Angel Villegas
Last known affiliation: Cisco Systems, Inc.
Angel Villegas 🗣
Abstract (click to view)
Reverse Engineering benign or malicious samples can take a considerable amount of time and new samples are created daily. Leveraging disassemblers, like IDA Pro, a reverse engineer can analyze the same routines across several samples over the lifetime of their career. Their knowledge is not easily transferred to similar samples or functions for themselves or others. In particular we can consider the problem code reuse has on reversing efforts, whether it is via statically-linked libraries or integrating existing software. In this presentation we want to provide a solution for transferring knowledge to similar functions by introducing a new reverse engineering tool, named FIRST (Function Identification and Recovery Signature Tool), to reduce analysis time and enable information sharing.