Adventures In Analyzing Stuxnet presented at Chaos Communication Congress 27

by Bruce Dang, Peter Ferrie,

Tags: Malware Analysis


Summary : There has been many publications on the topic of Stuxnet and its "sophistication" in the mainstream press. However, there is not a complete publication which explains all of the technical vulnerability details and how they were discovered. In this talk, you will get a first-hand account of the entire story.

We will discuss various techniques used in analyzing Stuxnet. First, we will share several tricks that were used to quickly identify the vulnerabilities. Second, we describe the thought processes that went into debugging and triaging the vulnerabilities themselves. Finally, we show some tips that you can use if you feel like decompiling stuff for fun :).