This pages summarizes some of the projects my students and I['m currently|had been] working on. All of our work is free software, thus patches and comments are appreciated.
The demovfuscator is a generic deobfuscator for binaries that were compiled
using Christopher Domas' famous
M/o/Vfuscator. The current
release is able to reconstruct the CFG of the original program and partially
re-substitutes the mov instructions by their equivalent high-level ASM
opcodes. Note that the demovfuscator is work in progress software, i.e.
patches and comments are very welcome!
TCP_Stealth is an RFC draft and an extension for the Linux kernel providing a
modern version of port knocking for TCP sockets. Unlike other approaches,
TCP_Stealth is safe against active MitM attacks, is able to ensure the
integrity of the first TCP segment sent after the handshake, and requires only
minimal changes to existing applications (setsockopt).