Dear all,
Garage4Hacker invites you to join us for a webinar titled Shellcodes for ARM: Your Pills Don’t Work on Me, x86 by Svetlana Gaivoronski - Microsoft Research

For Registration, please fill the following form.

Register Here:

Speaker Bio

Svetlana Gaivoronski is a PhD student at Computer Systems Lab, Computer Science Dept. of Moscow State University, Russia. Svetlana was a member of the Bushwhackers CTF team. Svetlana worked at Redsecure project (experimental IDS/IPS) at Moscow State University. At summer 2013 Svetlana worked in Microsoft Research on a botnets detection in clouds project. Now Svetlana works on shellcode-detection and DDoS-mitigation projects. Her primary interests are network worm propagation detection and filtering, shellcode detection, static and runtime analysis of malware, DDoS detection and filtering.

Talk Description

Despite that it is almost 2014, the problem of shellcode detection, discovered in 1999, is still a challenge for researchers in industry and academia. The significance of remotely exploitable vulnerabilities does not seem to fade away. The number of remotely exploitable vulnerabilities continues to grow despite the significant efforts in improving code quality via code analysis tools, code review, and plethora of testing methods.

The other trend of recent years is the rise of variety of ARM-based devices such as mobile phones, tablets, etc. As of now the total number of ARM-based devices exceeds the number of PCs in times. This trend sometimes is terrifying as people trust almost all aspects of their lives to such digital devices. People care much more about convenience than security of the data. For example, mobile phones now knows our financial information, health records, keeps a lot of other private data. That's why ARM-based systems became a cherry pie for attackers.

There is a variety of shellcode detection methods that work more or less acceptable with x86-based shellcodes. There are even hybrid solutions that combine capabilities of existing approaches. Unfortunately, almost all of them focus on a fixed set of shellcode features, specific for x86 architecture. This work aims to cover this gap.

This work makes the following contributions:

• We provide an analysis of existing shellcode detection methods with regards to their applicability to shellcodes developed for ARM architecture. As a result, we show that most of existing algorithms are not applicable for shellcodes written for ARM. Moreover, the methods that work for ARM shellcodes produce too many false positives to be applicable for real-life network channels and 0-day detection.
• We analyzed available ARM-based shellcodes from public exploit databases, and identified a set of ARM shellcode features that distinguishes them from x86 shellcodes and benign binaries.
• We implemented our detectors of ARM shellcode features as an extension for Demorpheus[1] shellcode detection open-source library. The algorithm used for generation of detectors’ topology guarantees the solution to be optimal in terms of computational complexity and false positive rate.

Webcast Recording:

Webcast Slides

Event Sponsor

Name:  hitb-logo.png
Views: 184
Size:  7.9 KB
Name:  Netsparker Logo 327x118 .jpg
Views: 200
Size:  20.2 KB

Gold Sponsor
Waxspace Hosting
Name:  Untitled.JPEG
Views: 181
Size:  10.9 KB

Media Partners
Name:  483347_503133263049368_1949202422_n.jpg
Views: 181
Size:  35.1 KB
Name:  small_logo.jpg
Views: 184
Size:  35.3 KB

Kind Regard,
Garage4Hackers Team