Title: Analysis of Trigger-Based Behaviour in Malware using BAP

Abstract:
One of the more recent sophistications in malware is the introduction of trigger-based behaviour, whereby a program’s malicious actions are activated only when a specific condition is met, for example only on a certain day of the year, or only upon receiving a specific command over a network. This makes analysis difficult as there is no guarantee that observation of the program under execution will uncover all the actions it could possibly take. 
This talk will focus on BAP (Binary Analysis Platform), an analysis tool that makes use of symbolic execution to map out all possible execution paths that a given program binary may follow, including any actions triggered only under specific conditions. Additionally, the tool also provides inputs to drive program execution down each discovered execution path—this therefore allows us to identify any paths that lead to malicious behaviour and to observe it by providing the corresponding inputs given to us by BAP. 

The talk will be illustrated by an example of BAP in action.