Abstract - PANDA is a new, open source dynamic analysis framework based on QEMU that has been built to facilitate whole-system reverse engineering. PANDA incorporates whole-system record and replay, taint analysis, lifting to LLVM, and support for emulating the Android platform. In this talk, I will describe how to use PANDA to speed up a number of reverse engineering tasks, including circumventing copyright protection in Starcraft, extracting censorship blacklists from an IM client, and understanding a use after free vulnerability in Internet Explorer.

Bio: Brendan Dolan-Gavitt is a postdoctoral researcher at Columbia University working on making reverse engineering automated and available to everyone. Prior to joining Columbia he earned a PhD at Georgia Tech under Wenke Lee, working on virtual machine

introspection, memory forensics, and reverse engineering.

For more info on Brendan visit: http://www.cs.columbia.edu/~brendan/