Lockbit's DLL Name Seeding Technique for API Hashing - Part 5
Offered By: Dr Josh Stroschein via YouTube
Course Description
Overview
Explore the intricacies of Lockbit's runtime-linking technique in this 14-minute video tutorial. Delve into how Lockbit utilizes the DLL name as a seed for API hashing, a unique twist on standard malware techniques. Learn to identify the image_base, parse the image DOS header, and understand DATA Directories. Examine the IMAGE_EXPORT_DIRECTORY and AddressOf* functions. Discover how the DLL name generates checksums that serve as seeds for API name computation. Gain insights into the UNICODE structure and its relevance. Enhance your reverse engineering skills and grasp the broader implications of these techniques on malware analysis efforts.
Syllabus
Finding the image_base
Parsing the image dos header
DATA Directories
The IMAGE_EXPORT_DIRECTORY
AddressOf*
Checksum from a DLL name - where the seeds come from
Brief note on the UNICODE structure
Taught by
Dr Josh Stroschein
Related Courses
Dal Reverse engineering alla stampa 3DUniversity of Naples Federico II via Federica Rapid Manufacturing
Indian Institute of Technology Kanpur via Swayam Generative Design for Industrial Applications
Autodesk via Coursera Fundamentos de Ciberseguridad: un enfoque práctico
Inter-American Development Bank via edX Functional And Conceptual Design
Indian Institute of Technology Madras via Swayam