Applied Binary Code Obfuscation
by George Nicolaou, Glafkos Charalambous - Wednesday, 4 February 2009.
An obfuscated code is the one that is hard (but not impossible) to read and understand. Sometimes corporate developers, programmers and malware coders for security reasons, intentionally obfuscate their software in an attempt to delay reverse engineering or confuse antivirus engines from identifying malicious behaviors.

Nowadays, obfuscation is often applied to object oriented cross-platform programming languages like Java, .NET (C#, VB), Perl, Ruby, Python and PHP. That is because their code can be easily decompiled and examined making them vulnerable to reverse engineering. On the other hand, obfuscating binary code is not as easy as encrypting object or function names as it is done in programming languages mentioned above. In this case, the code is altered by using a variety of transformations, for instance self modifying code, stack operations or even splitting the factors of simple mathematical functions.

Moreover, binary obfuscation is also used to defeat automated network traffic analyzers such like Intrusion Detection and Prevention Systems. In other words, binary code obfuscation is the technique of altering the original code structure and maintaining its original functionality. This paper explores the theory and practice of binary code obfuscation as well as a number of various techniques that can be used.

Download the paper in PDF format here.


Pen-testing drone searches for unsecured devices

You're sitting in an office, and you send a print job to the main office printer. You see or hear a drone flying outside your window. Next thing you know, the printer buzzes to life and, after spitting out your print job, it continues to work and presents you with more filled pages than you expected.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Oct 9th