Danny Quist & Valsmith: Covert Debugging: Circumventing Software Armoring Techniques - a podcast by Jeff Moss

Software armoring techniques have increasingly created problems for reverse engineers and software analysts. As protections such as packers, run-time obfuscators, virtual machine and debugger detectors become common newer methods must be developed to cope with them. In this talk we will present our covert debugging platform named Saffron. Saffron is based upon dynamic instrumentation techniques as well as a newly developed page fault assisted debugger. We show that the combination of these two techniques is effective in removing armoring from the most advanced software armoring systems. As a demonstration we will automatically remove packing protections from malware.

Further episodes of Black Hat Briefings, USA 2007 [Video] Presentations from the security conference.

Further podcasts by Jeff Moss

Website of Jeff Moss