Abstract
The analysis of a malicious piece of software that involves a remote counterpart that instructs it can be troublesome for security professionals, as they may have to unravel the communication protocol in use to figure out what actions can be carried out on the victim’s machine. The possibility to recur to dynamic analysis hinges on the availability of an active remote counterpart, a requirement that may be difficult to meet in several scenarios. In this paper we explore how symbolic execution techniques can be used to synthesize a command-and-control server for a remote access trojan, enabling in-vivo analysis by malware analysts. We evaluate our ideas against two real-world malware instances.
Author supplied keywords
Cite
CITATION STYLE
Borzacchiello, L., Coppa, E., D’Elia, D. C., & Demetrescu, C. (2019). Reconstructing C2 servers for remote access trojans with symbolic execution. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 11527 LNCS, pp. 121–140). Springer Verlag. https://doi.org/10.1007/978-3-030-20951-3_12
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
