Breaking Obfuscated .NET Malware with Profiler-Based Dynamic Binary Instrumentation Recon 2025

As malware authors increasingly adopt .NET for its ease of development and stability, they rely on sophisticated obfuscation techniques to thwart analysis. Traditional static deobfuscation approaches often fail against modern protections that incorporate runtime integrity checks. This presentation introduces a framework that leverages .NET profilers to perform dynamic binary instrumentation at the MSIL level. We demonstrate how this approach can bypass dynamic checks in obfuscation schemes, extract encrypted strings, and trace execution flows—all without modifying the original binary. Through real-world case studies and live demonstrations, we show how this technique provides reverse engineers with a powerful new tool to analyze obfuscated .NET malware.

CERT-EU Conference: Never Gonna Breach You Up

CERT-EU Conference: Never Gonna Breach You Up

Detecting malicious Unicode

In a recent educational trick, curl contributor James Fuller submitted a pull-request to the project in which he suggested a larger cleanup of a set of scripts. In a later presentation, he could show us how not a single human reviewer in the team nor any CI job had spotted or remarked on one of … Continue reading Detecting malicious Unicode →

Program Agenda / 37th Annual FIRST Conference

Register Now: Fortresses of the Future, Building Bridges Not Walls: Copenhagen (DK), June 22-27, 2027.

Vorsorgen für Krisen und Katastrophen

Security Response Engineer — Google Careers