Justin Ferguson - Bridging The Gap - Analysis Of Win32 (Video)

The presentation covers the steps necessary to do static analysis (reverse engineer) Win32 executables under Unix. The presentation covers the basics of the PE format, the hurdles necessary to overcome in order successfully do static analysis in a foreign environment, and the release of a tool (dupe [dump pe]) that does static analysis of PE executables under POSIX compliant operating systems (tested under Linux and {free,net}bsd). Furthermore the talk covers the inner workings of the tool, operation of it, current limitations and future design goals for it. Justin Ferguson is a reverse engineer as part of an incident response team, he has over 6 years experience working in various security related roles such as incident response, security researcher, security analyst and so on for industries varying from financial providers and credit card processing corporations to universities and web hosting companies.