Richo will walk attendees through the basic architecture of a traditional AOT compiler and runtime loader, and describe the parallels between this and the operation of a modern bytecode VM (python, ruby, etc). With this newfound knowledge, we’ll tackle implementing a tool to reverse engineer a sample of obfuscated ruby. However, instead of analyzing the bytecode directly, we will instead implement a malicious, but otherwise fully functional VM, and use that to explore the various anti-analysis tricks deployed.