Location
CS 2311
Event Description
Abstract - PANDA is a new, open source dynamic analysis framework based on QEMU that has been built to facilitate whole-system reverse engineering. PANDA incorporates whole-system record and replay, taint analysis, lifting to LLVM, and support for emulating the Android platform. In this talk, I will describe how to use PANDA to speed up a number of reverse engineering tasks, including circumventing copyright protection in Starcraft, extracting censorship blacklists from an IM client, and understanding a use after free vulnerability in Internet Explorer. All code and data will be made available on http://www.rrshare.org so others can replicate and extend our findings.
Bio: Brendan Dolan-Gavitt is a postdoctoral researcher at Columbia University working on making reverse engineering automated and available to everyone. Prior to joining Columbia he earned a PhD at Georgia Tech under Wenke Lee, working on virtual machine
introspection, memory forensics, and reverse engineering.
For more info on Brendan visit: http://www.cs.columbia.
