Dynamic binary instrumentation (DBI) systems are a popular solution for prototyping heterogeneous program analyses and monitoring tools. Several works from academic and practitioner venues have questioned the transparency of DBI systems, with anti-analysis detection sequences being found already in malware and executable protectors. The present Field Note details new and established detection methods and evaluates recent versions of popular DBI systems against them. It also sets out reflections on potential remediations and alternatives available to security researchers for their daily needs. We make available a large collection of implemented detections, hoping it can help the community build better DBI runtimes and tools.
2022, DIGITAL THREATS, Pages 1-13 (volume: 3)
Evaluating Dynamic Binary Instrumentation Systems for Conspicuous Features and Artifacts (01a Articolo in rivista)
D’Elia Daniele Cono, Invidia Lorenzo, Palmaro Federico, Querzoni Leonardo
Gruppo di ricerca: Cybersecurity