Presentation is loading. Please wait.

Presentation is loading. Please wait.

An external perspective.  Matt Miller  Consultant with Leviathan Security Group  Core developer for the Metasploit Framework  Uninformed Journal editor.

Published byDelphia Ferguson Modified over 8 years ago

Similar presentations

Presentation on theme: "An external perspective.  Matt Miller  Consultant with Leviathan Security Group  Core developer for the Metasploit Framework  Uninformed Journal editor."— Presentation transcript:

1 An external perspective

2  Matt Miller  Consultant with Leviathan Security Group  Core developer for the Metasploit Framework  Uninformed Journal editor & contributor

3  External project using Phoenix  Introduction to Cthulhu  High-level architecture overview  Cool features

4  Software optimization and analysis  Basis for future Microsoft compilers and tools  Robust and extensible architecture ◦ Plugins ◦ Phases

5  RDK/SDK not yet completely solidified ◦ Encapsulation can help here  API is feature rich but verbose ◦ No simplified wrapper  No solution for large-scale analysis ◦ LCTG is not enough

6  Static analysis encapsulation framework  Hobby project started in June, 2006  Written in C#  Goals ◦ Simplified interface ◦ Large-scale analysis ◦ Research sand box

7 Fundamentals Analysis Engine Peons Tools IDA Phoenix Control Flow Data Flow Rendering Analysis DB

8 Fundamentals Analysis Engine Peons Tools IDA Phoenix Control Flow Data Flow Rendering Analysis DB

9  Uses a fundamental to load assemblies  Runs phases ◦ Import ◦ Analyze ◦ Render  Peons register to be notified on certain events

10 Analysis Engine Phoenix Fundamental 1. Load Assembly DB Fundamentalist Peons Control Flow Data Flow 2. Assembly Loaded 4. Normalize Information 3. Import Event 5. Import Event Basic Types

11 Analysis Engine Database Fundamental 1. Load Assembly DB Analytical Peons Analytical Peons Path Discovery Leak Check 3. Assembly Loaded 5. Normalize and Denormalize Information 4. Analysis Event 6. Analysis Event 2. Denormalize Assembly Information

12 Analysis Engine Renderer Peons Renderer Peons Console GUI 1. Render DB 2. Denormalize Output Store Output Store 3. Display

13  Extensible and flexible way to represent binary information  May be used to support large-scale analysis ◦ Hundreds of modules ◦ More work needs to be done  Performance overhead is non-trivial ◦ Processing time is high ◦ Volatile memory usage is low

14 Simplified API Version-independent modeling Conceptual modeling

15 Assembly Module Data Type Method Module Data Type Method Module Data Type Method DB Abstract classes provide fundamental independence … … Concrete Implementations Phoenix

16 Modeling version independent relationships between assemblies in the database void CallExitProcess() { ExitProcess(0); } CallExitProcess 1 ExitProcess ExitProcess 1 ExitProcess 2 ExitProcess 3 ExitProcess 4 Appropriate versions can be selected at analysis time Call to generic kernel32!ExitProcess Distinct kernel32!ExitProcess versions related to generic

17 Universe VPN Client VPN Server Device Driver User Interface Daemon vpn.sys vpngui.exe dialogs.dll daemon.exe

18  Import and analyze large data sets ◦ All PE modules from Windows XP?  Improve database performance  Implement additional peons ◦ Leak Check  And the list goes on…

19  There is… ◦ A lot more to be said ◦ A lot of work left to do ◦ A lot of data to collect  Unfortunately, time is a factor  Questions?

Download ppt "An external perspective.  Matt Miller  Consultant with Leviathan Security Group  Core developer for the Metasploit Framework  Uninformed Journal editor."

Similar presentations

June, 2007 Petr Hamernik Extending Instant JChem 2.0 Architecture & API.

June, 2007 Petr Hamernik Extending Instant JChem 2.0 Architecture & API.
Tahir Nawaz Introduction to.NET Framework. .NET – What Is It? Software platform Language neutral In other words:.NET is not a language (Runtime and a.

