FTFY: The Addictive Game of Mending Malware Misbehavior with flare-qdb and Vivisect presented at BSidesKnoxville 2017

by Michael Bailey,

Summary : flare-qdb is a Python CLI and library for observing and manipulating native software execution. It is also the gateway drug that led me down the path to excessive and highly pleasurable abuse of the Vivisect library. I'll discuss and demonstrate using flare-qdb and Vivisect to solve CTF challenges, turn a backdoor into a docile CLI string decoder, and unpack the PowerDuke backdoor that APT29 used against the DNC. To get a preview, check out tinyurl.com/flare-qdb-intro.