Hades is a function rerouting tool that will subvert Windows application functions from the Kernel space. Advantages are: Detours, WinAPIOverride without the weight – When I saw that some malware was able to detect Detours and WinAPIOverride, I reversed the malware and determined that they were detecting if any unauthorized DLLs were being loaded. Detours and WAO depend on this ability to work effectively. So I created a system profiler that does not use DLL injection…
Jason Raber is Director of the Cyber Research Lab, which focuses on creating novel tools and techniques for automatically decomposing complex systems. He has spent ten years in the world of reverse engineering, preceded by five years working at Texas Instruments developing compiler tools for digital signal processors (DSP) (e.g. code generators, assemblers, linkers, disassemblers, etc). His time spent developing C compilers prior to his reverse-engineering experience provided him a good foundation for understanding machine language and hardware that is commonly utilized in reverse-engineering tasks. Jason has significant experience in extracting intellectual property from a broad spectrum of software (including user applications, DLLs, drivers, OS kernels, and firmware) across a variety of platforms (including Windows, Linux, Mac, embedded). He has also worked on identifying and analyzing malware in order to characterize it and/or neutralize it. Prior to rejoining Riverside Research, Jason served as team lead for a software assessment team in the Air Force Research Laboratory, providing the Department of Defense (DoD) with specialized software security support. Conferences Spoke at: Blachk Hat three times -Deobfuscator, quiet RRIOT, and reverse engineering with hardware emulators RECON two times -custom Linux driver debugger, hardware debugger Redteam 2007 -Deobfuscator Working Conference on Reverse Engineering (WCRE) 2007 MIT 2010 Anti-Tamper Con 2010