This event has ended. Create your own event → Check it out
This event has ended. Create your own
View analytic
Thursday, September 10 • 14:30 - 15:29
reverse reverse engineering

Sign up or log in to save this to your schedule and see who's attending!

Note: This talk will not be recorded.
Richo will walk attendees through the basic architecture of a traditional AOT compiler and runtime loader, and describe the parallels between this and the operation of a modern bytecode VM (python, ruby, etc). With this newfound knowledge, we'll tackle implementing a tool to reverse engineer a sample of obfuscated ruby. However, instead of analyzing the bytecode directly, we will instead implement a malicious, but otherwise fully functional VM, and use that to explore the various anti-analysis tricks deployed.

By the end of the talk, you will have extended insight into the conceptual inner workings of a compiler, and feel equipped to implement substitutes for the interesting parts of a traditional compilation/loader pipeline to trick opaque objects into telling you how they work, instead of the other way around. While the demos will focus on ruby, the techniques demonstrated are equally applicable to python, etc.

avatar for Richo Healey

Richo Healey

Security Engineer, Stripe
richo likes his ducks flat and his instruction sets reduced. He breaks things at Stripe, works on Rust, and will hopefully update his bio before the con.

Thursday September 10, 2015 14:30 - 15:29
Track 1

Attendees (19)