Tim Blazytko is a well-known binary security researcher and co-founder of emproof. After working on novel methods for code deobfuscation, fuzzing and root cause analysis during his PhD, Tim now builds code obfuscation schemes tailored to embedded devices. Moreover, he gives trainings on reverse engineering & code deobfuscation, analyzes malware and performs security audits.
Our talk addresses the challenges faced by reverse engineers in navigating and exploring large, unknown binaries. We introduce a range of efficient, architecture-agnostic heuristics to quickly detect intriguing code locations in real-world applications. This ranges from the detection of cryptographic algorithms and complex state machines in firmware to string decryption routines in malware. Then, we use these techniques to identify API functions in statically-linked executables and pinpoint obfuscated code in commercial applications. Attendees will gain valuable insights and tools to enhance their reverse engineering workflows and discover new code detection strategies applicable to a wide array of scenarios.