This presentation will unveil a new tool for hijacking executables and discuss the underlying techniques it uses.
Binject is a tool that can be used by pen-testers to establish a persistent foothold on a compromised host through
trojanizing a system binary, or anyone with a burning desire to add functionality to a compiled program. Original techniques for process injection developed for this tool will be discussed in detail.
MANDIANT Nick Harbour is a Principal Consultant with Mandiant. He specializes in Malware Analysis and Incident Response as well as both offensive and defensive research and development. He also teaches malware analysis and reverse engineering. Nick's ten year history in the security industry began as a researcher and forensic examiner at the DoD Computer Forensics Lab (DCFL) where he helped pioneer the field of computer forensics. Nick is a developer of both free software including most notably dcfldd, the popular forensic disk imaging tool, tcpxtract, a tool for carving files out of network traffic and Mandiant Red Curtain and FindEvil, tools for identifying malicious binaries. He is also an expert in anti-reverse engineering technologies and has developed binary hardening tools such as PE-Scrambler. Nick is also a trained chef!