Moritz Schloegel is a binary security researcher and final-year PhD student at Ruhr-Universität Bochum. His research focuses on automated finding, understanding, and exploitation of bugs. Beyond this, he loves digging into code (de-)obfuscation, in particular looking at automated attacks and countermeasures thereof.
Our talk first gives an overview of contemporary code obfuscation schemes, where we focus on the design & architecture of virtual machines. Then, we work out the weaknesses of well-established approaches and discuss how modern virtual machines can be broken in a (semi-)automated fashion. Afterward, we present the core design principles behind the next generation of virtual machines and highlight how they abuse inherent weaknesses of the deobfuscation techniques in order to provide long-lasting resilience. We conclude the talk by pointing out that such techniques will shape the landscape of modern obfuscation in the next few years; further, we outline required advances in code deobfuscation research to tackle such virtual machines.