Software Security Team

RRI has established a software security team to provide government and commercial entities with specialized software security support. The team focuses on the following areas:

• Reverse Engineering: The team specializes in extracting intellectual property from a broad spectrum of software. This includes user applications, DLLs, drivers, OS kernels, and firmware. The software can be based on a variety of platforms (Windows/Linux/Mac/Embedded etc).
• Malware/Virus/RootKit Analysis: The team can identify and analyze intrusion software to characterize and/or neutralize the threat.

For additional information, download the Software Security Team White Paper

Software Security Services

Click here to learn more about the software security services offered by the RRI Software Security Team.

Conferences

Black Hat DC 2009 - Washington, DC (February 16-19, 2009)

• Jason Raber, Brian Krumheuer - QuietRIATT: Rebuilding the Import Address Table Using Hooked DLL Calls

Black Hat USA 2008 - Las Vegas, NV (August 2-7, 2008)

• Eric Laspe, Jason Raber - Deobfuscator: An Automated Approach to the Identification and Removal of Code Obfuscation

RECON2008 - Montreal, QC, Canada (June 13-15, 2008)

• Jason Raber - Helikaon Linux Debugger: A Stealthy Custom Debugger For Linux
• Eric Laspe - Deobfuscator: An Automated Approach to the Identification and Removal of Code Obfuscation

WCRE 2007 - Vancouver, BC, Canada (October 28-31, 2007)

• Jason Raber - Emulated Breakpoint Debugger and Data Mining using Detours
• Eric Laspe - Deobfuscator: an Automated Approach to the Identification and Removal of Code Obfuscation

REDTEAM2007 - Washington, DC (August 28-30, 2007)

• Jason Raber - The 'Deobfuscator': An Automated Approach to the Identification and Removal of Obfuscated Code

Tools

IF Debugger / utilizing MS Detours (patent pending)
Stealthy debugger that emulates breakpoints to avoid the anti-debugging pitfalls associated with most debuggers

Data Code Miner / Program Reconstructor (patent pending)
Runtime analysis tool with function hooking and data mining capabilities that facilitate control/data flow analysis and stealthy function manipulation

Deobfuscator IDA Pro plug-in (patent pending)
Neutralizes anti-disassembly and replaces obfuscated code with a simplified, transformed equivalent using a binary injector

System Emulator
Uses virtual machine (VM) emulation to implement an OS-independent debugger beneath the kernel level

Linux Rootkit Data Miner
Enables stealthy debugging of Linux executables, utilizing driver-level visibility to monitor system calls

ECM-50 Hardware Emulator
Uses a secondary PC to allow monitoring and control of all CPU instructions on a target machine

IEEE Publications

J. Raber and E. Laspe, "Emulated breakpoint debugger and data mining using Detours," 14th Working Conference on Reverse Engineering, Vancouver, B.C., Oct 2007, 271-272. (download)

J. Raber and E. Laspe, "Deobfuscator: an automated approach to the identification and removal of code obfuscation," 14th Working Conference on Reverse Engineering, Vancouver, B.C., Oct 2007, 275-276. (download)

Contact the Software Security Team

softwaresecurity@rri-usa.org