In a time where critical vulnerabilities are pervasive in most software, and millions of dollars are spent to understand and recover from malicious software, better reverse engineering capabilities are clearly needed. Reverse engineering is a process where low-level details of code are disassembled, analyzed, and contextualized to understand how software executes, what software is capable of, and what potential vulnerabilities are present in the software. This process is often manual, consisting of static analysis and dynamic analysis. Static analysis occurs over an entire piece of code but is potentially hampered by obfuscation attempts designed deliberately to thwart this analysis. Dynamic analysis occurs by performing instrumentation on code while it runs, but often does not enable exploration of all code paths of interest. In this talk, we will discuss a unique solution to the current manual process, the Platform for Architecture-Neutral Dynamic Analysis (PANDA). PANDA is an open-source tool that has been built to enable a wide variety of dynamic software analysis techniques that can help answer complex questions about software. Key features include whole-system record and replay, and a modular plugin architecture. This talk will also include a demonstration of how static analysis, dynamic analysis, and record and replay can be combined in interesting ways to expedite the complex process of reverse engineering. PANDA has been released as open source software, and is currently available on Github (https://github.com/panda-re/panda).
Presenter: Ryan Whelan, MIT Lincoln Labs