Background: #fff
Foreground: #000
PrimaryPale: #8cf
PrimaryLight: #18f
PrimaryMid: #04b
PrimaryDark: #014
SecondaryPale: #ffc
SecondaryLight: #fe8
SecondaryMid: #db4
SecondaryDark: #841
TertiaryPale: #eee
TertiaryLight: #ccc
TertiaryMid: #999
TertiaryDark: #666
Error: #f88
/*{{{*/
body {background:[[ColorPalette::Background]]; color:[[ColorPalette::Foreground]];}

a {color:[[ColorPalette::PrimaryMid]];}
a:hover {background-color:[[ColorPalette::PrimaryMid]]; color:[[ColorPalette::Background]];}
a img {border:0;}

h1,h2,h3,h4,h5,h6 {color:[[ColorPalette::SecondaryDark]]; background:transparent;}
h1 {border-bottom:2px solid [[ColorPalette::TertiaryLight]];}
h2,h3 {border-bottom:1px solid [[ColorPalette::TertiaryLight]];}

.button {color:[[ColorPalette::PrimaryDark]]; border:1px solid [[ColorPalette::Background]];}
.button:hover {color:[[ColorPalette::PrimaryDark]]; background:[[ColorPalette::SecondaryLight]]; border-color:[[ColorPalette::SecondaryMid]];}
.button:active {color:[[ColorPalette::Background]]; background:[[ColorPalette::SecondaryMid]]; border:1px solid [[ColorPalette::SecondaryDark]];}

.header {background:[[ColorPalette::PrimaryMid]];}
.headerShadow {color:[[ColorPalette::Foreground]];}
.headerShadow a {font-weight:normal; color:[[ColorPalette::Foreground]];}
.headerForeground {color:[[ColorPalette::Background]];}
.headerForeground a {font-weight:normal; color:[[ColorPalette::PrimaryPale]];}

.tabSelected{color:[[ColorPalette::PrimaryDark]];
	background:[[ColorPalette::TertiaryPale]];
	border-left:1px solid [[ColorPalette::TertiaryLight]];
	border-top:1px solid [[ColorPalette::TertiaryLight]];
	border-right:1px solid [[ColorPalette::TertiaryLight]];
}
.tabUnselected {color:[[ColorPalette::Background]]; background:[[ColorPalette::TertiaryMid]];}
.tabContents {color:[[ColorPalette::PrimaryDark]]; background:[[ColorPalette::TertiaryPale]]; border:1px solid [[ColorPalette::TertiaryLight]];}
.tabContents .button {border:0;}

#sidebar {}
#sidebarOptions input {border:1px solid [[ColorPalette::PrimaryMid]];}
#sidebarOptions .sliderPanel {background:[[ColorPalette::PrimaryPale]];}
#sidebarOptions .sliderPanel a {border:none;color:[[ColorPalette::PrimaryMid]];}
#sidebarOptions .sliderPanel a:hover {color:[[ColorPalette::Background]]; background:[[ColorPalette::PrimaryMid]];}
#sidebarOptions .sliderPanel a:active {color:[[ColorPalette::PrimaryMid]]; background:[[ColorPalette::Background]];}

.wizard {background:[[ColorPalette::PrimaryPale]]; border:1px solid [[ColorPalette::PrimaryMid]];}
.wizard h1 {color:[[ColorPalette::PrimaryDark]]; border:none;}
.wizard h2 {color:[[ColorPalette::Foreground]]; border:none;}
.wizardStep {background:[[ColorPalette::Background]]; color:[[ColorPalette::Foreground]];
	border:1px solid [[ColorPalette::PrimaryMid]];}
.wizardStep.wizardStepDone {background::[[ColorPalette::TertiaryLight]];}
.wizardFooter {background:[[ColorPalette::PrimaryPale]];}
.wizardFooter .status {background:[[ColorPalette::PrimaryDark]]; color:[[ColorPalette::Background]];}
.wizard .button {color:[[ColorPalette::Foreground]]; background:[[ColorPalette::SecondaryLight]]; border: 1px solid;
	border-color:[[ColorPalette::SecondaryPale]] [[ColorPalette::SecondaryDark]] [[ColorPalette::SecondaryDark]] [[ColorPalette::SecondaryPale]];}
.wizard .button:hover {color:[[ColorPalette::Foreground]]; background:[[ColorPalette::Background]];}
.wizard .button:active {color:[[ColorPalette::Background]]; background:[[ColorPalette::Foreground]]; border: 1px solid;
	border-color:[[ColorPalette::PrimaryDark]] [[ColorPalette::PrimaryPale]] [[ColorPalette::PrimaryPale]] [[ColorPalette::PrimaryDark]];}

#messageArea {border:1px solid [[ColorPalette::SecondaryMid]]; background:[[ColorPalette::SecondaryLight]]; color:[[ColorPalette::Foreground]];}
#messageArea .button {color:[[ColorPalette::PrimaryMid]]; background:[[ColorPalette::SecondaryPale]]; border:none;}

.popupTiddler {background:[[ColorPalette::TertiaryPale]]; border:2px solid [[ColorPalette::TertiaryMid]];}

.popup {background:[[ColorPalette::TertiaryPale]]; color:[[ColorPalette::TertiaryDark]]; border-left:1px solid [[ColorPalette::TertiaryMid]]; border-top:1px solid [[ColorPalette::TertiaryMid]]; border-right:2px solid [[ColorPalette::TertiaryDark]]; border-bottom:2px solid [[ColorPalette::TertiaryDark]];}
.popup hr {color:[[ColorPalette::PrimaryDark]]; background:[[ColorPalette::PrimaryDark]]; border-bottom:1px;}
.popup li.disabled {color:[[ColorPalette::TertiaryMid]];}
.popup li a, .popup li a:visited {color:[[ColorPalette::Foreground]]; border: none;}
.popup li a:hover {background:[[ColorPalette::SecondaryLight]]; color:[[ColorPalette::Foreground]]; border: none;}
.popup li a:active {background:[[ColorPalette::SecondaryPale]]; color:[[ColorPalette::Foreground]]; border: none;}
.popupHighlight {background:[[ColorPalette::Background]]; color:[[ColorPalette::Foreground]];}
.listBreak div {border-bottom:1px solid [[ColorPalette::TertiaryDark]];}

.tiddler .defaultCommand {font-weight:bold;}

.shadow .title {color:[[ColorPalette::TertiaryDark]];}

.title {color:[[ColorPalette::SecondaryDark]];}
.subtitle {color:[[ColorPalette::TertiaryDark]];}

.toolbar {color:[[ColorPalette::PrimaryMid]];}
.toolbar a {color:[[ColorPalette::TertiaryLight]];}
.selected .toolbar a {color:[[ColorPalette::TertiaryMid]];}
.selected .toolbar a:hover {color:[[ColorPalette::Foreground]];}

.tagging, .tagged {border:1px solid [[ColorPalette::TertiaryPale]]; background-color:[[ColorPalette::TertiaryPale]];}
.selected .tagging, .selected .tagged {background-color:[[ColorPalette::TertiaryLight]]; border:1px solid [[ColorPalette::TertiaryMid]];}
.tagging .listTitle, .tagged .listTitle {color:[[ColorPalette::PrimaryDark]];}
.tagging .button, .tagged .button {border:none;}

.footer {color:[[ColorPalette::TertiaryLight]];}
.selected .footer {color:[[ColorPalette::TertiaryMid]];}

.sparkline {background:[[ColorPalette::PrimaryPale]]; border:0;}
.sparktick {background:[[ColorPalette::PrimaryDark]];}

.error, .errorButton {color:[[ColorPalette::Foreground]]; background:[[ColorPalette::Error]];}
.warning {color:[[ColorPalette::Foreground]]; background:[[ColorPalette::SecondaryPale]];}
.lowlight {background:[[ColorPalette::TertiaryLight]];}

.zoomer {background:none; color:[[ColorPalette::TertiaryMid]]; border:3px solid [[ColorPalette::TertiaryMid]];}

.imageLink, #displayArea .imageLink {background:transparent;}

.annotation {background:[[ColorPalette::SecondaryLight]]; color:[[ColorPalette::Foreground]]; border:2px solid [[ColorPalette::SecondaryMid]];}

