Emulate.sh
2
Talks Delivered
2
Events Spoken At
1
Countries Visited
10
Years Speaking
2
Total Talks Given
KaiJern (xwings). Founder of open source reverse engineering project, Qiling Framework (https://qiling.io). His research topic is mainly on developing cutting edge cross platform reverse engineering framework, embedded devices security, blockchain security, and various security topics.
He presented his findings in different international security conferences like Blackhat, Defcon, HITB, Codegate, QCon, KCon, Brucon, H2HC, Nullcon, etc. He conducted hardware hacking courses in various conferences around the globe. He is also actively involved in Unicorn Engine (https://unicorn-engine.org), Capstone Engine (https://capstone-engine.org), Keystone Engine (https://keystone-engine.org) and hackersbage.com
Areas of Expertise
Ever since the release of Qiling Framework in 2019, It provides reverse engineers with the best instrumentation experience across the industry. Various tools build on top of Qiling Framework for dynamic analysis purposes. But, there is one thing missing in the framework, symbolic execution.
Symbolic execution is one of the most powerful strategies to automate binary analysis. By integrating Qiling Framework and Radare2 ESIL(an open source and target neural intermediate language), Qiling Framework is able to bring symbolic execution to all the supported architecture. As always, a symbolic execution engine with lots of high level APIs.
In this talk, we will discuss the reason why we decided to add a symbolic execution module into Qiling Framework. We will also share the problems and how we manage to solve all the challenges.
There will also be few very exciting demonstrations on how the engine works and how we can solve challenges with this new symbolic execution engine.
With this new module added into Qiling Framework, it will be a brand new experience in both dynamic analysis and symbolic execution world. Hope to see more exciting ideas and tools built on top of the Qiling Framework.
Finally, specials guess appearance, Qiling Framework latest EVM engine DEMO!
Xandora is a malware sandbox. The idea of Xandora sandbox is for performance, simplified reporting and sharing. At this moment we have received almost 20,000 samples a day and processed almost 800 samples per hour. Some common complaints about sandboxing is that it’s too complicated and not able to process many files within a reasonable time. Xandora aims to solve this through:
i. Simple reporting
ii. A central malware sharing platform for reporting, process dumping, samples etc.
iii. The ability to process more malware with less servers (cost vs volume)
