Announcement

Collapse
No announcement yet.

Cesare Pizzi - Old Malware, New tools: Ghidra and Commodore 64, why understanding old malicious...

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cesare Pizzi - Old Malware, New tools: Ghidra and Commodore 64, why understanding old malicious...

    Cesare Pizzi - Old Malware, New tools: Ghidra and Commodore 64, why understanding old malicious software still matters


    Cesare Pizzi,Hacker,He/Him

    Presentation Title: Old Malware, New tools: Ghidra and Commodore 64, why understanding old malicious software still matters
    Length of presentation: 45 minutes
    Tool

    Why looking into a 30 years old "malicious" software make sense in 2022? Because this little "jewels", written in a bunch of bytes, reached a level of complexity surprisingly high. With no other reason than pranking people or show off technical knowledge, this software show how much you can do with very limited resources: this is inspiring for us, looking at modern malicious software, looking at how things are done and how the same things could have been done instead.

    SPEAKER BIO
    Cesare Pizzi is a Security Researcher, Analyst, and Technology Enthusiast at Sorint.lab.
    He develops software and hardware, and tries to share this with the community. Mainly focused on low level programming, he develops and contributes to OpenSource software (Volatility, OpenCanary, Cetus, etc), sometimes hardware related (to interface some real world devices) sometimes not. Doing a lot of reverse engineering too, so he feels confident in both "breaking" and "building" (may be more on breaking?).




    Twitter: @red5heep
    Github: https://github.com/cecio/





    REFERENCES
    Existing analysis of several viruses:
    https://codebase64.org/doku.php?id=base:viruslist

    BHP Virus analysis by Peter Ferrie:
    http://pferrie.epizy.com/papers/bhp.pdf?i=1

    1541 Disk Structure:
    http://unusedino.de/ec64/technical/formats/d64.html

    Commodore memory maps:
    https://sta.c64.org/cbm64mem.html
    https://sta.c64.org/cbm1541mem.html

    Kernal func mapping:
    https://sta.c64.org/cbm64krnfunc.html

    Ghidra plugin:
    https://github.com/zeroKilo/C64LoaderWV
Working...
X