“Well, you have to… The image translators work for the construct program. But there’s way too much information to decode the Matrix…”Let’s run with that. From malware to firmware, memory dumps to steganography, we face an arduous task: making sense of mountains of data, millions of pages of hex. Traditional starting points are file headers and signatures, but anti-RE has become the norm, and conventional approaches prove increasingly useless. We can’t hack what we can’t understand, we can’t fix what we can’t see, and we can’t analyze what we can’t find. We need a new way to sift through data, an efficient means of finding a needle in a haystack. Introducing ‘visual’ RE with ..cantor.dust.., a breakthrough interactive visualization tool for rapid binary analysis. By translating binary information to visual abstractions, the reverser can comb through megabytes of arbitrary data in seconds, analyzing based on image patterns rather than byte sequences. Even previously unseen instruction sets and data formats can be easily located and understood through their visual fingerprint. Whether searching for exploitable code, stealthy malware, cryptographic keys, or network anomalies, these radical new visual translation techniques will dramatically accelerate the analysis process for security investigators of all backgrounds.

Christopher Domas

Chris is an embedded systems engineer and cyber security researcher, focused on low level hardware and software RE and exploitation. He currently works in the National Security Division of the Battelle Memorial Institute.
 

Back to Derbycon 2012 video list