You will find some interesting papers and presentations from the 2008 CARO Workshop, here:

http://www.datasecurity-event.com/downloads.html

Some titles:

  • Emulation: how low will you go...
  • Anti-unpacker tricks
  • Anti-Emulation Through Time-Lock Puzzles
  • IDA Pro & obfuscated code
  • Hump-and-dump: efficient generic unpacking using an ordered address execution histogram
  • Unpacking, an hybrid approach
  • Runtime Packer Testing Experiences
  • Exepacker blacklisting: theory and experiences
  • Dealing with Virtualization packers