.viewer .listTitle {list-style-type:none; margin-left:-2em;}
.viewer .button {border:1px solid [[ColorPalette::SecondaryMid]];}
.viewer blockquote {border-left:3px solid [[ColorPalette::TertiaryDark]];}

.viewer table, table.twtable {border:2px solid [[ColorPalette::TertiaryDark]];}
.viewer th, .viewer thead td, .twtable th, .twtable thead td {background:[[ColorPalette::SecondaryMid]]; border:1px solid [[ColorPalette::TertiaryDark]]; color:[[ColorPalette::Background]];}
.viewer td, .viewer tr, .twtable td, .twtable tr {border:1px solid [[ColorPalette::TertiaryDark]];}

.viewer pre {border:1px solid [[ColorPalette::SecondaryLight]]; background:[[ColorPalette::SecondaryPale]];}
.viewer code {color:[[ColorPalette::SecondaryDark]];}
.viewer hr {border:0; border-top:dashed 1px [[ColorPalette::TertiaryDark]]; color:[[ColorPalette::TertiaryDark]];}

.highlight, .marked {background:[[ColorPalette::SecondaryLight]];}

.editor input {border:1px solid [[ColorPalette::PrimaryMid]];}
.editor textarea {border:1px solid [[ColorPalette::PrimaryMid]]; width:100%;}
.editorFooter {color:[[ColorPalette::TertiaryMid]];}

#backstageArea {background:[[ColorPalette::Foreground]]; color:[[ColorPalette::TertiaryMid]];}
#backstageArea a {background:[[ColorPalette::Foreground]]; color:[[ColorPalette::Background]]; border:none;}
#backstageArea a:hover {background:[[ColorPalette::SecondaryLight]]; color:[[ColorPalette::Foreground]]; }
#backstageArea a.backstageSelTab {background:[[ColorPalette::Background]]; color:[[ColorPalette::Foreground]];}
#backstageButton a {background:none; color:[[ColorPalette::Background]]; border:none;}
#backstageButton a:hover {background:[[ColorPalette::Foreground]]; color:[[ColorPalette::Background]]; border:none;}
#backstagePanel {background:[[ColorPalette::Background]]; border-color: [[ColorPalette::Background]] [[ColorPalette::TertiaryDark]] [[ColorPalette::TertiaryDark]] [[ColorPalette::TertiaryDark]];}
.backstagePanelFooter .button {border:none; color:[[ColorPalette::Background]];}
.backstagePanelFooter .button:hover {color:[[ColorPalette::Foreground]];}
#backstageCloak {background:[[ColorPalette::Foreground]]; opacity:0.6; filter:'alpha(opacity:60)';}
/*}}}*/
/*{{{*/
* html .tiddler {height:1%;}

body {font-size:.75em; font-family:arial,helvetica; margin:0; padding:0;}

h1,h2,h3,h4,h5,h6 {font-weight:bold; text-decoration:none;}
h1,h2,h3 {padding-bottom:1px; margin-top:1.2em;margin-bottom:0.3em;}
h4,h5,h6 {margin-top:1em;}
h1 {font-size:1.35em;}
h2 {font-size:1.25em;}
h3 {font-size:1.1em;}
h4 {font-size:1em;}
h5 {font-size:.9em;}

hr {height:1px;}

a {text-decoration:none;}

dt {font-weight:bold;}

ol {list-style-type:decimal;}
ol ol {list-style-type:lower-alpha;}
ol ol ol {list-style-type:lower-roman;}
ol ol ol ol {list-style-type:decimal;}
ol ol ol ol ol {list-style-type:lower-alpha;}
ol ol ol ol ol ol {list-style-type:lower-roman;}
ol ol ol ol ol ol ol {list-style-type:decimal;}

.txtOptionInput {width:11em;}

#contentWrapper .chkOptionInput {border:0;}

.externalLink {text-decoration:underline;}

.indent {margin-left:3em;}
.outdent {margin-left:3em; text-indent:-3em;}
code.escaped {white-space:nowrap;}

.tiddlyLinkExisting {font-weight:bold;}
.tiddlyLinkNonExisting {font-style:italic;}

/* the 'a' is required for IE, otherwise it renders the whole tiddler in bold */
a.tiddlyLinkNonExisting.shadow {font-weight:bold;}

#mainMenu .tiddlyLinkExisting,
	#mainMenu .tiddlyLinkNonExisting,
	#sidebarTabs .tiddlyLinkNonExisting {font-weight:normal; font-style:normal;}
#sidebarTabs .tiddlyLinkExisting {font-weight:bold; font-style:normal;}

.header {position:relative;}
.header a:hover {background:transparent;}
.headerShadow {position:relative; padding:4.5em 0em 1em 1em; left:-1px; top:-1px;}
.headerForeground {position:absolute; padding:4.5em 0em 1em 1em; left:0px; top:0px;}

.siteTitle {font-size:3em;}
.siteSubtitle {font-size:1.2em;}

#mainMenu {position:absolute; left:0; width:10em; text-align:right; line-height:1.6em; padding:1.5em 0.5em 0.5em 0.5em; font-size:1.1em;}

#sidebar {position:absolute; left:835px; width:16em; font-size:.9em;}
#sidebarOptions {padding-top:0.3em;}
#sidebarOptions a {margin:0em 0.2em; padding:0.2em 0.3em; display:block;}
#sidebarOptions input {margin:0.4em 0.5em;}
#sidebarOptions .sliderPanel {margin-left:1em; padding:0.5em; font-size:.85em;}
#sidebarOptions .sliderPanel a {font-weight:bold; display:inline; padding:0;}
#sidebarOptions .sliderPanel input {margin:0 0 .3em 0;}
#sidebarTabs .tabContents {width:15em; overflow:hidden;}

.wizard {padding:0.1em 1em 0em 2em;}
.wizard h1 {font-size:2em; font-weight:bold; background:none; padding:0em 0em 0em 0em; margin:0.4em 0em 0.2em 0em;}
.wizard h2 {font-size:1.2em; font-weight:bold; background:none; padding:0em 0em 0em 0em; margin:0.4em 0em 0.2em 0em;}
.wizardStep {padding:1em 1em 1em 1em;}
.wizard .button {margin:0.5em 0em 0em 0em; font-size:1.2em;}
.wizardFooter {padding:0.8em 0.4em 0.8em 0em;}
.wizardFooter .status {padding:0em 0.4em 0em 0.4em; margin-left:1em;}
.wizard .button {padding:0.1em 0.2em 0.1em 0.2em;}

#messageArea {position:fixed; top:2em; right:0em; margin:0.5em; padding:0.5em; z-index:2000; _position:absolute;}
.messageToolbar {display:block; text-align:right; padding:0.2em 0.2em 0.2em 0.2em;}
#messageArea a {text-decoration:underline;}

.tiddlerPopupButton {padding:0.2em 0.2em 0.2em 0.2em;}
.popupTiddler {position: absolute; z-index:300; padding:1em 1em 1em 1em; margin:0;}

.popup {position:absolute; z-index:300; font-size:.9em; padding:0; list-style:none; margin:0;}
.popup .popupMessage {padding:0.4em;}
.popup hr {display:block; height:1px; width:auto; padding:0; margin:0.2em 0em;}
.popup li.disabled {padding:0.4em;}
.popup li a {display:block; padding:0.4em; font-weight:normal; cursor:pointer;}
.listBreak {font-size:1px; line-height:1px;}
.listBreak div {margin:2px 0;}

.tabset {padding:1em 0em 0em 0.5em;}
.tab {margin:0em 0em 0em 0.25em; padding:2px;}
.tabContents {padding:0.5em;}
.tabContents ul, .tabContents ol {margin:0; padding:0;}
.txtMainTab .tabContents li {list-style:none;}
.tabContents li.listLink { margin-left:.75em;}

