Převod binárního kódu x86 do vyššího programovacího jazyka / Translation of x86 Binary Code To a High-Level Language

Jurík, Marián

January 2008

The purpose of this MSc thesis is to create design and implementation of program for translation of x86 binary code to a high-level programming language. There is described PE file format for executables used in MS Windows operating systems in the first part of work. This document contains general information about instruction set IA-32, especially a way of decoding binary code to assembly language. There are described typical program constructions, which are being used in compilers. Design of creation high-level programming language was inspired by existing programming languages. Conclusion is made about advantages and disadvantages of approach used in this thesis.

Debug register rootkits : A study of malicious use of the IA-32 debug registers / Debug Registers Rootkits : En studie av illasinnad användning av IA-32 debug register

Persson, Emil, Mattsson, Joel

January 2012

The debug register rootkit is a special type of rootkit that has existed for over a decade, and is told to be undetectable by any scanning tools. It exploits the debug registers in Intel’s IA-32 processor architecture. This paper investigates the debug register rootkit to find out why it is considered a threat, and which malware removal tools have implemented detection algorithms against this threat. By implementing and running a debug register rootkit against the most popular Linux tools, new conclusions about the protection of the Linux system can be reached. Recently, debug register rootkits were found on Windows as well. This project intends to bring knowledge about the problem and investigate if there are any threats. Our study has shown that still after 12 years, the most popular tools for the Linux operating system have not implemented any detection algorithms against this threat. The security industry may need to prepare for this threat in case it is spread further.

Debug register

rootkit

IA-32

memory forging

Linux

Computer Sciences

Datavetenskap (datalogi)

Debug register rootkits : A study of malicious use of the IA-32 debug registers

Persson, Emil, Mattsson, Joel

January 2012

The debug register rootkit is a special type of rootkit that has existed for over a decade, and is told to be undetectable by any scanning tools. It exploits the debug registers in Intel’s IA-32 processor architecture. This paper investigates the debug register rootkit to find out why it is considered a threat, and which malware removal tools have implemented detection algorithms against this threat. By implementing and running a debug register rootkit against the most popular Linux tools, new conclusions about the protection of the Linux system can be reached. Recently, debug register rootkits were found on Windows as well. This project intends to bring knowledge about the problem and investigate if there are any threats. Our study has shown that still after 12 years, the most popular tools for the Linux operating system have not implemented any detection algorithms against this threat. The security industry may need to prepare for this threat in case it is spread further.

Debug register

rootkit

IA-32

memory forging

Linux

Computer Sciences

Datavetenskap (datalogi)

Software Engineering

Programvaruteknik

Virová analýza a reverzní inženýrství / Malware analysis and reverse engineering

Šváb, Martin

January 2014

Focus of this thesis is reverse engineering in information technology closely linked with the malware analysis. It explains fundamentals of IA-32 processors architecture and basics of operating system Microsoft Windows. Main part of this thesis is dedicated to the malware analysis, including description of creating a tool for simplification of static part of the analysis. In Conclusion various approaches to the malware analysis, which were described in previous part of the thesis, are practically demonstrated on unknown malware sample.

Útoky na operační systém Linux v teorii a praxi / Attacks on the Linux Operating System in Theory and Practice

Procházka, Boris

January 2010

This master's thesis deals with Linux kernel security from the attacker's point of view. It maps methods and techniques of disguising the computing resources used by today's IT pirates. The thesis presents a unique method of attack directed on the system call interface and implemented in the form of two tools (rootkits). The thesis consists of a theoretical and a practical part. Emphasis is placed especially on the practical part, which manifests the presented information in the form of experiments and shows its use in real life. Readers are systematically guided as far as the creation of a unique rootkit, which is capable of infiltrating the Linux kernel by a newly discovered method -- even without support of loadable modules. A part of the thesis focuses on the issue of detecting the discussed attacks and on effective defence against them.