Identifying Signs of Runtime-Linking and Building Context for API Hashes in Lockbit Malware - Part 3
Offered By: Dr Josh Stroschein via YouTube
Course Description
Overview
Explore the intricacies of Lockbit's runtime linking techniques in this 16-minute video tutorial. Delve into how the malware dynamically builds its import table, a crucial aspect of reverse engineering. Uncover the use of precomputed values instead of strings as an additional layer of obfuscation. Learn to identify signs of runtime linking, understand the purpose of precomputed hashes/checksums, and build context around API importation. Dive deeper into the malware's structure, examining its use of recursion for dynamic API resolution. Conclude with a practical demonstration of stepping through the code in a debugger, enhancing your malware analysis skills.
Syllabus
Finding evidence of runtime linking
Precomputed hashes/checksums and what they are used for
Building context around how APIs will be imported
Another layer deeper
Using recursion to dynamically resolve APIs
Stepping through the code in a debugger
Taught by
Dr Josh Stroschein
Related Courses
Malicious Software and its Underground Economy: Two Sides to Every StoryUniversity of London International Programmes via Coursera Palo Alto Networks Cybersecurity Essentials II
Palo Alto Networks via Coursera Introducción al Análisis del Malware en Windows
National Technological University – Buenos Aires Regional Faculty via Miríadax Android Malware Analysis - From Zero to Hero
Udemy How to Create and Embed Malware (2-in-1 Course)
Udemy