Bytecode Jiu-Jitsu - Forcing Execution of Malicious Bytecode Through Interpreter Manipulation

Learn about a groundbreaking conference talk from Black Hat that introduces Bytecode Jiu-Jitsu, a novel code injection attack technique targeting interpreter processes. Discover how this covert method works by dynamically replacing benign bytecode in interpreter memory to execute malicious code without triggering suspicious API calls. Explore the automated analysis technique for revealing bytecode locations and structures in interpreter binaries, making the attack applicable to proprietary interpreters with minimal human effort. Examine demonstrations showing the technique's effectiveness across various real-world interpreters, its ability to evade detection by antivirus products and forensics tools, and its capacity to disrupt behavioral analysis by sandboxes, EDRs, and malware analysts. Gain insights from NTT Security Holdings Corporation researchers and University of Tokyo experts as they present their findings and release a tool for security research and evaluation purposes.