Jason Raber
Director
Riverside Research, Beavercreek, OH USA

Jason has significant experience extracting intellectual property from a broad spectrum of software (including user applications, DLLs, drivers, OS kernels, and firmware) across a variety of platforms.  He has also worked on analyzing malware in order to characterize and/or neutralize it. Prior to rejoining Riverside Research, Jason served as team lead for a software assessment team in the Air Force Research Laboratory, providing the DoD with specialized software security support.

Michelle Cheatham
Researcher
Riverside Research, Beavercreek, OH USA

Michelle is pursuing a Ph.D. focused on data mining and machine learning.  She has over ten years of software development experience, with a focus on creating visualizations of complex data.  She currently works for Riverside Research, where she applies techniques from these fields to software reverse engineering.  Prior to joining Riverside Research, Michelle worked for over seven years at the Air Force Research Lab, in the Collaborative Systems and Autonomic Trusted Sensing branches.

Mr. Raber and Ms. Cheatham will speak about, Reverse Engineering Made Easy with Hydra.

A reverse engineer trying to understand a protected binary is faced with avoiding detection by anti-debugging protections.  Advanced protection systems may even load specialized drivers that can re-flash firmware and change the privileges of running applications, significantly increasing the penalty of detection.  Hades is a Windows kernel driver designed to aid reverse engineering endeavors.  It avoids detection by employing intelligent instrumentation via instruction rerouting in both user and kernel space.  This technique allows a reverse engineer to easily debug and profile binaries without fear of invoking protection penalties.