Back To Schedule
Friday, May 5 • 11:00am - 12:00pm
FTFY: The Addictive Game of Mending Malware Misbehavior with flare-qdb and Vivisect

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
flare-qdb is a Python CLI and library for observing and manipulating native software execution. It is also the gateway drug that led me down the path to excessive and highly pleasurable abuse of the Vivisect library. I'll discuss and demonstrate using flare-qdb and Vivisect to solve CTF challenges, turn a backdoor into a docile CLI string decoder, and unpack the PowerDuke backdoor that APT29 used against the DNC. To get a preview, check out tinyurl.com/flare-qdb-intro.

avatar for Michael Bailey

Michael Bailey

Senior Reverse Engineer @ FLARE, FireEye
Come see my Python-based DBI talk, "FTFY: The Addictive Game of Mending Malware Misbehavior with flare-qdb". @mykill on twitter. Also check out http://baileysoriginalirishtech.blogspot.com/ Bio: Michael Bailey is a reverse engineer for FLARE who lives in Huntsville, Alabama. He... Read More →

Friday May 5, 2017 11:00am - 12:00pm EDT
Preservation Pub 28 Market Square, Knoxville, TN 37902