Toshinori Usui & Yuto Otsuki & Ryo Kubota & Yuhei Kawakoya & Makoto Iwamura & Kanta Matsuura_Bytecode Jiu-Jitsu Choking Interpreters to Force Execution of Malicious Bytecode.pdf

1、#BHUSA BlackHatEventsBytecode Jiu-JitsuContributors:Ryo Kubota1,Yuhei Kawakoya1,Makoto Iwamura1,Kanta Matsuura2Choking Interpreters to Force Execution of Malicious Bytecode 1NTT Security Holdings Corporation2Institute of Industrial Science,The University of TokyoToshinori Usui1,Yuto Otsuki1#BHUSA Bl

2、ackHatEventsToshinori Usui,Ph.D.Research scientist,security principalResearch interests:malware analysis,reverse engineering,and exploit developmentCTF loverBrazilian Jiu-Jitsu enthusiastYuto Otsuki,Ph.D.Senior researcherResearch interests:memory analysis,reverse engineering and operating system sec

3、urity2#BHUSA BlackHatEventsCode Injection Attack1.Allocate2.Write3.Execute31C0B001.a memory regionmalicious codethe code31C0B001.3#BHUSA BlackHatEventsCode Injection Attack31C0B001.31C0B001.1.Allocate2.Write3.Executea memory regionmalicious codethe code4#BHUSA BlackHatEventsCode Injection Attack31C0

4、B001.bytecode2.Writemalicious code5#BHUSA BlackHatEventsTodays Topic:Bytecode Jiu-Jitsu6Injector Injector(malware)(malware)InterpreterInterpreter#BHUSA BlackHatEventsOutline 入門入門 Introduction to Code Injection Attack 理合理合 Bytecode Jiu-Jitsu Overview 稽古稽古 Interpreter Implementation Basics 打込打込 Interp

5、reter Analysis 試合試合 Bytecode Jiu-Jitsu Attack 乱取乱取 Experiments and Evaluations 受身受身 Countermeasures against Bytecode Jiu-Jitsu 総括総括 Takeaways7#BHUSA BlackHatEvents入門入門 Introduction to Code Injection Attack8#BHUSA BlackHatEventsCode Injection Attack Malware tries to conceal their malicious behavior o

6、n the target host Code injection is a technique to blend malicious behavior with benign one by forcing a benign process to execute malicious codeInjector codeMalicious codefor injectionLegitimatebenign codeMalicious codefor injectionInjectmalicious codeStart a thread to execute malicious codeInjecto