CANCELLED: Structural executable comparison, malware classification, and collaborative binary analysis - the formerly-zynamics tools at Google

Add to your list(s) Download to your calendar using vCal

• Thomas Dullien, Google
• Wednesday 09 May 2012, 14:15-15:15
• Lecture Theatre 1, Computer Laboratory.

If you have a question about this talk, please contact Stephen Clark.

CANCELLED: will most likely be rescheduled for next term

Recent years have seen an explosion in the industry adoption of reverse engineering for security purposes. Between the late 90’s and today, a niche endeavor turned into industry practice – both for the analysis of malicious software and for the security review of closed-source software components. In 2011, Google acquired zynamics GmbH, a small company focused on developing software for (security-minded) reverse engineers. This talk will give an overview of the different areas in which zynamics worked prior to joining Google, and some of the directions in which we’re moving now.

On the technical level, the talk will give an overview over our structural / graph-centric algorithms for executable comparison, how we used these algorithms for malware classification and byte-signature generation, and over our reverse-engineering IDE which permits fully collaborative disassembly analysis for teams of reverse engineers.

This talk is part of the Computer Laboratory Wednesday Seminars series.

This talk is included in these lists:

• All Talks (aka the CURE list)
• Computer Laboratory Security Seminar
• Computer Laboratory Wednesday Seminars
• Computer Laboratory talks
• Lecture Theatre 1, Computer Laboratory
• School of Technology
• computer science
• de239's list

Note that ex-directory lists are not shown.