BluePill: Neutralizing Anti-Analysis Behavior in Malware Dissection
Daniele Cono D'Elia at Black Hat Europe 2019
Designed around analysts, BluePill lets them customize its hooks and add new ones using insight from the dissection, which is especially useful for targeted malware and new tricks. Also, it is immune from semantic gaps. In this talk, I will show how BluePill can defeat tricks from recent evasive samples and executable protectors, making it possible to dissect them on a standard VirtualBox installation alongside classic analysis tools.
Full Abstract & Presentation Materials: https://www.blackhat.com/eu-19/briefings/schedule/#bluepill-neutralizing-anti-analysis-behavior-in-malware-dissection-17685
Full Abstract & Presentation Materials: https://www.blackhat.com/eu-19/briefings/schedule/#bluepill-neutralizing-anti-analysis-behavior-in-malware-dissection-17685