Botconf Author Listing

Guillaume Bonfante


Last known affiliation: Université de Lorraine – LORIA

Date: 2013-12-05
Efficient Program Exploration by Input Fuzzing
Thanh Dinh Ta 🗣 | Jean-Yves Marion 🗣 | Guillaume Bonfante 🗣

Abstract (click to view)

One of the issues of a malware detection service is to update its database. For that, an analysis of new samples must be performed. Usually, one tries to replay the behavior of malware in a safe environment. But, a bot sample may activate a malicious function only if it receives some particular input from its command and control server. The game is to find inputs which activate all relevant branches in a bot binary in order to retrieve its malicious behaviors. From a larger viewpoint, this problem is an aggregation of the program exploration and the message format extraction problem, both of them captures many active researches. This is a work in progress in which we try a new approach to code coverage relying on input tainting.

Slides Icon
PDF
Video
Scroll to Top