Meetups, conferences, startup events, and geeky gatherings in the Pacific Northwest and beyond. Browse for local tech events, or search by date or keyword. Submit your event below for consideration for the GeekWire Calendar. Look for highlights from the GeekWire Calendar each week on GeekWire, and check out GeekWire's own unique series of signature tech events in the Seattle region.
- This event has passed.
SeaJUG: Using Antlr In Cybersecurity
June 20 @ 6:45 pm - 8:30 pmFree
Another Tool for Language Recognition (Antlr) is a Java-based parser generator. You define your language grammar and out pops a parser! In addition to designing your own languages, Antlr grammars for many existing programming languages are available, including C. Using Antlr and StringTemplate, a templating engine also from the Antlr camp, we can do source-to-source translation of C code automagically. We’ll then combine this C code with an API hooking technology, such as MS Detours. The result is a tool for real-time program behavior monitoring, as used in malware analysis and digital forensics.
Speaker: Stuart Maclean
Stuart Maclean’s day job is all embedded software for ocean instruments, but he also dabbles in building cybersecurity tools using Java. He thinks API hooking systems like Cuckoo Sandbox are way cool. In goes a malicious program and out comes a description of that program’s interaction with the system — files opened, registry keys deleted, network connections made, etc. Yet Cuckoo hooks only a small subset of the vast Windows API. Stuart used Antlr and StringTemplate to auto-generate API hooking routines, so increasing program code coverage. In doing this work, Stuart has learned that there’s only one thing more tortuous that parsing C, and that’s parsing …. come to SeaJUG to find out!