Howdy folks! It's the first Duo Tech Talk of 2018 and we have a great one to kick of the New Year with. Collin Mulliner (https://twitter.com/collinrm) will be coming up from NYC to share some new research he has been working on. If you're interested in understanding more about when and how your code is being reversed then Collin will be sharing some novel detection techniques to help you achieve just that.
This Tech Talk will not be recorded or streamed so if you like the sound of the abstract you're going to have to leave the warmth of your home and come share some of Duo's warmth in person.
Note: The talk will not be at the usual Duo office in Ann Arbor. It will be at our second A2 office at 130 S First St in our new venue space. Parking is available at any of the adjacent structures/lots.
Detecting Reverse Engineering with Canaries
Reverse engineering software is commonly done and has various goals such as finding vulnerabilities, learning about security mechanisms and countermeasures, and for general understanding and information extraction. Obviously all software will be reverse engineered at some point but you will never really find out. This talk is about detecting if your software is being reverse engineered. Software is complex and reverse engineering is hard. People will "cheat" and search the web for clues about your software. The idea behind this research is that this "cheating" can be detected. The idea is to embed canaries into binaries and application data to help detecting "reverse engineering" at the time when somebody searches the web for your tokens. In the talk we will discuss different ideas around this general idea and how this can be implemented. Finally we show how this can be used to detect different level of adversaries.
Collin Mulliner is a security researcher and software engineer and spends most of his time working on mobile and smart phones. Collin is interested in vulnerability analysis and offensive security as he believes that in order to understand defense you first have to understand offense. Collin received a Ph.D. from the Technische Universitaet Berlin in 2011, and a M.S. and B.S. in computer science from UC Santa Barbara and FH-Darmstadt. Lately Collin switched his focus to the defensive side to work on mitigations and countermeasures. Collin co-authored The Android Hacker’s Handbook.
Claim the event and start manage its content.I am the organizer