Finding Functions from Export Directory and Using Seeds for API Checksums - Part 6
Offered By: Dr Josh Stroschein via YouTube
Course Description
Overview
Explore runtime-linking techniques used by Lockbit ransomware in this 16-minute video tutorial. Dive into how the malware leverages the EXPORT_DIRECTORY structure to locate APIs and utilizes DLL name seeds for computing checksum values to identify necessary functions. Learn about the process of extracting API names, navigating the export directory structure, and debugging to observe API names in action. Discover the significance of precomputed value matches and gain insights into efficient methods for API identification. Enhance your understanding of malware analysis and reverse engineering techniques through this in-depth examination of Lockbit's sophisticated runtime-linking mechanisms.
Syllabus
Seed from DLL name
Computing checksum from API name
Getting the API name
Using the export directory structure
Starting in the export directory
Debugging to see API names
When a precomputed value matches
Easy button to find APIs
Taught by
Dr Josh Stroschein
Related Courses
Dal Reverse engineering alla stampa 3DUniversity of Naples Federico II via Federica Rapid Manufacturing
Indian Institute of Technology Kanpur via Swayam Generative Design for Industrial Applications
Autodesk via Coursera Fundamentos de Ciberseguridad: un enfoque práctico
Inter-American Development Bank via edX Functional And Conceptual Design
Indian Institute of Technology Madras via Swayam