|
|
|
|
|
| Posted By: |
SecurityTube_Bot
|
| Posted On: |
Mon 21 Feb 2011 |
| Views: |
4069 |
| Share this video: |
|
| Support SecurityTube:
|
|
|
Description: This is the video recording of the presentation titled "Helikaon Linux Debugger" given by Jason Raber at Recon 2008.
The Linux OS is not immune to malware and viruses. The reverse engineer is faced with fighting though anti-debugging protections when trying to understand these binaries. This can be a tedious and time consuming process. COTS debuggers, such as GDB and IDA Pro, are detected in Linux utilizing a variety of anti-debugging techniques. I have developed a stealthy Linux-driver-based debugger named "Helikaon" that will aid the reverse engineer in debugging a running executables without being detected. Guest Helikaon injects a jump at runtime from kernel land into a user mode running process rather than using standard debugger breakpoints like "INT 3" or DR0-DR7 hardware registers. Find out alternate techniques for dynamic analysis in the Linux environment.
You can download a high resolution version of the video here. The slides are available here.
