Ryan MacArthur (iSIGHT Partners)

Leveraging MSR's for Fun and for Profit

I will introduce the audience to MSR's, how they have been abused in the past, and what role they play today. Then I will get into leveraging MSR's to do our bidding, including the following: 1) A small amount of assembly to detect ALL virtualization/emulation environments 2) How to implement a stealthy and low-latency execution tracer, win32 I will demo the use of these live, successfully tracing PE's that employ anti-tracing techniques.

Sobre Ryan MacArthur

Neophyte security researcher who has a penchant for booze. Tinkerer that has spiraled down into the kernel. Visionary Street Fighter IV player. I've no impressive list of CVE's and no string of acronyms after my name. Mere dwarf standing on the shoulders of giants. I've researched automated malware analysis while getting my masters in security informatics from Johns Hopkins. I then joined Symantec as a malware analyst where I reverse engineered malware and file formats to aid in detection of exploits. After that I joined iSIGHT Partners Lab to build/break things for our customers.

« volver a Speakers