Skip navigation.

Coming to Defcon: A New Bioinformatics-Inspired and Binary Analysis: Coding Style/Motif Identification


Please welcome Scott Miller, hllywood, to Offensive Computing. Scott will be presenting at Defcon 14 on his blast tool. We're happy to have Scott onboard!

Here's the abstract for Scott's talk:

Security analysis is severely complicated by the size and abundance of executable code. Existing concepts and code can be combined, obfuscated, packed, and hidden toward the ends of evading detection and frustrating analysis. Is that patch fixing the problem it claims to fix? Have you seen that malicious code before? Have you seen these particular motifs/style before?

Read more for full details.

All very interesting questions, some of which can be addressed using existing tools/techniques. This talk looks at a new tool, inspired by a scored string match used for genetic analysis: the Basic Local Alignment Search Tool (BLAST). Can this tool identify motifs common to UPX? Can this tool identify code generated by different versions of GCC? Does this tool provide similar Malware classifications to other tools?

The talk will include an overview of the technique, demonstration of the use of the new tool set (binBLAST), and its performance.