Helikaon Linux Debugger (Recon 2008)

This is the video recording of the presentation titled "Helikaon Linux Debugger" given by  Jason Raber at Recon 2008.

The Linux OS is not immune to malware and viruses. The reverse engineer is faced with fighting though anti-debugging protections when trying to understand these binaries. This can be a tedious and time consuming process. COTS debuggers, such as GDB and IDA Pro, are detected in Linux utilizing a variety of anti-debugging techniques. I have developed a stealthy Linux-driver-based debugger named "Helikaon" that will aid the reverse engineer in debugging a running executables without being detected. Guest Helikaon injects a jump at runtime from kernel land into a user mode running process rather than using standard debugger breakpoints like "INT 3" or DR0-DR7 hardware registers. Find out alternate techniques for dynamic analysis in the Linux environment.

You can download a high resolution version of the video here. The slides are available here.

RECON is a computer security conference being held in Montreal. The conference offers a single track of presentations over the span of three days. RECON also offers a variety of technical training courses that take place just before the conference dates. Please contact them at gus [-at-] recon [-dot-] cx