44CON LONDON 2015 has ended
Back To Schedule
Thursday, September 10 • 14:30 - 15:29
reverse reverse engineering

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Note: This talk will not be recorded.
Richo will walk attendees through the basic architecture of a traditional AOT compiler and runtime loader, and describe the parallels between this and the operation of a modern bytecode VM (python, ruby, etc). With this newfound knowledge, we'll tackle implementing a tool to reverse engineer a sample of obfuscated ruby. However, instead of analyzing the bytecode directly, we will instead implement a malicious, but otherwise fully functional VM, and use that to explore the various anti-analysis tricks deployed.

By the end of the talk, you will have extended insight into the conceptual inner workings of a compiler, and feel equipped to implement substitutes for the interesting parts of a traditional compilation/loader pipeline to trick opaque objects into telling you how they work, instead of the other way around. While the demos will focus on ruby, the techniques demonstrated are equally applicable to python, etc.

avatar for richö butts

richö butts

Security Engineer, Stripe
richö spends most of his time flying parachutes and flinging himself off things. But he also hacks computers and hangs out with nerds.

Thursday September 10, 2015 14:30 - 15:29 BST
Track 1

Attendees (0)