Cyber Research Laboratory
Riverside Research’s Cyber Research Lab provides government and commercial entities with end-to-end cyber-security support. The Cyber Research team has extensive expertise and Riverside Research proprietary toolsets to support computer network operations (CNO).
Black Hat
- Las Vegas, NV; July 30 - August 4, 2011
- "Function Rerouting from Kernel Land ‘Hades’" by Jason Raber
- Las Vegas, NV; August 2–7, 2010
- "Reverse Engineering with Hardware Debuggers" by Jason Raber and Jason Cheatham
- Washington D.C.; February 16–19, 2009
- "QuietRIATT: Rebuilding the Import Address Table Using Hooked DLL Calls" by Jason Raber and Brian Krumheuer
- Las Vegas, NV; August 2–7, 2008
- "Deobfuscator: An Automated Approach to the Identification and Removal of Code Obfuscation" by Eric Laspe and Jason Raber
RECON
- Montreal, QC, Canada; June 13–15, 2010
- "Reverse Engineering with Hardware Debuggers" by Jason Raber and Jason Cheatham
- Montreal, QC, Canada; June 13–15, 2008
- "Helikaon Linux Debugger: A Stealthy Custom Debugger For Linux" by Jason Raber
- "Deobfuscator: An Automated Approach to the Identification and Removal of Code Obfuscation" by Eric Laspe
WCRE
- Lero, Limerick, Ireland; October 17–20, 2011
- "Stealthy Profiling and Debugging of Malware Trampolining from User to Kernel Space" by Jason Raber
- "Function Insight: Highlighting Suspicious Sections in Binary Run Tracest" by Michelle Cheatham and Jason Raber
- Vancouver, BC, Canada; October 28–31, 2007
- "Emulated Breakpoint Debugger and Data Mining Using Detours" by Jason Raber
- Vancouver, BC, Canada; October 28–31, 2007
- "Deobfuscator: an Automated Approach to the Identification and Removal of Code Obfuscation" by Eric Laspe
International Conference on Cyber Security
- New York, NY; January 9-12, 2012
- "Stealthy Analysis of Malware" by Jason Raber
DC3
- Atlanta, GA; January 20-27, 2012
- "Hades" by Jason Raber
REDTEAM
- Washington D.C.; August 28–30, 2007
- "The ‘Deobfuscator’: An Automated Approach to the Identification and Removal of Obfuscated Code" by Jason Raber
The Cyber Research team has developed a set of tools that will automatically unravel the complexities of a sophisticated binary. Traditional tool sets that are used to understand a protected piece of malware involve slogging through the binary with conventional debuggers, removing code obfuscations (packing, encryption, code obscurity), manually identifying access points, and thwarting anti-debugging techniques. These methods of reverse-engineering are tedious and costly. The team has vast experience with reverse-engineering complex systems and has developed a state-of-the-art smart tool set that speeds up the analysis of a system or application.
Raber, Jason. “Stealthy Profiling and Debugging of Malware Trampolining from User to Kernal Space.” Paper presented at the Working Conference on Reverse Engineering, Limerick, Ireland, October 2011.
Raber, Jason and Michelle Cheatham. “Function Insight.” Paper presented at the Working Conference on Reverse Engineering, Limerick, Ireland, October 2011.
Raber, Jason and Eric Laspe. “Deobfuscator: An Automated Approach to the Identification and Removal of Code Obfuscation.” Paper presented at the Working Conference on Reverse Engineering, Vancouver, British Columbia, Canada, October 2007, 275–276. doi:10.1109/WCRE.2007.18. download
Raber, Jason. “Emulated Breakpoint Debugger and Data Mining Using Detours.” Paper presented at the Working Conference on Reverse Engineering, Vancouver, British Columbia, Canada, October 2007, 271 – 272, doi:10.1109/WCRE.2007.25. download
Riverside Research has established a state-of-the-art binary analysis lab near Wright Patterson Air Force Base capable of supporting classified operations. Specialized tools currently include:
- "Hydra"—Integrated tool environment
- "Gorgon"—Deobfuscator
- "Cerberus"—Universal stealthy debugger
- "Kraken"—Stealthy system profiler
- "Oracle"—Visualizer and analysis tool
- "Phoenix"—Virtual machine decoder
Just Released
