The biggest information security conference in Japan, CODE BLUE 2025, will be held in Tokyo on November 18-19. TeamT5, with its Taiwan headquarter & Japan subsidiary, is proud to sponsor and participate in this Asia top international cybersecurity event.
This year, our cyber threat intelligence team members will share their latest study - “Bypassing Anti-Debugging: A Hybrid Real-Simulated Approach to Rootkit Analysis”.
See below for highlights of our events at CODE BLUE 2025.
Topic: Bypassing Anti-Debugging: A Hybrid Real-Simulated Approach to Rootkit Analysis
- Time: 11 / 19 (Wed.) 09:00-09:40
- Presenter: Yong-Xu Yang, Heng-Ming Fan, Yu Xuan Luo
Reverse engineering rootkits are increasingly challenged by advanced obfuscation and packing, hindering dynamic debugging of Windows drivers. While Unicorn-based frameworks like Speakeasy and Qiling exist, they are still insufficient in anti-simulation techniques.
This research proposes a Unicorn-based semi-simulation framework that executes drivers in a hybrid real-simulated environment via partial pass-through, extracting real environment components and supporting parallel execution and structure exception handling to bypass anti-simulation and anti-debugging protections. Running isolated in Ring 3, it can precisely monitor objects and registers, revealing rootkits’ logic and its self-protect mechanisms.
We will explore modern anti-debugging techniques, Unicorn applications, and a case study of a high-market-share anti-cheat engine’s kernel driver protections. After this session, attendees will gain a better understanding of internal driver protection and rootkit analysis.
About CODE BLUE
CODE BLUE is Japan's largest international information security conference, which aims to contribute to a better Internet world by connecting people through CODE (technology), beyond and across the BLUE (oceans). Every year, the world's top-class specialists and researchers gather together to share their latest findings and give cutting-edge talks. It is a place for all participants to exchange information and collaborate to respond to and solve information security problems.
More information on CODE BLUE Official Website.
*Image courtesy of CODE BLUE.