Stack Cleaning — A Quest in Hunting for FLIRT

ShmooCon XIV - 2018

Presented by: Jon Erickson
Date: Friday January 19, 2018
Time: 20:40 - 20:55
Location: Main Room
Track: Firetalks

While reverse engineering, an annoying malware sample broke my Hex-Ray’s decompiler – the “cheat code” of IDA Pro. In this talk, I’ll walk you through my exploration of the bug that causes HexRays to fail, hunting for the malware’s source, and finding the exact source code and compiler which was used to create the sample. I’ll wrap up by showing techniques that you can use make analysis of future malware samples like this one easier.

Jon Erickson

Jon Erickson (@2130706433) is a Senior Staff Reverse Engineer on the FLARE team at FireEye. Before joining FireEye, Jon made the rounds with various government contractors and served in the United States Air Force. Jon has worked in the security industry for over a decade and has a Master’s Degree from George Mason University. Jon has spoken at numerous conferences including Blackhat Asia, CodeBlue, and SyScan 360. He’s contributed to several CVE’s and loves working with new security researchers to help them better themselves.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats