This is mostly a cross-post from Nahuel’s blog.
Almost ten days ago, on June 16th 2012, my friend Nahuel Riva and I presented our first talk ever at RECon, in Montréal, Québec, Canada.
Our talk was titled “Dynamic Binary Instrumentation frameworks: I know you’re there spying on me“, and we presented about 20 techniques to detect if our code if being instrumented with a DBI-based tool, focusing on Pin, Intel’s DBI framework.
Some highlights from our experience at RECon:
- Montréal is a fantastic city. Delicious food, great beer, very nice people and a huge music festival: Les FrancoFolies!
- RECon conference was great. Top-level talks. RECon is THE reverse engineering conference, period.
- Our talk (our first talk ever at a conference!) went fine. The minutes before our talk we were nervous, but fortunately that feeling disappeared as soon as we put our feet on the speaker’s platform.
You can find the slides for our talk here . During our talk we have released a tool called eXait (the eXtensible Anti Instrumentation Tester), a benchmark-like tool to test all the anti-instrumentation techniques we’ve discussed during our presentation. You can download eXait (source+binaries) here.
UPDATE: Here are a couple of blog posts by other people reviewing talks from RECon, including our talk:
As usual, let me start this write up by saying thank you to my teammates, NCR and Archie!
In the Beast challenge of the SecuInside CTF 2012, we were presented with the following web page:
Note that I’ve added in red color the name of the fields for convenience.
The source code of this page was available:
In the Grab Bag 400 challenge of Defcon 20 CTF Prequals 2012 we had the following mission: “What is Jeff Moss’ checking account balance?“, and we were provided with a user and a password:
- User: blacksheep
- Password: luvMeSomeSheep
So we were presented with the following fake bank website:
So Defcon 20 CTF Prequals 2012 has finished! As in PlaidCTF, I’d like to say thank you to my teammate, Archie!
Let’s start with the Forensics 300 writeup.
The description of the challenge was just “Please get my key back!“, and we were provided with a file named for300-47106ef450c4d70ae95212b93f11d05d.
Let’s start examining the file:
francisco@sherminator:~/Downloads$ file for300-47106ef450c4d70ae95212b93f11d05d