Hypervisor-Assisted Ring0 Debugging with radare2 - Lars Haukli at 44CON 2017

Hypervisor-Assisted Ring0 Debugging with radare2 - Presented by: Lars Haukli at 44CON 2017 Reverse engineering protected code operating in kernel mode can be challenging. More advanced protection mechanisms typically combine obfuscation or encryption with techniques that hinder dynamic analysis. Some code will not run at all when certain debugging features are enabled by the OS. radare2 is a comprehensive open-source framework for reverse engineering, that takes you to a magical world where control flow graphs of disassembled code are displayed in ASCII art. The framework combines a vast set of code analysis capabilities, which you can make use of in a variety of ways. Enter the idea of connecting radare2 to a virtual machine, giving it direct access to guest physical memory. The intent is to debug Ring0 code running inside the guest, with the debugging mechanism operating exclusively on the host. This talk will cover the use of radare2 on a Linux host accessing a Windows VM. For more from 44CON and tickets visit 44CON Website: https://44con.com --=== Contact ===-- YouTube:    / 44contv   Website: https://44con.com Twitter:   / 44con   LinkedIn:   / 44con-3886577   Facebook:   / 44con   --=== Music Credits ===-- Island - by MBB:   / mbbofficial   (  / mbbmusic  ) Grind - by Andrew Huang - YouTube Music Library