Nguyen Anh Quynh
Nguyen Anh Quynh is a security researcher. His interests include Operating System, Virtual machine, computer forensic and malware analysis. In the past years, he has published papers, and presented his works in various academic and industrial conferences all around the
world. Quynh holds a PhD degree in Computer Science, and is a member of VnSecurity group.
Opticode: machine code deobfuscation for malware analysts
Speakers: Nguyen Anh Quynh
Modern malware use a lot of obfuscation techniques to make its code more difficult to understand for malware analysts, with the hope of preventing attempts to reverse engineer their codes. Unfortunately, malware analysts are still reversing such nasty codes manually since there are no reliable tools to help with this problem.
OptiCode is the answer to this headache. Our tool combines theorem prover and compiler techniques to automatically find and remove the obfuscated sections, then presents the cleaned code to the users. Available as a Web-based tool and IDA plugin, OptiCode is user-friendly, and supports both 32-bit and 64-bit Intel platforms.
In this talk, we will analyze some obfuscation techniques in use by malware, and introduce the design and implementation of OptiCode. Some cool demo will be presented, so the audience can see how OptiCode works in reality.