#contentWrapper {display:block;}
#splashScreen {display:none;}

#displayArea {margin:1em 17em 0em 14em;}

.toolbar {text-align:right; font-size:.9em;}

.tiddler {padding:1em 1em 0em 1em;}

.missing .viewer,.missing .title {font-style:italic;}

.title {font-size:1.6em; font-weight:bold;}

.missing .subtitle {display:none;}
.subtitle {font-size:1.1em;}

.tiddler .button {padding:0.2em 0.4em;}

.tagging {margin:0.5em 0.5em 0.5em 0; float:left; display:none;}
.isTag .tagging {display:block;}
.tagged {margin:0.5em; float:right;}
.tagging, .tagged {font-size:0.9em; padding:0.25em;}
.tagging ul, .tagged ul {list-style:none; margin:0.25em; padding:0;}
.tagClear {clear:both;}

.footer {font-size:.9em;}
.footer li {display:inline;}

.annotation {padding:0.5em; margin:0.5em;}

* html .viewer pre {width:99%; padding:0 0 1em 0;}
.viewer {line-height:1.4em; padding-top:0.5em;}
.viewer .button {margin:0em 0.25em; padding:0em 0.25em;}
.viewer blockquote {line-height:1.5em; padding-left:0.8em;margin-left:2.5em;}
.viewer ul, .viewer ol {margin-left:0.5em; padding-left:1.5em;}

.viewer table, table.twtable {border-collapse:collapse; margin:0.8em 1.0em;}
.viewer th, .viewer td, .viewer tr,.viewer caption,.twtable th, .twtable td, .twtable tr,.twtable caption {padding:3px;}
table.listView {font-size:0.85em; margin:0.8em 1.0em;}
table.listView th, table.listView td, table.listView tr {padding:0px 3px 0px 3px;}

.viewer pre {padding:0.5em; margin-left:0.5em; font-size:1.2em; line-height:1.4em; overflow:auto;}
.viewer code {font-size:1.2em; line-height:1.4em;}

.editor {font-size:1.1em;}
.editor input, .editor textarea {display:block; width:100%; font:inherit;}
.editorFooter {padding:0.25em 0em; font-size:.9em;}
.editorFooter .button {padding-top:0px; padding-bottom:0px;}

.fieldsetFix {border:0; padding:0; margin:1px 0px 1px 0px;}

.sparkline {line-height:1em;}
.sparktick {outline:0;}

.zoomer {font-size:1.1em; position:absolute; overflow:hidden;}
.zoomer div {padding:1em;}

* html #backstage {width:99%;}
* html #backstageArea {width:99%;}
#backstageArea {display:none; position:relative; overflow: hidden; z-index:150; padding:0.3em 0.5em 0.3em 0.5em;}
#backstageToolbar {position:relative;}
#backstageArea a {font-weight:bold; margin-left:0.5em; padding:0.3em 0.5em 0.3em 0.5em;}
#backstageButton {display:none; position:absolute; z-index:175; top:0em; right:0em;}
#backstageButton a {padding:0.1em 0.4em 0.1em 0.4em; margin:0.1em 0.1em 0.1em 0.1em;}
#backstage {position:relative; width:100%; z-index:50;}
#backstagePanel {display:none; z-index:100; position:absolute; margin:0em 3em 0em 3em; padding:1em 1em 1em 1em;}
.backstagePanelFooter {padding-top:0.2em; float:right;}
.backstagePanelFooter a {padding:0.2em 0.4em 0.2em 0.4em;}
#backstageCloak {display:none; z-index:20; position:absolute; width:100%; height:100px;}

.whenBackstage {display:none;}
.backstageVisible .whenBackstage {display:block;}
/*}}}*/
/***
StyleSheet for use when a translation requires any css style changes.
This StyleSheet can be used directly by languages such as Chinese, Japanese and Korean which use a logographic writing system and need larger font sizes.
***/

/*{{{*/
body {font-size:0.8em;}

#sidebarOptions {font-size:1.05em;}
#sidebarOptions a {font-style:normal;}
#sidebarOptions .sliderPanel {font-size:0.95em;}

.subtitle {font-size:0.8em;}

.viewer table.listView {font-size:0.95em;}

.htmlarea .toolbarHA table {border:1px solid ButtonFace; margin:0em 0em;}
/*}}}*/
/*{{{*/
@media print {
#mainMenu, #sidebar, #messageArea, .toolbar, #backstageButton {display: none ! important;}
#displayArea {margin: 1em 1em 0em 1em;}
/* Fixes a feature in Firefox 1.5.0.2 where print preview displays the noscript content */
noscript {display:none;}
}
/*}}}*/
<!--{{{-->
<div class='header' macro='gradient vert [[ColorPalette::PrimaryLight]] [[ColorPalette::PrimaryMid]]'>
<div class='headerShadow'>
<span class='siteTitle' refresh='content' tiddler='SiteTitle'></span>&nbsp;
<span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'></span>
</div>
<div class='headerForeground'>
<span class='siteTitle' refresh='content' tiddler='SiteTitle'></span>&nbsp;
<span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'></span>
</div>
</div>
<div id='mainMenu' refresh='content' tiddler='MainMenu'></div>
<div id='sidebar'>
<div id='sidebarOptions' refresh='content' tiddler='SideBarOptions'></div>
<div id='sidebarTabs' refresh='content' force='true' tiddler='SideBarTabs'></div>
</div>
<div id='displayArea'>
<div id='messageArea'></div>
<div id='tiddlerDisplay'></div>
</div>
<!--}}}-->
<!--{{{-->
<div class='toolbar' macro='toolbar closeTiddler closeOthers +editTiddler > fields syncing permalink references jump'></div>
<div class='title' macro='view title'></div>
<div class='subtitle'><span macro='view modifier link'></span>, <span macro='view modified date'></span> (<span macro='message views.wikified.createdPrompt'></span> <span macro='view created date'></span>)</div>
<div class='tagging' macro='tagging'></div>
<div class='tagged' macro='tags'></div>
<div class='viewer' macro='view text wikified'></div>
<div class='tagClear'></div>
<!--}}}-->
<!--{{{-->
<div class='toolbar' macro='toolbar +saveTiddler -cancelTiddler deleteTiddler'></div>
<div class='title' macro='view title'></div>
<div class='editor' macro='edit title'></div>
<div macro='annotations'></div>
<div class='editor' macro='edit text'></div>
<div class='editor' macro='edit tags'></div><div class='editorFooter'><span macro='message views.editor.tagPrompt'></span><span macro='tagChooser'></span></div>
<!--}}}-->
To get started with this blank TiddlyWiki, you'll need to modify the following tiddlers:
* SiteTitle & SiteSubtitle: The title and subtitle of the site, as shown above (after saving, they will also appear in the browser title bar)
* MainMenu: The menu (usually on the left)
* DefaultTiddlers: Contains the names of the tiddlers that you want to appear when the TiddlyWiki is opened
You'll also need to enter your username for signing your edits: <<option txtUserName>>
These InterfaceOptions for customising TiddlyWiki are saved in your browser

Your username for signing your edits. Write it as a WikiWord (eg JoeBloggs)

<<option txtUserName>>
<<option chkSaveBackups>> SaveBackups
<<option chkAutoSave>> AutoSave
<<option chkRegExpSearch>> RegExpSearch
<<option chkCaseSensitiveSearch>> CaseSensitiveSearch
<<option chkAnimate>> EnableAnimations

----
Also see AdvancedOptions
Daniel Jackson and Eugene J. Rollins
School of Computer Science
Carnegie Mellon University

!!!Abstract

A dependence model for reverse engineering should treat procedures
in a modular fashion and should be fine-grained, distinguishing
dependences that are due to different variables.
The program dependence graph (PDG) satisfies neither of
these criteria. We present a new form of dependence graph
that satisfies both, while retaining the advantages of the PDG:
it is easy to construct and allows program slicing to be implemented
as a simple graph traversal. We define ‘chopping’, a
generalization of slicing that can express most of its variants,
and show that, using our dependence graph, it produces more
accurate results than algorithms based directly on the PDG.

!!!Notes

This describes the program slicing algorithm available in BAP.

