Modern Techniques to Deobfuscate UEFI/BIOS Malware and Virtualized Packers

Modern advanced malware samples are used to infect countries and they make part of the current cyber war, cyber espionage and financial attacks. Furthermore, critical actors, who write these malicious code try to make the static and dynamic analysis really hard by heavily virtualizing and obfuscating their code using techniques such as CFG, virtualization, call stack manipulation, dead code, opaque predicate and so on. To manage these complex scenarios above, we are able to use tools such as METASM, MIASM and several emulation techniques to make the code simpler. The goal is to reduce the code (most of time by using symbolic analysis), in order to allow us a better understanding of the threat. This presentation aims to show concepts and a practical approach on how to handle obsfuscation reverse engineering challenges and threats involving BIOS/UEFI malware.
https://conference.hitb.org/hitbsecconf2019ams/materials/D1T1%20-%20Modern%20Techniques%20to%20Deobfuscate%20UEFI:BIOS%20Malware%20-%20Alexandre%20Borges.pdf

https://conference.hitb.org/hitbsecconf2019ams/sessions/modern-techniques-to-deobfuscate-uefi-bios-malware-and-virtualized-packers/

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s