Designed around analysts, BluePill lets them customize its hooks and add new ones using insight from the dissection, which is especially useful for targeted malware and new tricks. Also, it is immune from semantic gaps. In this talk, I will show how BluePill can defeat tricks from recent evasive samples and executable protectors, making it possible to dissect them on a standard VirtualBox installation alongside classic analysis tools.

By Daniele Cono D'Elia

Full Abstract & Presentation Materials: https://www.blackhat.com/eu-19/briefi...