Publications

Publications and Presentations

• Improving Antivirus Accuracy with Hypervisor Assisted Analysis
  Journal in Computer Virology, 2010
• Reverse Engineering by Crayon: Game Changing Hypervisor Based Analysis
  Blackhat USA 2009 / Defcon 17, Las Vegas, Nevada
• Visualizing Compiled Executables for Malware Analysis - BibTeX
  Visualization Security (Vizsec) Workshop, Atlantic City, NJ (Received Best Paper)
• Temporal Reverse Engineering
  Blackhat USA 2008, Las Vegas, Nevada
• Removing Software Armoring from Executables
  Insecure Magazine, July 2008, pp 17-20
• Reverse Engineering Malware and Commercial Software Armoring
  RSA Conference 2008, San Francisco, California
• Malware Economics
  $-gard 2008 Conferences (Invited Talk), Albuquerque, New Mexico
• Malware Software Armoring Circumvention
  Shmoocon 2008, Washington, DC
• Covert Debugging: Circumventing Software Armoring - BibTeX
  Blackhat USA 2007 / Defcon 15, Las Vegas, Nevada
• Hacking Malware: Offense is the New Defense
  Defcon 14, Las Vegas, Nevada

White Papers, HOWTOs, and Analysis

• Ether Source Installation Instructions
• Storm Worm Process Injection from the Windows Kernel
• Further Down the VM Spiral
• Detecting Virtual Machines

Tools

• VERA: Visualizing Executables for Reversing and Analysis - From the Blackhat 2009 talk
• Ether Automation Utility: Ether Bunny
• Ether Installation Package - A .deb to install Ether
• NoPill - More reliable virtual machine detection via the LDT and MSW registers

External Projects I Have Contributed To

• Ether by Artem Dinaburg, Paul Royal, Monirul Sharif and Wenke Lee
• PEFile by Ero Carrera