Binary Analysis Framework

The binary analysis of software has become an integral activity for security researchers and attackers alike. As the value of being able to exploit a vulnerability has increased, the need to discover, fix and prevent such vulnerabilities has never been greater. This paper proposes the Binary Analysis Framework, which is intended to be used by security researchers to query and analyze information about system and third party libraries. Researchers can use the tool to evaluate and discover unknown vulnerabilities in these libraries. Furthermore, the framework can be utilized to analyze mitigation techniques implemented by operating system and thirdparty vendors. The Binary Analysis Framework takes a novel approach to system-level security by introducing a framework that provides for binary analysis of libraries utilizing a relational data model for permanent storage of the binary instructions, as well as providing novel ways of searching and interacting with the parsed instructions

A Malware Analysis and Artifact Capture Tool

Malware authors attempt to obfuscate and hide their code in its static and dynamic states. This paper provides a novel approach to aid analysis by intercepting and capturing malware artifacts and providing dynamic control of process flow. Capturing malware artifacts allows an analyst to more quickly and comprehensively understand malware behavior and obfuscation techniques and doing so interactively allows multiple code paths to be explored. The faster that malware can be analyzed the quicker the systems and data compromised by it can be determined and its infection stopped. This research proposes an instantiation of an interactive malware analysis and artifact capture tool

Detecting and Mitigating Cyberattacks Targeting Healthcare Transactions

https://scholar.dsu.edu/research-symposium/1005/thumbnail.jp

Reverse Engineering a Nit That Unmasks Tor Users

This paper is a case study of a forensic investigation of a Network Investigative Technique (NIT) used by the FBI to deanonymize users of a The Onion Router (Tor) Hidden Service. The forensic investigators were hired by the defense to determine how the NIT worked. The defendant was accused of using a browser to access illegal information. The authors analyzed the source code, binary files and logs that were used by the NIT. The analysis was used to validate that the NIT collected only necessary and legally authorized information. This paper outlines the publicly available case details, how the NIT logged data, and how the NIT utilized a capability in flash to deanonymize a Tor user. The challenges with the investigation and concerns of the NIT will also be discussed