* Posts by ivg

1 publicly visible post • joined 19 Jul 2018

'007' code helps stop Spectre exploits before they exist


Re: Placebo (not the "band")

If we're talking about oo7, then de-obfuscation is not needed. The purpose of oo7 is to protect vulnerable but naturally benign software from being exploited via the Spector vector. Moreover, oo7 fixes the code on the source level. Only the detection is performed on the binary level. But still, the binary is obtained from the source code.

P.S. with all these said, oo7, at least the detector is still quite robust to obfuscation, as it uses the Microexecution underneath the hood, thus all jump targets are computed. Of course, it is still possible to beat it using different anti-emulation techniques. But this battle will never end, you know.