[[download|ref/A New Model of Program Dependences for Reverse Engineering.pdf]]
Mila Dalla Preda
Dipartimento di Informatica,
University of Verona,
Strada le Grazie 15, 37134 Verona, Italy.
dallapre@sci.univr.it

Mihai Christodorescu and Somesh Jha
Department of Computer Science,
University of Wisconsin, Madison, WI
53706, USA.
{mihai,jha}@cs.wisc.edu

Saumya Debray
Department of Computer Science,
University of Arizona, Tucson, AZ
85721, USA.
debray@cs.arizona.edu

!!!Abstract

Malware detection is a crucial aspect of software security. Current 
malware detectors work by checking for “signatures,” which
attempt to capture (syntactic) characteristics of the machine-level
byte sequence of the malware. This reliance on a syntactic approach
makes such detectors vulnerable to code obfuscations, increasingly
used by malware writers, that alter syntactic properties of the 
malware byte sequence without significantly affecting their execution
behavior.

This paper takes the position that the key to malware identification 
lies in their semantics. It proposes a semantics-based framework 
for reasoning about malware detectors and proving properties
such as soundness and completeness of these detectors. Our 
approach uses a trace semantics to characterize the behaviors of
malware as well as the program being checked for infection, and uses
abstract interpretation to “hide” irrelevant aspects of these 
behaviors. As a concrete application of our approach, we show that the
semantics-aware malware detector proposed by Christodorescu et al. 
is complete with respect to a number of common obfuscations used
by malware writers.

!!!Notes

...

[[download|ref/A Semantics-Based Approach to Malware Detection.pdf]]
!!!Abstract

Sorry, no abstract yet.

!!!Notes

...

[[download|ref/A Smart Fuzzer for x86 Executables.pdf]]
!!!Abstract

Sorry, no abstract yet.

!!!Notes

...

[[download|ref/A Survey of Program Slicing Techniques.pdf]]
<<options>>
!!!Abstract

Sorry, no abstract yet.

!!!Notes

...

[[download|ref/Analysis and Defense of Vulnerabilities in Binary Code.pdf]]
!!!Abstract

Sorry, no abstract yet.

!!!Notes

...

[[download|ref/Automated Synthesis of Symbolic Instruction Encodings from IO Samples.pdf]]
!!!Abstract

Sorry, no abstract yet.

!!!Notes

...

[[download|ref/Automated Whitebox Fuzz Testing.pdf]]
!!!Abstract

Sorry, no abstract yet.

!!!Notes

...

[[download|ref/Automatic Generation of Control Flow Hijacking Exploits for Software Vulnerabilities.pdf]]
!!!Abstract

Sorry, no abstract yet.

!!!Notes

...

[[download|ref/Automatic Partial Loop Summarization in Dynamic Test Generation.pdf]]
!!!Abstract

Sorry, no abstract yet.

!!!Notes

...

[[download|ref/Automatic Patch-Based Exploit Generation is Possible - Techniques and Implications.pdf]]
!!!Abstract

Sorry, no abstract yet.

!!!Notes

...

[[download|ref/Automatic Reverse Engineering of Data Structures from Binary Execution.pdf]]
!!!Abstract

Sorry, no abstract yet.

!!!Notes

...

[[download|ref/Binary Rewriting without Relocation Information.pdf]]
Richard Johnson
rjohnson@moflow.org
@richinseattle

Richard Johnson is a computer security specialist in the area of software vulnerability
analysis.  Richard currently fills the role of Research Manager for Cisco Talos in
charge of vulnerability discovery, triage, and mitigation research, offering 15 years of
expertise and leadership in the software security industry.  Current responsibilities
include research on exploitation technologies and automation of the vulnerability triage
and discovery process.  Previous areas of security research and tool development include
program execution tracing, taint analysis, fuzzing strategies, memory management
hardening, compiler mitigations, disassembler and debugger design, and software
visualization.  Richard has released public code for binary integrity monitoring,
program debugging, and reverse engineering and has presented annually at top-tier
industry conferences worldwide for over a decade.  Richard is also a co-founder of the
Uninformed Journal.

Specialties: Vulnerability Discovery, Triage and Mitigation. Reverse Engineering.
Eugene Rodionov
Aleksandr Matrosov

!!!Abstract
This is a presentation from Recon 2012

!!!Notes
This discusses the design and implementation of a bootkit

[[download|ref/Bootkit Threats - In Depth Reverse Engineering and Defense.pdf]]
!!!Abstract

Sorry, no abstract yet.

!!!Notes

...

[[download|ref/Chopping - A Generalization of Slicing.pdf]]
!!!Abstract

Sorry, no abstract yet.

!!!Notes

...

[[download|ref/Code-Reuse Attacks - New Frontiers and Defenses [bletsch].pdf]]
!!!Abstract

Sorry, no abstract yet.

!!!Notes

...

[[download|ref/Creating Vulnerability Signatures Using Weakest Preconditions.pdf]]
!!!Abstract

Sorry, no abstract yet.

!!!Notes

...

[[download|ref/DART - Directed Automated Random Testing.pdf]]
Roberto Paleari
Doctor of Philosophy in Computer Science
Universita degli Studi di Milano

!!!Abstract

Malicious programs are a serious problem that threatens the security of billions
of Internet users. Today's malware authors are motivated by the easy nancial
gain they can obtain by selling on the underground market the information stolen
from the infected hosts. To maximize their prot, miscreants continuously im-
prove their creations to make them more and more resilient against anti-malware
solutions. This increasing sophistication in malicious code led to next-generation
malware, a new class of threats that exploit the limitations of state-of-the-art
anti-malware products to bypass security protections and eventually evade de-
tection. Unfortunately, current anti-malware technologies are inadequate to face
next-generation malware. For this reason, in this dissertation we propose novel
techniques to address the shortcomings of defensive technologies and to enhance
current state-of-the-art security solutions.

!!!Notes
This is the dissertation from the developer of hyperdbg. It discusses the architecture of hyperdbg along with some mitigation ideas

[[download|ref/Dealing with next-generation malware.pdf]]
!!!Abstract

Sorry, no abstract yet.

!!!Notes

...

[[download|ref/Debugging Tech Guide Dev.pdf]]
[[Bio]]
[[Research]]
!!!Abstract

Sorry, no abstract yet.

!!!Notes

...

[[download|ref/Deriving Input Syntactic Structure From Execution.pdf]]
!!!Abstract

Sorry, no abstract yet.

!!!Notes

...

[[download|ref/Developing Applications With Objective Caml.pdf]]
!!!Abstract

Sorry, no abstract yet.

!!!Notes

...

[[download|ref/Dynamic Taint Analysis and Forward Symbolic Execution.pdf]]
!!!Abstract

Sorry, no abstract yet.

!!!Notes

...

[[download|ref/Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software.pdf]]
!!!Abstract

Sorry, no abstract yet.

!!!Notes

...

[[download|ref/Dynamic Test Generation for Large Binary Programs.pdf]]
!!!Abstract

Sorry, no abstract yet.

!!!Notes

...

[[download|ref/Dytan - A Generic Dynamic Taint Analysis Framework.pdf]]
!!!Abstract

Sorry, no abstract yet.

!!!Notes

...

[[download|ref/EXE - A System for Automatically Generating Inputs of Death Using Symbolic Execution.pdf]]
!!!Abstract

Sorry, no abstract yet.

!!!Notes

...

[[download|ref/Enabling Sophisticated Analyses of x86 Binaries with RevGen.pdf]]
!!!Abstract

Sorry, no abstract yet.

!!!Notes

...

[[download|ref/Experiences with Model Inference Assisted Fuzzing.pdf]]
!!!Abstract

Sorry, no abstract yet.

!!!Notes

...

[[download|ref/Flayer - Exposing Application Internals.pdf]]
!!!Abstract

Sorry, no abstract yet.

!!!Notes

...

[[download|ref/Following the White Rabbit - Software attacks against Intel VT-d technology.pdf]]
!!!Abstract

Sorry, no abstract yet.

!!!Notes

...

[[download|ref/Generating Test Data with Enhanced Context Free Grammars.pdf]]
!!!Abstract

Sorry, no abstract yet.

!!!Notes

...

[[download|ref/Grammar-Based Specification and Parsing of Binary File Formats.pdf]]
!!!Abstract

Sorry, no abstract yet.

!!!Notes

...

[[download|ref/Grammar-based Whitebox Fuzzing.pdf]]
!!!Abstract

Sorry, no abstract yet.

!!!Notes

...

[[download|ref/IDA PLUG-IN WRITING IN C and C++.pdf]]
!!!Abstract

Sorry, no abstract yet.

