverse engineering attempt on such model will be forced to execute or emulate the morphed code. Thus the code will always have an upper hand to detect, evade and attack the reverse engineering environment. Our approach is immune to static code analysis as the functionalities and the communication protocol used are dynamically diversified remotely and do not exist in packed executable files. On the other hand, clock synchronized morphed machine code driven by a remote metamorphic engine would trap dynamic RE attempts in the maze of metamorphism. One that is immune to code tampering and reversing by detecting the non-self.
We will present the fundamental difference between metamorphic and polymorphic techniques used to evade AV compared to the ones that can be used to resist RE. We will show how a remote diversified metamorphic self-modifying code with a very short expiration lifetime can detect, evade, and resist any code analysis, reverse engineering, machine learning and tampering attempts.
Amro Abdelgawad is a security researcher and the founder of Immuneye. He has more than 15 years experience in software security and reverse engineering. He has experienced both sides of software security in vulnerability researching, penetration testing, reverse engineering, exploit development and the defensive side as a chief security officer for software companies running wide infrastructures. Amro is currently working as a security researcher where his main interests are analyzing malware, vulnerability researching and developing artificial software immunity.
104 episodes
All episodes
×
Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.
Similar to DEF CON 24 [Audio] Speeches from the Hacker Convention
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
The latest in-depth coverage covering the intersection of technology and culture will help you make sense of a world in constant transformation. Join us as we explore the ways technology is changing our lives.
…
continue reading
Hungry for Technology Talk? Get All You Can Eat at the Android Buffet
…
continue reading
BBC Radio 5 live’s award winning gaming podcast, discussing the world of video games and games culture.
…
continue reading
Embedded is the show for people who love gadgets. Making them, breaking them, and everything in between. Weekly interviews with engineers, educators, and enthusiasts. Find the show, blog, and more at embedded.fm.
…
continue reading
Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
…
continue reading
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
A free-ranging set of discussions on matters of interest to people involved in user experience design, website design, and usability in general.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
