Mario Vuksan (Chief Executive Officer, ReversingLabs) & Tomislav Pericin (Chief Software Architect, ReversingLabs)

HITB LAB TITLE: TitanEngine 3.0: Return of the Titan and the Exile of PE Malformation

HITB LAB ABSTRACT:

Portable executable (PE) file format has traditionally been a reversers favorite. Due to its age, we thought we knew everything there is to know about it. There couldn’t have been a single thing left to explore, right?

Last year’s BlackHat changed the way we thought about our favorite format. Numerous problems with it’s design were shown during the presentation that we modestly named “Things you don’t know about Portable Executable file format”. These were problems that made us rethink our security solutions and build them again from the ground up.

This lab will expand on ideas presented last year by showing more bad things that one could do with the PE file format. Yet this time we will also address the opposite and show how to solve these malformations. Solution to these issues will come as a guideline for a PE file format processor design implemented in the new version of the open source project TitanEngine, marked as 3.0. The new release of this unique PE file processing and unpacking library comes fully equipped to combat malformation problems. It will offer users not only features necessary to manipulate and unpack PE files but also to correctly identify security problems discussed during the lab.

We will also launch our latest version 3.0 of the open source project TitanEngine. This version of the library will among other things enable reverse and security engineers to securely and accurately parse the PE file format.

Note:  This lab will be broken into a 50 minute talk and 70 minute hands-on segment – If you think you’ve already heard everything there is to know about PE, join us and we’ll show you some new possibilities.

ABOUT MARIO VUKSAN

Mario has been involved in development of advanced security solutions for the last seven years and has rich engineering background spanning the last 20 years. Before founding ReversingLabs, Mario was the Director of Research at Bit9 and one of its founding engineers. He spoke at numerous conferences over the last 6 years including CEIC, Black Hat, RSA, Defcon, Caro Workshop, Virus Bulletin and AVAR Conferences. He is author of numerous blog posts on security and has authored “Protection in Untrusted Environments” chapter for the “Virtualization for Security” book. He coordinates AMTSO Advisory Board and works with IEEE Malware Working Group.

ABOUT TOMISLAV PERICIN

Tomislav Pericin has been analyzing and developing software packing and protection methods for the last 8 years. He is one of the founders of ReversingLabs and the chief software architect behind such projects as TitaniumCore, TitanEngine, NyxEngine and RLPack. Recently he spoke at BlackHat, ReCon, CARO Workshop, SAS and TechnoSecurity conferences.