!!!Notes

...

[[download|ref/IDA_Pro_Shortcuts.pdf]]
!!!Abstract

Sorry, no abstract yet.

!!!Notes

...

[[download|ref/IntScope - Automatically Detecting Integer Overflow Vulnerability in X86 Binary Using Symbolic Execution.pdf]]
!!!Abstract

Sorry, no abstract yet.

!!!Notes

...

[[download|ref/Introduction to OCaml.pdf]]
!!!Abstract

Sorry, no abstract yet.

!!!Notes

...

[[download|ref/Jump-Oriented Programming - A New Class of Code-Reuse Attack.pdf]]
!!!Abstract

Sorry, no abstract yet.

!!!Notes

...

[[download|ref/LZfuzz - a fast compression-based fuzzer for poorly documentd protocols.pdf]]
Aenean eros arcu, condimentum nec, dapibus ut, tincidunt sit amet, urna. Quisque viverra, eros sed imperdiet iaculis, est risus facilisis quam, id malesuada arcu nulla luctus urna. Nullam et est. Vestibulum velit sem, faucibus cursus, dapibus vestibulum, pellentesque et, urna. Donec luctus. Donec lectus. Aliquam eget eros facilisis tortor feugiat sollicitudin. Integer lobortis vulputate sapien. Sed iaculis erat ac nunc. Etiam eu enim. Mauris ipsum urna, rhoncus at, bibendum sit amet, euismod eget, dolor. Mauris fermentum quam vitae ligula. Vestibulum in libero feugiat justo dictum consectetuer. Vestibulum euismod purus eget elit. Nunc sed massa porta elit bibendum posuere. Nunc pulvinar justo sit amet odio. In sed est. Phasellus ornare elementum nulla. Nulla ipsum neque, cursus a, viverra a, imperdiet at, enim. Quisque facilisis, diam sed accumsan suscipit, odio arcu hendrerit dolor, quis aliquet massa nulla nec sem.
!heading 1
!!heading 2
!!!heading3
----
<<tag button>>
This is a link to a [[StyleSheet]] tiddler.

> This is a blockquote
> This is a blockquote
> This is a blockquote
|>|>| !This is a header |h
|column1|column2|column3|
|row2| row2 |row2|
|column1|column2|column3|
|row2| row2 |row2|
|column1|column2|column3|
|row2| row2 |row2|
[[Bio]]
[[Research]]
[[Reference Library]]
!!!Abstract

Sorry, no abstract yet.

!!!Notes

...

[[download|ref/Metsploit Unleashed.pdf]]
!!!Abstract

Sorry, no abstract yet.

!!!Notes

...

[[download|ref/Packed, Printable, and Polymorphic Return-Oriented Programming.pdf]]
<div id='header' class='header' macro='gradient vert   #555555       #3b3b3b '>
        <div class='siteTitle' refresh='content' tiddler='SiteTitle'></div>
        <span id='topMenu' refresh='content' tiddler='MainMenu'></span>
</div>

<div id='sidebar'>
<div id='sidebarOptions' refresh='content' tiddler='SideBarOptions'></div>
<div id='sidebarTabs' refresh='content' force='true' tiddler='SideBarTabs'></div>
</div>
<div id='displayArea'>
<div id='messageArea'></div>
<div id='tiddlerDisplay'></div>
</div>
<!--}}}-->
!!!Abstract

Sorry, no abstract yet.

!!!Notes

...

[[download|ref/Polyglot - Automatic Extraction of Protocol Message Format using Dynamic Binary Analysis.pdf]]
!!!Abstract

Sorry, no abstract yet.

!!!Notes

...

[[download|ref/Prospex - Protocol Specification Extraction.pdf]]
!!!Abstract

Sorry, no abstract yet.

!!!Notes

...

[[download|ref/Python arsenal for RE.pdf]]
!!!Abstract

Sorry, no abstract yet.

!!!Notes

...

[[download|ref/Q - Exploit Hardening Made Easy.pdf]]
!!!Abstract

Sorry, no abstract yet.

!!!Notes

...

[[download|ref/REIL - A platform-independent intermediate representation of disassembled code for static code analysis.pdf]]
!!!Abstract

Sorry, no abstract yet.

!!!Notes

...

[[download|ref/RWset - Attacking Path Explosion in Constraint-Based Test Generation.pdf]]
!!!Program Analysis
[[A New Model of Program Dependences for Reverse Engineering]]
[[A Survey of Program Slicing Techniques]]
[[Analysis and Defense of Vulnerabilities in Binary Code]]
[[Automated Synthesis of Symbolic Instruction Encodings from IO Samples]]
[[Automatic Partial Loop Summarization in Dynamic Test Generation]]
[[Automatic Reverse Engineering of Data Structures from Binary Execution]]
[[Binary Rewriting without Relocation Information]]
[[BitShred - Feature Hashing Malware for Scalable Triage and Semantic Analysis]]
[[Chopping - A Generalization of Slicing]]
[[Creating Vulnerability Signatures Using Weakest Preconditions]]
[[Deriving Input Syntactic Structure From Execution]]
[[Dynamic Taint Analysis and Forward Symbolic Execution]]
[[Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software]]
[[Dytan - A Generic Dynamic Taint Analysis Framework]]
[[Enabling Sophisticated Analyses of x86 Binaries with RevGen]]
[[IntScope - Automatically Detecting Integer Overflow Vulnerability in X86 Binary Using Symbolic Execution]]
[[Undangle - Early Detection of Dangling Pointers in Use-After-Free]]
[[Polyglot - Automatic Extraction of Protocol Message Format using Dynamic Binary Analysis]]
[[Prospex - Protocol Specification Extraction]]
[[REIL - A platform-independent intermediate representation of disassembled code for static code analysis]]
[[Retrofitting Security in COTS Software with Binary Rewriting]]
[[RWset - Attacking Path Explosion in Constraint-Based Test Generation]]
[[Theory and Techniques for Automatic Generation of Vulnerability-Based Signatures]]
[[TIE - Principled Reverse Engineering of Types in Binary Programs]]

!!!Fuzzing
[[A Smart Fuzzer for x86 Executables]]
[[Automated Whitebox Fuzz Testing]]
[[Automatic Patch-Based Exploit Generation is Possible - Techniques and Implications]]
[[DART - Directed Automated Random Testing]]
[[Dynamic Test Generation for Large Binary Programs]]
[[EXE - A System for Automatically Generating Inputs of Death Using Symbolic Execution]]
[[Experiences with Model Inference Assisted Fuzzing]]
[[Flayer - Exposing Application Internals]]
[[Generating Test Data with Enhanced Context Free Grammars]]
[[Grammar-Based Specification and Parsing of Binary File Formats]]
[[Grammar-based Whitebox Fuzzing]]
[[LZfuzz - a fast compression-based fuzzer for poorly documentd protocols]]
[[Symbolic Execution Algorithms for Test Generation]]
[[Symbolic Execution for Software Testing in Practice - Preliminary Assessment]]

!!!Exploitation
[[Automatic Generation of Control Flow Hijacking Exploits for Software Vulnerabilities]]
[[Code-Reuse Attacks - New Frontiers and Defenses [bletsch]]]
[[Following the White Rabbit - Software attacks against Intel VT-d technology]]
[[Jump-Oriented Programming - A New Class of Code-Reuse Attack]]
[[Packed, Printable, and Polymorphic Return-Oriented Programming]]
[[Q - Exploit Hardening Made Easy]]
[[Return-Oriented Programming without Returns]]
[[String Oriented Programming]]

!!!Malware 
[[A Semantics-Based Approach to Malware Detection]]
[[Bootkit Threats - In Depth Reverse Engineering and Defense]]
[[Dealing with next-generation malware]]
[[Renovo - A Hidden Code Extractor for Packed Executables]]
[[SplitScreen - Enabling Efficient, Distributed Malware Detection]]

!!! Mitigations
[[Smashing the Gadgets - Hindering Return-Oriented Programming Using In-Place Code Randomization]]

