Tweet
Cesare Pizzi - Old Malware, New tools: Ghidra and Commodore 64, why understanding old malicious software still matters
Cesare Pizzi,Hacker,He/Him
Presentation Title: Old Malware, New tools: Ghidra and Commodore 64, why understanding old malicious software still matters
Length of presentation: 45 minutes
Tool
Why looking into a 30 years old "malicious" software make sense in 2022? Because this little "jewels", written in a bunch of bytes, reached a level of complexity surprisingly high. With no other reason than pranking people or show off technical knowledge, this software show how much you can do with very limited resources: this is inspiring for us, looking at modern malicious software, looking at how things are done and how the same things could have been done instead.
SPEAKER BIO
Cesare Pizzi is a Security Researcher, Analyst, and Technology Enthusiast at Sorint.lab.
He develops software and hardware, and tries to share this with the community. Mainly focused on low level programming, he develops and contributes to OpenSource software (Volatility, OpenCanary, Cetus, etc), sometimes hardware related (to interface some real world devices) sometimes not. Doing a lot of reverse engineering too, so he feels confident in both "breaking" and "building" (may be more on breaking?).
Twitter: @red5heep
Github: https://github.com/cecio/
REFERENCES
Existing analysis of several viruses:
https://codebase64.org/doku.php?id=base:viruslist
BHP Virus analysis by Peter Ferrie:
http://pferrie.epizy.com/papers/bhp.pdf?i=1
1541 Disk Structure:
http://unusedino.de/ec64/technical/formats/d64.html
Commodore memory maps:
https://sta.c64.org/cbm64mem.html
https://sta.c64.org/cbm1541mem.html
Kernal func mapping:
https://sta.c64.org/cbm64krnfunc.html
Ghidra plugin:
https://github.com/zeroKilo/C64LoaderWV
Cesare Pizzi,Hacker,He/Him
Presentation Title: Old Malware, New tools: Ghidra and Commodore 64, why understanding old malicious software still matters
Length of presentation: 45 minutes
Tool
Why looking into a 30 years old "malicious" software make sense in 2022? Because this little "jewels", written in a bunch of bytes, reached a level of complexity surprisingly high. With no other reason than pranking people or show off technical knowledge, this software show how much you can do with very limited resources: this is inspiring for us, looking at modern malicious software, looking at how things are done and how the same things could have been done instead.
SPEAKER BIO
Cesare Pizzi is a Security Researcher, Analyst, and Technology Enthusiast at Sorint.lab.
He develops software and hardware, and tries to share this with the community. Mainly focused on low level programming, he develops and contributes to OpenSource software (Volatility, OpenCanary, Cetus, etc), sometimes hardware related (to interface some real world devices) sometimes not. Doing a lot of reverse engineering too, so he feels confident in both "breaking" and "building" (may be more on breaking?).
Twitter: @red5heep
Github: https://github.com/cecio/
REFERENCES
Existing analysis of several viruses:
https://codebase64.org/doku.php?id=base:viruslist
BHP Virus analysis by Peter Ferrie:
http://pferrie.epizy.com/papers/bhp.pdf?i=1
1541 Disk Structure:
http://unusedino.de/ec64/technical/formats/d64.html
Commodore memory maps:
https://sta.c64.org/cbm64mem.html
https://sta.c64.org/cbm1541mem.html
Kernal func mapping:
https://sta.c64.org/cbm64krnfunc.html
Ghidra plugin:
https://github.com/zeroKilo/C64LoaderWV