DrawMeATree: The Master Key to WinDbg's Fortress - by Mathilde Venault скачать в хорошем качестве

DrawMeATree: The Master Key to WinDbg's Fortress - by Mathilde Venault

Speaker: Mathilde Venault, Security Researcher, CrowdStrike One of the best things about reverse engineering is that, by nature, the answers we're searching for are always somewhere to be found. While we can't grasp them quite yet, the mechanisms we try to understand are behind guarded walls, making the components' operation possible. The question then becomes how we can discover what lies behind those walls, and this is what reverse engineering is all about: finding the right tools to break in, to access, and to understand what can't initially be seen. Reverse engineering is thereby conditioned by choosing the right tools that would provide the most relevant information in a minimum amount of time. Amongst the available tools, we realized lots of them help to solve specific challenges. Still, we couldn't find any that would provide a clear and global understanding of a given situation rapidly and efficiently. So, we decided to build our own and created "DrawMeATree" to give us the bigger picture we need. Based on the WinDbg's wt command, DrawMeATree visually represents the operation flow of a given component. Using customizable features, it can summarize a large and complex amount of data to extract the information relevant to our needs and display it through a graphical tree representation. By simply looking through the tree, we can understand the global operation, determine the important actors or identify connections to get a clear overview before diving into the specifics. Because DrawMeATree was the right tool for us to break in, we're sharing the tool in the hope of enhancing your reverse engineering toolbox too, with a new master key. In this talk, we will walk down the path that led us to create DrawMeATree, to better understand the approach we chose to tackle the initial challenge. We will explore the steps of the tools' conception and dive into the obstacles and constraints we faced. Finally, we will show typical use cases in which DrawMeATree can make a significant difference, from some core Windows Internals to malware analysis examples. Having the right tools to reverse engineer lays the path for success, so let's explore how to create our own when there is none out there that works for us. For more information about Infosec In the City, SINCON https://www.infosec-city.com/