!!! Unsorted
[[Debugging Tech Guide Dev]]
[[Developing Applications With Objective Caml]]
[[IDA PLUG-IN WRITING IN C and C++]]
[[IDA_Pro_Shortcuts]]
[[Introduction to OCaml]]
[[Metsploit Unleashed]]
[[Python arsenal for RE]]
[[The CLASP Application Security Process]]

Min Gyung Kang, Pongsin Poosankam, and Heng Yin
Carnegie Mellon University
5000 Forbes Avenue
Pittsburgh, Pennsylvania 15213
{mgkang@, ppoosank@, hyin@ece.}cmu.edu

!!!Abstract

As reverse engineering becomes a prevalent technique to 
analyze malware, malware writers leverage various anti-reverse
engineering techniques to hide their code. One technique
commonly used is code packing as packed executables 
hinder code analysis. While this problem has been previously
researched, the existing solutions are either unable to handle
novel samples, or vulnerable to various evasion techniques.
In this paper, we propose a fully dynamic approach that 
captures an intrinsic nature of hidden code execution that the
original code should be present in memory and executed at
some point at run-time. Thus, this approach monitors 
program execution and memory writes at run-time, determines
if the code under execution is newly generated, and then
extracts the hidden code of the executable. To demonstrate
its effectiveness, we implement a system, Renovo, and 
evaluate it with a large number of real-world malware samples.
The experiments show that Renovo is accurate compared to
previous work, yet practical in terms of performance.

!!!Notes

...

[[download|ref/Renovo - A Hidden Code Extractor for Packed Executables.pdf]]
The following presentations have been given publicly.

Related code can be found at:
 https://github.com/moflow
 https://github.com/intelpt
 https://github.com/richinseattle
 https://github.com/talos-vulndev
<html>
      <hr size=1>
      <br>
<b>
Evolutionary Kernel Fuzzing
</b>
      <br>
Black Hat, Las Vegas, USA, July 2017
      <br>
      <a href="Presentations/Evolutionary Kernel Fuzzing-BH2017-rjohnson-FINAL.pdf">pdf</a>
      <br>
      <br>
      <hr size=1>


<b>
Harnessing Intel Processor Trace on Windows for Vulnerability Discovery
</b>
      <br>
Hack in the Box, Amsterdam, Netherlands, April 2017
      <br>
CanSecWest, Vancouver, Canada, March 2017
      <br>
Recon BRX, Brussels, Belgium, February 2017 
      <br>
Hushcon, Seattle, Washington, December 2016 
      <br>
Countermeasure, Ottowa, Canada, November 2016 
      <br>
Blue Hat, Seattle, Washington, November 2016 
      <br>
Ruxcon, Melbourne, Australia, October 2016 
      <br>
      <a href="Presentations/Harnessing Intel Processor Trace on Windows for Vulnerability Discovery - rjohnson.pdf">pdf</a>
      <a href="https://github.com/intelpt">code</a>
      <br>
      <br>
      <hr size=1>

<b>
Go Speed Tracer
</b>
      <br>
Recon, Montreal, Canada, June 2016
      <br>
Toorcamp Seattle, Washington, June 2016 
      <br>
Hack In The Box, Amsterdam, Netherlands, May 2016 
      <br>
      <a href="Presentations/Go Speed Tracer v2 - rjohnson.pdf">pdf</a>
      <a href="https://www.youtube.com/watch?v=MPv8LcUoGVE">video (HITB)</a>
      <a href="https://www.youtube.com/watch?v=oWKDaD9wrWo">video (REcon)</a>
      <br>
      <br>
      <hr size=1>

<b>
High Performance Fuzzing
</b>
      <br>
Hushcon, Seattle, Washington, December 2015 
      <br>
PacSec, Tokyo, Japan, Nov 2015 
      <br>
Ruxcon, Melbourne, Austrlia, October 2015 
      <br>
B-Sides Knoxville, Knoxville, Tennessee, May 2015 
      <br>
InfoSec Southwest, Austin, Texas, April 2015 
      <br>
      <a href="Presentations/High%20Performance%20Fuzzing.pdf">pdf</a>
      <a href="https://www.youtube.com/watch?v=Di74wGAHysA">video</a>
      <br>
      <br>
      <hr size=1>

<b>
Fuzzing and Patch Analysis - SAGEly Advice
</b>
      <br>
NoSuchCon, Paris, France, November 2014
      <br>
Hack In The Box, Kuala Lumpur, Malaysia, October 2014
      <br>
Recon, Montreal, Canada, June 2014
      <br>
Shakacon, Hawaii, June 2014 
      <br>
      <a href="Presentations/Fuzzing%20and%20Patch%20Analysis%20-%20SAGEly%20Advice.pdf">pdf</a>
      <a href="https://www.youtube.com/watch?v=Xt5A2jEgDVU">video (REcon)</a>
      <a href="https://www.youtube.com/watch?v=VVTWbEZi3ac">video (NoSuchCon)</a>
      <br>
      <br>
      <hr size=1>

<b>
Taint Nobody Got Time for Crash Analysis
</b>
      <br>
Recon, Montreal, Canada, June 2013 
      <br>
Summercon, New York City, New York, June 2013 
      <br>
NoSuchCon, Paris, France, May 2013 
      <br>
InfoSec Southwest, Austin, Texas, March 2013 
      <br>
      <a href="Presentations/Taint%20Nobody%20Got%20Time%20for%20Crash%20Analysis%20-%20slides.pdf">pdf</a>
      <br>
      <br>
      <hr size=1>

<b>
Improving Software Security with Dynamic Binary Instrumentation
</b>
      <br>
SOURCE, Seattle, Washington, June 2011      
      <br>
InfoSec Southwest, Austin, Texas, March 2012
      <br>
      <a href="Presentations/Improving Software Security with Dynamic Binary Instrumentation.pptx">pptx</a>
      <br>
      <br>
      <hr size=1>

<b>
Razorback Framework
</b>
      <br>
Gigacon, Warsaw, Poland, September 2011
      <br>
Internet Security Days, Bruehl, Germany, September 2011
      <br>
      <a href="Presentations/Razorback Framework - rjohnson.pptx">pptx</a>
      <br>
      <br>
      <hr size=1>

<b>
A Castle Made of Sand: Adobe Reader X Sandbox
</b>
      <br>
Hackito Ergo Sum, Paris, France, April 2011
CanSecWest, Vancouver, B.C. Canada, March 2011
      <br>
      <a href="Presentations/A Castle Made of Sand - HES final.pptx">pptx</a> (minor update) 
      <br>
      <br>
      <hr size=1>

<b>
Harder, Better, Faster, Stronger: Semi-Auto Vulnerability Research 
</b>
      <br>
Blue Hat, Redmond, Washington, October 2010
      <br>
Black Hat USA, Las Vegas, Nevada, August 2010
      <br>
      <a href="Presentations/Harder, Better, Faster, Stronger - slides.pptx">slides</a> 
      <a href="Presentations/Harder, Better, Faster, Stronger - paper.pdf">paper</a>
      <a href="http://www.youtube.com/watch?v=qMds-mMxozg">video</a>
      <br>
      <br>
      <hr size=1>

<b>
Visualizing Software Security
</b>
      <br>
Blue Hat, Redmond, Washington, October 2008
      <br>
VizSec, Cambridge, Massasschusetts, September 2008
      <br>
      <a href="Presentations/200809 VizSec - Visualizing Software Security/Visualizing Software Security.pptx">pptx</a>
      <br>
      <br>
      <hr size=1>

<b>
Fast n Furious Transforms
</b>
      <br>
Toorcon Seattle, Seattle, Washington, April 2008
      <br>
      <a href="Presentations/200804 Toorcon - Fast n Furious Transforms/Fast n Furious Transforms.pdf">pdf</a> <a href="Presentations/200804 Toorcon - Fast n Furious Transforms/Fast n Furious Transforms.pptx">pptx</a>
      <br>
      <br>
      <hr size=1>

<b>
AutoHacking with Phoenix Enabled Data Flow Analysis
</b>
      <br>
Toorcon 9, San Diego, California, October 2007
      <br>
      <a href="Presentations/200710 Toorcon - AutoHacking with Phoenix Enabled Data Flow Analysis/AutoHacking with Phoenix Enabled Data Flow Analysis.pdf">pdf</a> <a href="Presentations/200710 Toorcon - AutoHacking with Phoenix Enabled Data Flow Analysis/AutoHacking with Phoenix Enabled Data Flow Analysis.pptx">pptx</a>
      <br>
      <br>
      <hr size=1>

