License managers and validation routines are typically very small pieces of code, relative to the applications that contains them. However, to bypass software protections, static analysis is an inefficient method of locating code of interest. Traditional dynamic analysis suffers from lack of targeted snapshotting and tracing capabilities. This presentation debuts PointyStick, an application designed to allow targeted dynamic program tracing and memory snapshotting. PointyStick enables code regions of interest to be located rapidly, which can then be further analyzed.
Sam has always been passionate about finding ways to break things. Sam initially learned reverse engineering to crack protections on some of his favorite programs, which he of course had a license for. He has worn several hats since then, such as malware analyst, reverse engineer, kernel space developer, and is currently working as a cryptographer. He is also an avid beer fan and loves 312.