|
RRI has established a software security team to provide government and commercial entities with specialized software security support. The team focuses on the following areas:
- Reverse Engineering: The team specializes in extracting intellectual property from a broad spectrum of software. This includes user applications, DLLs, drivers, OS kernels, and firmware. The software can be based on a variety of platforms (Windows/Linux/Mac/Embedded etc).
- Malware/Virus/RootKit Analysis: The team can identify and analyze intrusion software to characterize and/or neutralize the threat.
For additional information, download the Software Security Team White Paper
Software Security Services
Click here to learn more about the software security services offered by the RRI Software Security Team.
Conferences
Upcoming
Black Hat DC 2009 - Washington, DC (February 16-19, 2009)
Jason Raber, Brian Krumheuer - QuietRIATT: Rebuilding the Import Address Table Using Hooked DLL Calls
Past
Black Hat USA 2008 - Las Vegas, NV (August 2-7, 2008)
Eric Laspe, Jason Raber - Deobfuscator: An Automated Approach to the Identification and Removal of Code Obfuscation
RECON2008 - Montreal, QC, Canada (June 13-15, 2008)
Jason Raber - Helikaon Linux Debugger: A Stealthy Custom Debugger
For Linux
Eric Laspe - Deobfuscator: An Automated Approach to the Identification and Removal of Code Obfuscation
WCRE 2007 -Vancouver, BC, Canada (October 28-31, 2007)
Jason Raber - Emulated Breakpoint Debugger and Data Mining using Detours
Eric Laspe - Deobfuscator: an Automated Approach to the Identification and Removal of Code Obfuscation
REDTEAM2007 - Washington, DC (August 28-30, 2007)
Jason Raber - The 'Deobfuscator': An Automated Approach to the Identification and Removal of Obfuscated Code
Tools
IF Debugger / utilizing MS Detours (patent pending)
Stealthy debugger that emulates breakpoints to avoid the anti-debugging pitfalls associated with most debuggers
Data Code Miner / Program Reconstructor (patent pending)
Runtime analysis tool with function hooking and data mining capabilities that facilitate control/data flow analysis and stealthy function manipulation
Deobfuscator IDA Pro plug-in (patent pending)
Neutralizes anti-disassembly and replaces obfuscated code with a simplified, transformed equivalent using a binary injector
System Emulator
Uses virtual machine (VM) emulation to implement an OS-independent debugger beneath the kernel level
Linux Rootkit Data Miner
Enables stealthy debugging of Linux executables, utilizing driver-level visibility to monitor system calls
ECM-50 Hardware Emulator
Uses a secondary PC to allow monitoring and control of all CPU instructions on a target machine
IEEE Publications
J. Raber and E. Laspe, "Emulated breakpoint debugger and data mining using Detours," 14th Working Conference on Reverse Engineering, Vancouver, B.C., Oct 2007, 271-272. (download)
J. Raber and E. Laspe, "Deobfuscator: an automated approach to the identification and removal of code obfuscation," 14th Working Conference on Reverse Engineering, Vancouver, B.C., Oct 2007, 275-276. (download)
Contact the Software Security Team
Jason Raber: (937) 427-7085; softwaresecurity@rri-usa.org
|