<b>
Logical Fuzzing
</b>
      <br>
VNSECON, Ho Chi Minh, Vietnam, August 2007
      <br>
      <a href="Presentations/200708 VNSECON - Logical Fuzzing/Logical Fuzzing.pdf">pdf</a> <a href="Presentations/200708 VNSECON - Logical Fuzzing/Logical Fuzzing.pptx">pptx</a>
      <br>
      <br>
      <hr size=1>

<b>
Memory Allocator Attack and Defense
</b>
      <br>
Toorcon Seattle, Seattle, Washington, May 2007
      <br>
      <a href="Presentations/200705 Toorcon - Memory Allocator Attack and Defense/richardj - Memory Allocator Attack and Defense.pptx">pptx</a>
      <br>
      <br>
      <hr size=1>

<b>
Windows Vista: Exploitation Countermeasures
</b>
      <br>
EuSecWest, London, England, March 2007
      <br>
Toorcon 8, San Diego, California, September 2006
      <br>
      <a href="Presentations/200703 EuSecWest - Windows Vista Exploitation Countermeasures/rjohnson - Windows Vista Exploitation Countermeasures.ppt">ppt</a>
      <br>
      <br>
      <hr size=1>

<b>
Disassembler Internals II
</b>
      <br>
22nd Chaos Communication Congress, Berlin, Germany, December 2005
      <br>
      <a href="Presentations/200512 CCC - Disassembler Internals II/Disassembler Internals II.pdf">pdf</a> <a href="Presentations/200512 CCC - Disassembler Internals II/codis.tar.gz">codis.tar.gz</a> <a href="Presentations/200512 CCC - Disassembler Internals II/idastruct.tar.gz">idastruct.tar.gz</a> <a href="Presentations/200509 Toorcon - Disassembler Internals I/codis.png">codis.png</a>
      <br>
      <br>
      <hr size=1>

<b>
x86 Disassembler Internals
</b>
      <br>
Toorcon 7, San Diego, California, September 2005
      <br>
      <a href="Presentations/200509 Toorcon - Disassembler Internals I/rjohnson-x86_disassembler_internals.pdf">pdf</a> <a href="Presentations/200509 Toorcon - Disassembler Internals I/codis.tar.gz">codis.tar.gz</a> <a href="Presentations/200509 Toorcon - Disassembler Internals I/codis.png">codis screenshot</a>
      <br>
      <br>
      <hr size=1>

<b>
Automated Debugging and Process Analysis
</b>
      <br>
Interz0ne IV, Atlanta, Georgia, March 2005
      <br>
      <a href="Presentations/200504 Interz0ne - Automated Debugging and Process Analysis/Automated Debugging and Process Analysis.pdf">pdf</a> <a href="Presentations/200504 Interz0ne - Automated Debugging and Process Analysis/dltrace-0.5.tar.bz2">dltrace-0.5.tar.bz2</a> <a href="Presentations/200504 Interz0ne - Automated Debugging and Process Analysis/index.html">dltrace.README</a>
      <br>
      <br>
      <hr size=1>

<b>
Hooking the Linux ELF Loader
</b>
      <br>
Toorcon 6, San Diego, California, October 2004
      <br>
      <a href="Presentations/200409 Toorcon - Hooking the Linux ELF Loader/hooking_the_linux_ELF_loader.pdf">pdf</a> <a href="Presentations/200409 Toorcon - Hooking the Linux ELF Loader/index.html">md5verify</a>
      <br>
      <br>
      <hr size=1>

<b>
A Comparison of Buffer Overflow Prevention Implementations and Weaknesses
</b>
      <br>
Black Hat USA, Las Vegas, Nevada, July 2004
      <br>
Defcon 12, Las Vegas, Nevada, July 2004
      <br>
      <a href="Presentations/200407 Black Hat - A Comparison of Buffer Overflow Prevention Implementations and Weaknesses/Buffer_Overflow_Prevention.ppt">pdf</a> <a href="Presentations/200407 Black Hat - A Comparison of Buffer Overflow Prevention Implementations and Weaknesses/avtp.tar.gz">avtp.tar.gz</a> <a href="Presentations/200407 Black Hat - A Comparison of Buffer Overflow Prevention Implementations and Weaknesses/index.htm">avtp.README</a>
      <br>
      <br>
      <hr size=1>

<b>
Advanced Shellcode Implementations
</b>
      <br>
Interz0ne III, Atlanta, Georgia, April 2004 
      <br>
      <a href="#">pdf</a>
      <br>
      <hr size=1>
</html>
!!!Abstract

Sorry, no abstract yet.

!!!Notes

...

[[download|ref/Retrofitting Security in COTS Software with Binary Rewriting.pdf]]
!!!Abstract

Sorry, no abstract yet.

!!!Notes

...

[[download|ref/Return-Oriented Programming without Returns.pdf]]
<<tabs txtMainTab "Tags" "All tags" TabTags "Timeline" "Timeline" TabTimeline "All" "All tiddlers" TabAll  "More" "More lists" TabMore>>
software security workflow
.: moflow :.
Vasilis Pappas
Columbia University
vpappas@cs.columbia.edu

Michalis Polychronakis
Columbia University
mikepo@cs.columbia.edu

Angelos D. Keromytis
Columbia University
angelos@cs.columbia.edu

!!!Abstract

The wide adoption of non-executable page protections in 
recent versions of popular operating systems has given
rise to attacks that employ return-oriented programming (ROP)
to achieve arbitrary code execution without the injection of
any code. Existing defenses against ROP exploits either require
source code or symbolic debugging information, or impose a
significant runtime overhead, which limits their applicability for
the protection of third-party applications.
In this paper we present in-place code randomization, a
practical mitigation technique against ROP attacks that can
be applied directly on third-party software. Our method uses
various narrow-scope code transformations that can be applied
statically, without changing the location of basic blocks, allowing
the safe randomization of stripped binaries even with partial
disassembly coverage. These transformations effectively eliminate
about 10%, and probabilistically break about 80% of the useful
instruction sequences found in a large set of PE files. Since no
additional code is inserted, in-place code randomization does
not incur any measurable runtime overhead, enabling it to be
easily used in tandem with existing exploit mitigations such
as address space layout randomization. Our evaluation using
publicly available ROP exploits and two ROP code generation
toolkits demonstrates that our technique prevents the exploitation
of the tested vulnerable Windows 7 applications, including Adobe
Reader, as well as the automated construction of alternative ROP
payloads that aim to circumvent in-place code randomization
using solely any remaining unaffected instruction sequences.

!!!Notes

...

[[download|ref/Smashing the Gadgets - Hindering Return-Oriented Programming Using In-Place Code Randomization.pdf]]
Sang Kil Cha, Iulian Moraru, Jiyong Jang, John Truelove, David Brumley, David G. Andersen
Carnegie Mellon University, Pittsburgh, PA
fsangkilc, jiyongjg@cmu.edu, fimoraru, dbrumley, dgag@cs.cmu.edu jtruelove@ll.mit.edu

!!!Abstract

We present the design and implementation of a novel
anti-malware system called SplitScreen. SplitScreen 
performs an additional screening step prior to the 
signature matching phase found in existing approaches. 
The screening step filters out most non-infected files (90%)
and also identifies malware signatures that are not of 
interest (99%). The screening step significantly improves
end-to-end performance because safe files are quickly
identified and are not processed further, and malware
files can subsequently be scanned using only the signatures 
that are necessary. Our approach naturally leads to
a network-based anti-malware solution in which clients
only receive signatures they needed, not every malware
signature ever created as with current approaches. We
have implemented SplitScreen as an extension to 
ClamAV [13], the most popular open source anti-malware
software. For the current number of signatures, our 
implementation is 2 faster and requires 2 less memory
than the original ClamAV. These gaps widen as the 
number of signatures grows.

!!!Notes

...

[[download|ref/SplitScreen - Enabling Efficient, Distributed Malware Detection.pdf]]
!!!Abstract

Sorry, no abstract yet.

!!!Notes

...

