Dynamic Analysis Kung-Fu with PANDA presented at Recon 2014

by Brendan Dolan-gavitt,

Summary : We've created a new platform for doing dynamic analysis and reverse engineering on multiple architectures (all the ones QEMU supports as of version 1.0, in fact). It's based on QEMU, and combines a bunch of neat features that aren't currently found anywhere else, including translation to LLVM of binary code from many different architectures, deterministic record and replay, and Android app analysis. PANDA is open source, so everything I'll describe is something people can get their hands on and play with.