-
Notifications
You must be signed in to change notification settings - Fork 166
/
header.tex
195 lines (158 loc) · 7.5 KB
/
header.tex
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
% included by render.xxxx.tex
% just a reminder:
% special chars in latex include: \ { } $ ^ _ % ~ # &
% to make a backslash: $\backslash$, in verbatim mode use: \\
% frames that contain [semi]verbatim tags must be marked as 'fragile'
\usepackage{colortbl}
\usepackage{algorithm2e}
\usepackage{beamerarticle}
\usepackage{pgf,pgfarrows,pgfnodes}
\mode<article>{\usepackage{fullpage}}
\mode<presentation>{\usetheme{Warsaw}}
\mode<presentation>{\usecolortheme{seahorse}}
\mode<presentation>{\usecolortheme{rose}}
% customize our margins.
\setbeamersize{text margin left=20pt}
\setbeamersize{text margin right=20pt}
% hidden items should be ghosted.
%\setbeamercovered{transparent}
% disable the navigation footer.
\setbeamertemplate{navigation symbols}{}
% insert a separator at the start of each part.
\AtBeginPart{\frame{\partpage}}
% show slides notes on the left screen.
%\setbeameroption{show notes on second screen=left}
% show the outline and highlight the current section at the start of each section.
\AtBeginSection[] % do nothing for \subsection*
{
\begin{frame}<beamer>
\frametitle{Outline}
\tableofcontents[currentsection,hideothersubsections]
\end{frame}
}
% render only the current frame (development only, vastly improves totaly render speed).
% specify frames to render with \begin{frame}[label=debug]
%\includeonlyframes{debug}
%----------------------------------------------------------------------------------------------------------------------
% HEADER INFORMATION AND LOGO
\title{Reverse Engineering on Windows}
\subtitle{A Focus on Malware}
% if you don't specify a date, the render date is displayed on the title page.
\date[BH]{BlackHat US - Las Vegas - 2009}
\author[Amini, Carrera]{
Pedram~Amini \inst{1} \and
Ero~Carrera \inst{2} \and
}
\institute{
\inst{1}
TippingPoint DVLabs
\and
\inst{2}
zynamics GmbH, VirusTotal
}
% fancy image + mask loading.
%\pgfdeclaremask{tplogo-mask}{tplogo-mask}
%\pgfdeclareimage[interpolate=true,mask=tplogo-mask,width=1cm,height=1cm]{tplogo-image}{tplogo}
%\logo{\pgfuseimage{tplogo-image}}
% regular image loading.
%\logo{\includegraphics[scale=.25]{iamges/logo.png}}
%----------------------------------------------------------------------------------------------------------------------
% CUSTOM COMMANDS, ENVIRONMENTS AND COLORS
\newcommand{\pedbullet}[1]{\begin{itemize}\item #1 \end{itemize}}
\newcommand{\pedref}[1]{\hfill \cite{#1}}
\newenvironment{tip}[1]{\begin{block}{Tip}#1\end{block}}
\definecolor{lightblue}{cmyk}{.35, .10, 0, 0}
% customize the framezoom border color.