[[download|ref/String Oriented Programming.pdf]]
/*{{{*/
/*Monochrome Theme for TiddlyWiki*/
/*Design and CSS by Saq Imtiaz*/
/*Version 1.0*/
/*}}}*/
/*{{{*/

body {
   background: #3B3B3B; 
   color: #C3C3C3;
   font: 12px Verdana, Helvetica, sans-serif;
   width: 1024px;
}

#header {padding: 0em 0em 0em 0em; background:transparent;	font-family: arial,helvetica; font-size:12px;
 }

.siteTitle {
padding-top:5px;
float:left;
font-family: 'Trebuchet MS' sans-serif;
font-weight: bold;
font-size: 32px;
color: #ccc; margin-right:2em;margin-left:0.5em;
}

#topMenu br {display:none;}
#topMenu a, #topMenu .tiddlyLink, #topMenu .button {margin:0em; color:#666; padding:15px 15px 10px 15px;padding-top:1.6em;border:none; border-right: 1px solid #666;float:left;}
#topMenu {border-left: 1px solid #666;  float:left;margin:0;}
#topMenu a:hover {color:#ccc; background:#3b3b3b;}

#displayArea {margin-left:1.35em; margin-right:17.65em; margin-top:0.5em; padding-top:1em; padding-bottom:10px;}

.tiddler {background:#454545; margin-bottom:20px; padding:1em 2em 1em 2em;}

a, a:hover{
color:#fff;
text-decoration: none; background:transparent;
}

.viewer a, .viewer a:hover{border-bottom:1px dotted #fff; font-weight:normal;}

.viewer .button, .editorFooter .button{
color: #fff;
border: 1px solid #fff;
}

.viewer .button:hover,
.editorFooter .button:hover, .viewer .button:active, .viewer .highlight,.editorFooter .button:active, .editorFooter .highlight{
color: #fff;
background: #3B3B3B;
border-color: #3B3B3B;
}

.title {color:#ccc; font-family:'Lucida Grande', Verdana, Sans-Serif; font-size:1.5em;
}

.subtitle, .subtitle a { color: #777; font-size: 0.95em;margin:0.2em;}
.shadow .title{color:#777;}

.toolbar {font-size:90%;}
.selected .toolbar a {color:#666;border:0;}
.selected .toolbar a:hover {color:#999; background:transparent;border:0;}

.toolbar .button:hover, .toolbar .highlight, .toolbar .marked, .toolbar a.button:active{color:#666;border:0; background:transparent;border:0;}

.tagging, .tagged {
border: 1px solid #555;
background-color: 	#444;
}

.selected .tagging, .selected .tagged {
background-color: 	#3B3B3B;
border: 1px solid #666;
}

.tagging .listTitle, .tagged .listTitle {
color: #666;
}

.selected .tagging .listTitle, .selected .tagged .listTitle {
color: #aaa;
}

.tagging .button, .tagged .button {
color:		#838383;
}
.selected .tagging .button, .selected .tagged .button {
color:#c3c3c3;
}

.highlight, .marked {background:transparent; color:#111; border:none; text-decoration:underline;}

.tagging .button:hover, .tagged .button:hover, .tagging .button:active, .tagged .button:active {
border: none; background:transparent; text-decoration:underline; color:#333;
}

#sidebarOptions {margin-top:1em;}
#sidebar {margin-right:1.35em;}

#sidebarTabs .tabContents {	
	font-family: arial,helvetica;}

#sidebarOptions a, #sidebarOptions a:hover{border:none;color:#666;}
#sidebarOptions a:hover, #sidebarOptions a:active {background:#454545; color:#ccc;}
#sidebarTabs .tabContents {background:#454545;border:0px solid #666; border-right:1px solid #454545;}
#sidebarOptions input {background:#ccc; border:1px solid #666;}

#sidebarTabs .tabContents .tiddlyLink, #sidebarTabs .tabContents .button{color:#666;font-weight:normal;}
#sidebarTabs .tabContents .tiddlyLink:hover, #sidebarTabs .tabContents .button:hover {color:#ccc; background:transparent;}
.listTitle {color:#777;}

#sidebarTabs .tabSelected,#sidebarTabs .tabSelected:hover{background:#454545;border:none;color:#ccc; border:1px solid #454545;}
#sidebarTabs .tabUnselected{background:#3B3B3B; border:1px solid #454545; color:#666;}

   #sidebarTabs .txtMoreTab .tabSelected,
   #sidebarTabs .txtMoreTab .tab:hover,
   #sidebarTabs .txtMoreTab .tabContents{
color: #ccc;
background: #3B3B3B; border:1px solid #3B3B3B;
}

   #sidebarTabs .txtMoreTab .tabUnselected {

color: #777; border:1px solid #3B3B3B;
background: #454545;
}


#sidebarTabs .tabContents .button:hover, #sidebarTabs .tabContents .highlight, #sidebarTabs .tabContents .marked, #sidebarTabs .tabContents a.button:active{color:#ccc; background:transparent;}

   #sidebarOptions .sliderPanel {
background: #454545; font-size: .9em;
}

#sidebarOptions .sliderPanel input {border:1px solid #666; background:#ccc;}
#sidebarOptions .sliderPanel .txtOptionInput {border:1px solid #666;width:9em;}

#sidebarOptions .sliderPanel a {font-weight:normal; color:#666;background-color: #454545; border-bottom:1px dotted #333;}

#sidebarOptions .sliderPanel a:hover {
color:#ccc;
background-color: #454545;
border:none;
border-bottom:1px dotted #111;
}

.popup {
background: #3B3B3B;
border: 1px solid #454545;
}

.popup li.disabled {
color: #000;
}

.popup li a, .popup li a:visited {
color: #777;
border: none;
}

.popup li a:hover {
background: #3b3b3b;
color: #c3c3c3;
border: none;
}
.popup hr {
	color: #777;
	background: #777;
	border-bottom: 1px;
}

.listBreak div{
	border-bottom: 1px solid #777;
}

#messageArea {
border: 4px dotted #ccc;
background: #454545;
color: #777;
font-size:90%;
}

#messageArea .button{

color: #3B3B3B;
background:#ccc;
border: 1px solid #ccc;
}

#messageArea .button:hover {

color: #ccc;
background: #3B3B3B;
border-color: #3B3B3B;
}

.viewer blockquote {
border-left: 5px solid 		#3B3B3B; background:#3B3B3B
}

.viewer table, .viewer td {
border: 1px solid 	#2E2E2E;
}

.viewer th, thead td {
background: #3B3B3B;
border: 1px solid #3B3B3B;
color: #ccc;
}
.viewer pre {
border: 1px solid #3b3b3b;
background: #5F5F5F;
}

.viewer code {
color: #c3c3c3; background:#5f5f5f;
}

.viewer hr {
border-top: dashed 1px #222; margin:0 1em;
}

.editor input {
border: 1px solid #ccc; margin-top:5px;
}

.editor textarea {
border: 1px solid #ccc;
}

h1,h2,h3,h4,h5 { color: 		#9c9c9c; background: transparent; padding-bottom:2px; font-family: Arial, Helvetica, sans-serif; }
h1 {font-size:18px;}
h2 {font-size:16px;}
h3 {font-size: 14px;}
!!!Abstract

Sorry, no abstract yet.

!!!Notes

...

[[download|ref/Symbolic Execution Algorithms for Test Generation.pdf]]
!!!Abstract

Sorry, no abstract yet.

!!!Notes

...

[[download|ref/Symbolic Execution for Software Testing in Practice - Preliminary Assessment.pdf]]
!!!Abstract

Sorry, no abstract yet.

!!!Notes

...

[[download|ref/TIE - Principled Reverse Engineering of Types in Binary Programs.pdf]]
!!!Abstract

Sorry, no abstract yet.

!!!Notes

...

[[download|ref/The CLASP Application Security Process.pdf]]
!!!Abstract

Sorry, no abstract yet.

!!!Notes

...

[[download|ref/Theory and Techniques for Automatic Generation of Vulnerability-Based Signatures.pdf]]
!!!Abstract

Sorry, no abstract yet.

!!!Notes

...

[[download|ref/Undangle - Early Detection of Dangling Pointers in Use-After-Free.pdf]]