YoVDO

Walking the PEB, Enhancing IDA's Output with Structures, and Unlocking Runtime-Linking - Lecture 4

Offered By: Dr Josh Stroschein via YouTube

Tags

Malware Analysis Courses Reverse Engineering Courses IDA Pro Courses Windows Internals Courses WinDbg Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the intricacies of malware analysis in this 16-minute video tutorial focusing on Lockbit and similar malware families. Dive deep into the process of locating and utilizing the Process Environment Block (PEB) to identify in-memory DLLs, enabling malware to find necessary libraries and functions during runtime while avoiding the pre-declared import table. Learn how this technique complicates basic analysis and reverse engineering by obscuring function resolution. Discover Lockbit's unique approach of using seeds to add complexity to the process. Follow along as the tutorial guides you through finding PEB references, accessing PEB structure members, viewing relevant structures in WinDbg, and adding structures in IDA. Gain valuable insights into advanced malware analysis techniques and enhance your cybersecurity skills.

Syllabus

Finding the PEB reference
Accessing PEB structure members
Viewing relevant structures in WinDbg
Adding structures in IDA


Taught by

Dr Josh Stroschein

Related Courses

Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera
Palo Alto Networks Cybersecurity Essentials II
Palo Alto Networks via Coursera
Introducción al Análisis del Malware en Windows
National Technological University – Buenos Aires Regional Faculty via Miríadax
Android Malware Analysis - From Zero to Hero
Udemy
How to Create and Embed Malware (2-in-1 Course)
Udemy