BruCON 0x0E has ended
Thursday, September 29 • 10:30 - 12:30
Strings: An In-Depth Look FILLING

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Limited Capacity filling up

Strings analysis consists of extracting readable strings from binary files. It's a simple reverse-engineering technique, applicable to malware analysis too.
And although a lot of malware is obfuscated, strings analysis can still be valuable.
For example with sophisticated Excel 4 macros, that employ complex string obfuscation to hide the URL from which they download their payload. In these documents, the cleartext URL can be cached and easily retrieved.

Didier Stevens has developed several tools to help with strings analysis, because it is a simple technique that everyone can learn.
That's the advantage of strings analysis: it's a simple technique, that can easily be explained and understood.
The disadvantage: if the strings are obfuscated, we can try some simple tricks to deobfuscate them (like with tool xorsearch), but that's as far as it goes.
There is a lot to learn about strings analysis. For example, how to Pascal strings in malware written in Delphi.

In his typical style hands-on no BS-style, Didier Stevens will lead the participants through many exercises, learning to discern meaningful strings. Because with strings analysis, the problem is not extracting strings, but detecting the strings that are meaningful in the context of the analysis.

For this workshop, Didier Stevens is also working on new and updated tools to facilitate strings analysis.

As usual, this workshop is 100% hands-on. Just a few slides, many exercises.

avatar for Didier Stevens

Didier Stevens

Didier Stevens (Microsoft MVP, SANS ISC Handler, ...) is a Senior Analyst working at NVISO (https://www.nviso.be). Didier has developed and published more than 100 tools, several of them popular in the security community.You can find his open source security tools on his IT security... Read More →

Thursday September 29, 2022 10:30 - 12:30 CEST
04. Het Anker