Tweet
Title: XenoboxX - Hardware Sandbox Toolkit
Presenter: Cesare Pizzi
Co-Presenter:
Location: W307
Day,Time: Fri Aug 9 , 2PM - 3:45PM
Audience: Defense, Forensic, Hardware, Reverse Engineer
Project: https://github.com/cecio
Abstract:
Malware frequently employs anti-VM techniques, which can vary in their difficulty to detect and counteract. While integrating anti-detection measures in our labs is a frequently used option, we should also consider using a real hardware sandbox, even if this sounds weird. By leveraging the awesome PCILeech project and DMA hardware access, XenoboxX provides a suite of tools for analysis tasks, such as dumping dynamically allocated memory and searching for IoC. These tools allow us to inject code at kernel level through DMA, making detection significantly more challenging and giving a new perspective to the analysis.
Bios:
* Presenter:
Cesare Pizzi is a Security Researcher, Analyst, and Technology Enthusiast. Mainly focused on low level programming, he developed a lot of OpenSource software, sometimes hardware related (USBvalve) and sometimes not.
Doing a lot of reverse engineering too. He likes to share his job when possible (at Defcon, Insomni'hack, Nullcon. etc). Contributor of several OS Security project (Volatility, OpenCanary, PersistenceSniper, Speakeasy, CETUS, TinyTracer, etc) and CTF player.
* Co-Presenter:
Presenter: Cesare Pizzi
Co-Presenter:
Location: W307
Day,Time: Fri Aug 9 , 2PM - 3:45PM
Audience: Defense, Forensic, Hardware, Reverse Engineer
Project: https://github.com/cecio
Abstract:
Malware frequently employs anti-VM techniques, which can vary in their difficulty to detect and counteract. While integrating anti-detection measures in our labs is a frequently used option, we should also consider using a real hardware sandbox, even if this sounds weird. By leveraging the awesome PCILeech project and DMA hardware access, XenoboxX provides a suite of tools for analysis tasks, such as dumping dynamically allocated memory and searching for IoC. These tools allow us to inject code at kernel level through DMA, making detection significantly more challenging and giving a new perspective to the analysis.
Bios:
* Presenter:
Cesare Pizzi is a Security Researcher, Analyst, and Technology Enthusiast. Mainly focused on low level programming, he developed a lot of OpenSource software, sometimes hardware related (USBvalve) and sometimes not.
Doing a lot of reverse engineering too. He likes to share his job when possible (at Defcon, Insomni'hack, Nullcon. etc). Contributor of several OS Security project (Volatility, OpenCanary, PersistenceSniper, Speakeasy, CETUS, TinyTracer, etc) and CTF player.
* Co-Presenter: