Title:
Malware capability reverse engineering via coordination with symbolic analysis

Thumbnail Image
Author(s)
Hill, Brennan
Authors
Advisor(s)
Saltaformaggio, Brendan D.
Advisor(s)
Editor(s)
Associated Organization(s)
Series
Supplementary to
Abstract
A key feature of cyber attack investigations is to quickly understand the capabilities and payloads of malware so proper countermeasures can be adopted. Unfortunately, due to a lack of execution insight, current techniques for exposing these capabilities are prohibitively limited. Enter FORSEE, a tool developed by CyFI Lab researchers that leverages memory image forensics and symbolic analysis to quickly and efficiently discover capabilities in malware. FORSEE uses the concrete execution state extracted from a malware's memory to explore potential execution paths starting from the point of capture. By coordinating their analysis with FORSEE, malware analysts can simplify and accelerate their reverse engineering efforts. Similar to this use case, the work presented in this thesis coordinates the symbolic analysis from FORSEE with reverse engineering to assess FORSEE's effectiveness and assist in future development.
Sponsor
Date Issued
2018-12-07
Extent
Resource Type
Text
Resource Subtype
Thesis
Rights Statement
Rights URI