Automated Unpacking & Deobfuscation of Nested VM-Based Protectors
Agostino Panico
DEF CON 33 · Day 1 · Main Stage
Agostino Panico (known as "Vanish") presents VM Dragon Slayer — an open-source framework for automatically defeating virtualization-based obfuscation (VBO) protectors, including multiple nested layers
AI review
VM Dragon Slayer: automated devirtualization framework using symbolic execution and taint tracking to defeat nested VM-based protectors (VMProtect, Themida) and recover semantically equivalent native code. Open-sourced post-talk. Addresses the hardest class of binary obfuscation at scale.