Reduzindo a superfície de ataque dos frameworks de instrumentação binária dinâmica

Abstract

Malicious applications pose as one of the most relevant issues in today’s technology scenario, being considered the root of many Internet security threats. In part, this owes the ability of malware developers to promptly respond to the emergence of new security solutions by developing artifacts to avoid them. In this work, we present countermeasures to mitigate one of the recent mechanisms used by malware to avoid detection of anti-instrumentation techniques. Among these techniques, this work focuses on those that increase the attack surface of malicious applications, allowing attacks such as arbitrary code execution, which becomes an escape of dynamic binary instrumentation (DBI) in the context of DBI tools. To ensure the effectiveness of the proposed countermeasures, proofs of concept were developed and tested in a controlled environment with a set of anti-instrumentation techniques. Finally, an analysis was made on the performance impact of using the proposed approaches. As a result, this dissertation demonstrates that it is possible to reduce the exploitable attack surface of DBI tools by mitigating anti-instrumentation techniques. However, this does not necessarily guarantee the transparency of such tools.