logo

  1. Home
  2. Mailing Lists
  3. Past Meetings
  4. Java Resources
  5. Conferences
  6. Other User Groups
  7. Java Jobs
  8. - all meetings

Meeting Location:
Disney
Suite 400
925 4th Ave,
Seattle

6:45pm Networking
7:00pm Presentation
8:30pm Beers!

Chair Nimret Sandhu
Founder Jayson Raymond

Meetup

Twitter

LinkedIn

SeaJUG is an all volunteer effort - which means items such as the website and mailing list are updated as schedules afford. We meet on the 3rd Tuesday of every month. We need suggestions/volunteers for topics! If you'd like to donate your time/skills to the cause, contact Nimret Sandhu.

20 Jun 2017 : Using Antlr In Cybersecurity

VideoVideo     

Another Tool for Language Recognition (Antlr) is a Java-based parser generator. You define your language grammar and out pops a parser! In addition to designing your own languages, Antlr grammars for many existing programming languages are available, including C. Using Antlr and StringTemplate, a templating engine also from the Antlr camp, we can do source-to-source translation of C code automagically. We'll then combine this C code with an API hooking technology, such as MS Detours. The result is a tool for real-time program behavior monitoring, as used in malware analysis and digital forensics.

Speaker: Stuart Maclean

Stuart Maclean's day job is all embedded software for ocean instruments, but he also dabbles in building cybersecurity tools using Java. He thinks API hooking systems like Cuckoo Sandbox are way cool. In goes a malicious program and out comes a description of that program's interaction with the system -- files opened, registry keys deleted, network connections made, etc. Yet Cuckoo hooks only a small subset of the vast Windows API. Stuart used Antlr and StringTemplate to auto-generate API hooking routines, so increasing program code coverage. In doing this work, Stuart has learned that there's only one thing more tortuous that parsing C, and that's parsing .... come to SeaJUG to find out!