Willy Vasquez
 Rising Senior at MIT

› Studying Computer Science and Engineering
› Research with Shafi Goldwasser
› Intern at Symantec Mobility Management
Group
Work of Christopher Domas of the
Battelle Memorial Institute
 Brief overview of his talk at REcon

› The Future of RE: Dynamic Binary
Visualization

The goal is to answer “what is this and
what does it do?”
Lots of time to identify patterns
 Finding the patterns is an art.

Taking a computationally difficult task
and translating it to a problem our brains
naturally do
 Traversing thousands of lines of hex and
making sense of it in 20 seconds

Steganography
 Obfuscation
 Embedded Devices
 Unknown formats

Our current best RE tools are completely
dependent on known structure
 Gates’ Law

› Software is getting slower more rapidly than
hardware becomes faster
› Amount of Information we need to analyze is
growing exponentially

Greg Conti
› US Military Academy
› Blackhat

Aldo Cortesi
› Nullcube
› corte.si
Even in unstructured data there are
relationships, especially among local hex
bytes
 Digraphs

Ascii
Image
Audio

Mapping data to Hilbert curves

Goal: Understanding data independent
of format
Named after Georg Cantor
 Works off of emphasizing the idea of
relationships between binary information


Bayesion Method to classify certain types
of formats

Current binary parsing
› Recursive descent: IDA style that follows
patterns and calls in code
› Linear sweep: objdump and goes through in
linear fashion
Rely on a structures grammar
 ..cantor.dust.. Uses probabilistic parsing,
which does not rely on grammar

A new way to look at binary information
 Can find demo from blackhat
presentation:
https://media.blackhat.com/bh-us12/Arsenal/Domas/_cantor.dust_.7z.zip
 No updates since last summer


The full talk and slides located on the
recon.cx website:
› http://recon.cx/2013/schedule/events/20.ht
ml