Presentation Title: Analysis and Visualization of Common Packers
Presentation Details:

In a field like malware analysis the first problem one encounters is that of overcoming the protection schemes devised by others, be those the creators of malware themselves or companies developing the protections as generic tools to deter reverse engineering and cracking.

Those protection schemes have developed over time to include a wide variety of anti-debugging and anti-disassembling techniques. Nowadays virtual machines and advanced obfuscation techniques are commonly found and make the process of reverse engineering the original application all the more complex. In the talk we will see some of the techniques used by protection schemes and how they compare to each other, peeking as well into the developing counter-measures against them.

About Ero:

Ero Carrera is currently a reverse engineering automation researcher at zynamics GmbH (was SABRE Security Gmbh), home of BinDiff and BinNavi. He is a recurring trainer at the trainings held by Black Hat conference. Ero has previously spent several years as a Virus Researcher at F-Secure where his main duties ranged from reverse engineering of malware to research in analysis automation methods. Prior to F-Secure, he was involved in miscellaneous research and development projects and always had a passion for mathematics, reverse engineering and computer security.

While at F-Secure he advanced the field of malware classification introducing a joint paper with Gergely Erdelyi on applying genomic methods to binary structural classification. Other projects he’s worked on include seminal research on generic unpacking. Additionally, Ero is a habitual lurker on OpenRCE and has contributed to miscellaneous reverse engineering tools such as pydot, ida2sql, Pythonika and the broadly used pefile.