Modern Techniques to Deobfuscate UEFI/BIOS Malware and Virtualized Packers

~ hucktech
Modern advanced malware samples are used to infect countries and they make part of the current cyber war, cyber espionage and financial attacks. Furthermore, critical actors, who write these malicious code try to make the static and dynamic analysis really hard by heavily virtualizing and obfuscating their code using techniques such as CFG, virtualization, call stack manipulation, dead code, opaque predicate and so on. To manage these complex scenarios above, we are able to use tools such as METASM, MIASM and several emulation techniques to make the code simpler. The goal is to reduce the code (most of time by using symbolic analysis), in order to allow us a better understanding of the threat. This presentation aims to show concepts and a practical approach on how to handle obsfuscation reverse engineering challenges and threats involving BIOS/UEFI malware.
https://conference.hitb.org/hitbsecconf2019ams/materials/D1T1%20-%20Modern%20Techniques%20to%20Deobfuscate%20UEFI:BIOS%20Malware%20-%20Alexandre%20Borges.pdf

https://conference.hitb.org/hitbsecconf2019ams/sessions/modern-techniques-to-deobfuscate-uefi-bios-malware-and-virtualized-packers/

Published by hucktech

Leave a Reply

Please log in using one of these methods to post your comment:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s