Lockbit's DLL Name Seeding Technique for API Hashing - Part 5
Offered By: Dr Josh Stroschein via YouTube
Course Description
Overview
Explore the intricacies of Lockbit's runtime-linking technique in this 14-minute video tutorial. Delve into how Lockbit utilizes the DLL name as a seed for API hashing, a unique twist on standard malware techniques. Learn to identify the image_base, parse the image DOS header, and understand DATA Directories. Examine the IMAGE_EXPORT_DIRECTORY and AddressOf* functions. Discover how the DLL name generates checksums that serve as seeds for API name computation. Gain insights into the UNICODE structure and its relevance. Enhance your reverse engineering skills and grasp the broader implications of these techniques on malware analysis efforts.
Syllabus
Finding the image_base
Parsing the image dos header
DATA Directories
The IMAGE_EXPORT_DIRECTORY
AddressOf*
Checksum from a DLL name - where the seeds come from
Brief note on the UNICODE structure
Taught by
Dr Josh Stroschein
Related Courses
Malicious Software and its Underground Economy: Two Sides to Every StoryUniversity of London International Programmes via Coursera Palo Alto Networks Cybersecurity Essentials II
Palo Alto Networks via Coursera Introducción al Análisis del Malware en Windows
National Technological University – Buenos Aires Regional Faculty via Miríadax Android Malware Analysis - From Zero to Hero
Udemy How to Create and Embed Malware (2-in-1 Course)
Udemy