%\hypersetup{linkbordercolor={1 0 0}}
%----------------------------------------------------------------------------------------------------------------------
% DOCUMENT START, PREFIXES TITLE PAGE
\begin{document}
\frame{\titlepage}
%----------------------------------------------------------------------------------------------------------------------
% DOCUMENT OUTLINE
\section{Outline}
\subsection{Background}
\frame{
\frametitle{Outline}
\tableofcontents[hideallsubsections,part=1]
}
\subsection{Basic Analysis}
\frame{
\frametitle{Outline}
\tableofcontents[hideallsubsections,part=2]
}
\subsection{Advanced Analysis}
\frame{
\frametitle{Outline}
\tableofcontents[hideallsubsections,part=3]
}
\subsection{Custom Development}
\frame{
\frametitle{Outline}
\tableofcontents[hideallsubsections,part=4]
}
%----------------------------------------------------------------------------------------------------------------------
% INCLUDED SECTIONS
\input{background/00-index.tex}
\input{basic_analysis/00-index.tex}
\input{advanced_analysis/00-index.tex}
\input{analysis_and_custom_development/00-index.tex}
%----------------------------------------------------------------------------------------------------------------------
% APPENDIX
\appendix
\section{Appendix}
\frame{\tableofcontents}
\subsection{References}
\begin{frame}[allowframebreaks]
\frametitle{References}
\begin{thebibliography}{}
\bibitem[Sotirov, 2006]{csw06-sotirov}
Alexander Sotirov, Determina Security Research
\newblock Reverse Engineering Microsoft Binaries
\newblock CansecWest 2006
\bibitem[Communications of the ACM, 1974]{ACM-17-7}
Communications of the ACM vol. 17 no. 7, July 1974
\bibitem[OpenRCE]{OpenRCE}
Open Reverse Code Engineering http://www.openrce.org
\bibitem[Microsoft PE and COFF Specification]{MSPECOFF}
Microsoft Portable Executable and Common Object File Format Specification http://www.microsoft.com/whdc/system/platform/firmware/PECOFF.mspx
\bibitem[PE File Format Ð A Reverse Engineer View]{CBJ-PE}
Portable Executable File Format Ð A Reverse Engineer View http://www.CodeBreakers-Journal.com
\bibitem[Zmist Opportunities]{PFerrie-zmist}
Peter Ferrie, Zmist Opportunities, Virus Bulletin March 2001; http://pferrie.tripod.com/vb/zmist.pdf
\bibitem[Simile/MetaPHOR, Striking Similarities]{PEferrie-simile}
Peter Ferrie, Striking Similarities, Virus Bulletin May 2002; http://pferrie.tripod.com/vb/simile.pdf
\bibitem[Digital Genome Mapping]{CarreraErdelyiVB04}
Ero Carrera \& Gergely Erdelyi, Digital Genome Mapping - Advanced Binary Malware Analysis, Virus Bulletin Conference 2004; http://dkbza.org/data/carrera\_erdelyi\_VB2004.pdf
\bibitem[Introduction to IDAPython]{IDAPythonIntro}
Ero Carrera, Introduction to IDAPython, https://www.openrce.org/articles/full\_view/11
\bibitem[Scan of the Month 33]{SOTM-33}
Nicolas Brulez, Scan of the Month 33: Anti Reverse Engineering Uncovered, http://www.honeynet.org/scans/scan33/nico/
\bibitem[Tricky Relocations]{VB2001}
Tricky Relocations, Peter Szor, Virus Bulletin, April 2001, page 8 http://peterszor.com/resurrel.pdf
\bibitem[Locreate]{locreate}
Locreate: An Anagram for Relocate http://uninformed.org/?v=6\&a=3\&t=sumry
\bibitem[The Viral Darwinism of W32.Evol]{evol}
The Viral Darwinism of W32.Evol https://www.openrce.org/articles/full\_view/27
\bibitem[Tiny PE]{tinype}
Tiny PE, solareclipse; http://www.phreedom.org/solar/code/tinype/
\bibitem[Methods for Virtual Machine Detection]{VMDetection1}
AndrŽs et al. Methods for Virtual Machine Detection. (2006)
\bibitem[On the Cutting Edge: Thwarting Virtual Machine Detection]{VMDetection2}
Liston et al. On the Cutting Edge: Thwarting Virtual Machine Detection. (2006)
\bibitem[VMM Detection Myths and Realities]{VMDetection3}
GarÞnkel et al. Compatibility is Not Transparency: VMM Detection Myths and Realities. (2007)
\bibitem[Attacks on More Virtual Machine Emulators]{VMDetection4}
Ferrie et al. Attacks on More Virtual Machine Emulators. (2007)
\end{thebibliography}
\end{frame}
\mode<presentation>{
\subsection{Slide Count}
\begin{frame}
\frametitle{Total Slide Count}
\begin{center}
\Huge \textbf{\inserttotalframenumber}
\end{center}
\end{frame}
}
\end{document}