2,075 research outputs found
Assessment of Source Code Obfuscation Techniques
Obfuscation techniques are a general category of software protections widely
adopted to prevent malicious tampering of the code by making applications more
difficult to understand and thus harder to modify. Obfuscation techniques are
divided in code and data obfuscation, depending on the protected asset. While
preliminary empirical studies have been conducted to determine the impact of
code obfuscation, our work aims at assessing the effectiveness and efficiency
in preventing attacks of a specific data obfuscation technique - VarMerge. We
conducted an experiment with student participants performing two attack tasks
on clear and obfuscated versions of two applications written in C. The
experiment showed a significant effect of data obfuscation on both the time
required to complete and the successful attack efficiency. An application with
VarMerge reduces by six times the number of successful attacks per unit of
time. This outcome provides a practical clue that can be used when applying
software protections based on data obfuscation.Comment: Post-print, SCAM 201
Exploiting code mobility for dynamic binary obfuscation
Software protection aims at protecting the integrity of software applications deployed on un-trusted hosts and being subject to illegal analysis. Within an un-trusted environment a possibly malicious user has complete access to system resources and tools in order to analyze and tamper with the application code. To address this research problem, we propose a novel binary obfuscation approach based on the deployment of an incomplete application whose code arrives from a trusted network entity as a flow of mobile code blocks which are arranged in memory with a different customized memory layout. This paper presents our approach to contrast reverse engineering by defeating static and dynamic analysis, and discusses its effectivenes
The Effectiveness Of Bytecode Decompilation
High-level bytecodes used by object-oriented managed execution environments make it easy to decompile them. This paper studies the reasons that make bytecode decompilers such efficient and presents basic obfuscation techniques as an efficient protection against binary code reverse engineering.basic obfuscation, reverse engineering, object-oriented execution
Protecting your software updates
As described in many blog posts and the scientific literature, exploits for software vulnerabilities are often engineered on the basis of patches, which often involves the manual or automated identification of vulnerable code. The authors evaluate how this identification can be automated with the most frequently referenced diffing tools, demonstrating that for certain types of patches, these tools are indeed effective attacker tools. But they also demonstrate that by using binary code diversification, the effectiveness of the tools can be diminished severely, thus severely closing the attacker's window of opportunity
PowerDrive: Accurate De-Obfuscation and Analysis of PowerShell Malware
PowerShell is nowadays a widely-used technology to administrate and manage
Windows-based operating systems. However, it is also extensively used by
malware vectors to execute payloads or drop additional malicious contents.
Similarly to other scripting languages used by malware, PowerShell attacks are
challenging to analyze due to the extensive use of multiple obfuscation layers,
which make the real malicious code hard to be unveiled. To the best of our
knowledge, a comprehensive solution for properly de-obfuscating such attacks is
currently missing. In this paper, we present PowerDrive, an open-source, static
and dynamic multi-stage de-obfuscator for PowerShell attacks. PowerDrive
instruments the PowerShell code to progressively de-obfuscate it by showing the
analyst the employed obfuscation steps. We used PowerDrive to successfully
analyze thousands of PowerShell attacks extracted from various malware vectors
and executables. The attained results show interesting patterns used by
attackers to devise their malicious scripts. Moreover, we provide a taxonomy of
behavioral models adopted by the analyzed codes and a comprehensive list of the
malicious domains contacted during the analysis
- …