Reverse Engineering with Hypervisors presented at REcon 2010

by Danny Quist,

Summary : Hypervisors make very good tools to aide in reverse engineering. This talk will concentrate on two related areas: Modifications to the Ether system made to improve unpacking capabilities. I will highlight my method for more accurate OEP detection, PE rebuilding, and using the Windows memory management data structures to more accurately recover the import table. I will also show my improvements to VERA, a visualization tool to make reverse engineering drastically faster.

Danny Quist: Danny Quist is the CEO and founder of Offensive Computing, LLC. His research is in automated analysis methods for malware with software and hardware assisted techniques. He has written several defensive systems to mitigate virus attacks on networks and developed a generic network quarantine technology. He consults with both private and public sectors on system and network security. His interests include malware defense, reverse engineering, exploitation methods, virtual machines, and automatic classification systems. Danny holds a Ph.D. from the New Mexico Institute of Mining and Technology.