Скачать с ютуб DeepSec 2013: spin: Static Instrumentation For Binary Reverse-Engineering в хорошем качестве

DeepSec 2013: spin: Static Instrumentation For Binary Reverse-Engineering

For more information and to download the video visit: http://bit.ly/DS13_info Playlist Deepsec 2013: http://bit.ly/DS13_pl Speaker: David Guillen Fandos David Guillen Fandos introduces methods for binary reverse-engineering at DeepSec 2013: "My talk proposal is about binary instrumentation and its applications in the field of reverse-engineering and hacking. Binary instrumentation is a technique used in many fields such as computer architecture, application profiling, emulation and dynamic translation. But its interactions with the security field so far have been mostly in malware and threat analysis. This talk proposes new applications for binary instrumentation such as executable hacking and function hooking. As an example we present a simple analysis routine capable of locating security critical functions in serial protected applications by performing runtime analysis of the program's functions. In the end we are able to modify the programs behavior to accept any user input. Another interesting application presented is the ability to locate and hook critical functions in a web browser: we are able to find and hook Opera's HTTP request generator function and sniff out data sent to the server before it gets ciphered under SSL and TLS layers. Finally we present a tool called spin which is the base for all the examples shown. This tool performs static binary instrumentation in a very lightweight way: it only instruments at function level statically."