Tahir Nawaz Introduction to.NET Framework. .NET – What Is It? Software platform Language neutral In other words:.NET is not a language (Runtime and a.
Copyright © 2002 W. A. Tucker1 Chapter 1 Lecture Notes Bill Tucker Austin Community College COSC 1315.

Copyright © 2002 W. A. Tucker1 Chapter 1 Lecture Notes Bill Tucker Austin Community College COSC 1315.
EXTENSIBILITY, SAFETY AND PERFORMANCE IN THE SPIN OPERATING SYSTEM B. Bershad, S. Savage, P. Pardyak, E. G. Sirer, D. Becker, M. Fiuczynski, C. Chambers,

EXTENSIBILITY, SAFETY AND PERFORMANCE IN THE SPIN OPERATING SYSTEM B. Bershad, S. Savage, P. Pardyak, E. G. Sirer, D. Becker, M. Fiuczynski, C. Chambers,
A software analysis framework built on Phoenix.  Matt Miller  Leviathan Security Group  Metasploit Framework  Uninformed Journal  Not a static analysis.

A software analysis framework built on Phoenix.  Matt Miller  Leviathan Security Group  Metasploit Framework  Uninformed Journal  Not a static analysis.
Technical Architectures

Technical Architectures
CS 501: Software Engineering Fall 2000 Lecture 16 System Architecture III Distributed Objects.

CS 501: Software Engineering Fall 2000 Lecture 16 System Architecture III Distributed Objects.
SWE Introduction to Software Engineering

SWE Introduction to Software Engineering
Figure 1.1 Interaction between applications and the operating system.

Figure 1.1 Interaction between applications and the operating system.
Chapter 1 Introduction to C Programming. 1.1 INTRODUCTION This book is about problem solving with the use of computers and the C programming language.

Chapter 1 Introduction to C Programming. 1.1 INTRODUCTION This book is about problem solving with the use of computers and the C programming language.
1 / 26 CS 425/625 Software Engineering Architectural Design Based on Chapter 11 of the textbook [SE-8] Ian Sommerville, Software Engineering, 8t h Ed.,

1 / 26 CS 425/625 Software Engineering Architectural Design Based on Chapter 11 of the textbook [SE-8] Ian Sommerville, Software Engineering, 8t h Ed.,
Functional Simulation Overview1 OpenTV PC Simulator.

Functional Simulation Overview1 OpenTV PC Simulator.
Chapter 10 Application Development. Chapter Goals Describe the application development process and the role of methodologies, models and tools Compare.

Chapter 10 Application Development. Chapter Goals Describe the application development process and the role of methodologies, models and tools Compare.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
Asst.Prof.Dr.Ahmet Ünveren 2014-2015 SPRING Computer Engineering Department Asst.Prof.Dr.Ahmet Ünveren 2014-2015 SPRING Computer Engineering Department.

Asst.Prof.Dr.Ahmet Ünveren SPRING Computer Engineering Department Asst.Prof.Dr.Ahmet Ünveren SPRING Computer Engineering Department.
What’s new for Rich Clients? Martin Parry Developer & Platform Group Microsoft Ltd

What’s new for Rich Clients? Martin Parry Developer & Platform Group Microsoft Ltd
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 11 Slide 1 Architectural Design.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 11 Slide 1 Architectural Design.
Introduction to Database using Microsoft Access 2013 Part 1 November 4, 2014.

Introduction to Database using Microsoft Access 2013 Part 1 November 4, 2014.
Automatic Software Testing Tool for Computer Networks ARD Presentation Adi Shachar Yaniv Cohen Dudi Patimer www.cs.bgu.ac.il/~adishach.

Automatic Software Testing Tool for Computer Networks ARD Presentation Adi Shachar Yaniv Cohen Dudi Patimer
.NET, and Service Gateways Group members: Andre Tran, Priyanka Gangishetty, Irena Mao, Wileen Chiu.

.NET, and Service Gateways Group members: Andre Tran, Priyanka Gangishetty, Irena Mao, Wileen Chiu.

Similar presentations

Ads by Google