API Deobfuscator - Identifying Runtime-Obfuscated API Calls Via Memory Access Analysis
Offered By: Black Hat via YouTube
Course Description
Overview
Explore an innovative approach to API deobfuscation in this 27-minute Black Hat conference talk. Delve into a resilient method based on memory access analysis that overcomes the limitations of traditional pattern-based techniques for identifying runtime-obfuscated API calls. Learn how this approach utilizes the memory access patterns of runtime-obfuscation techniques, particularly those used by advanced obfuscators like Themida. Discover how the presented API deobfuscator tracks memory accesses using Intel Pin, executes Themida packed binary files, and restores obfuscated API function calls to their original form. Gain insights into the process of constructing a map from API functions to obfuscated function addresses and how this map is used to identify original API functions. Understand the advantages of this method in reversing engineering efforts and its compatibility with common debuggers like Ollydbg.
Syllabus
API Deobfuscator: Identifying Runtime - Obfuscated API Calls Via Memory Access Analysis
Taught by
Black Hat
Related Courses
Malicious Software and its Underground Economy: Two Sides to Every StoryUniversity of London International Programmes via Coursera Palo Alto Networks Cybersecurity Essentials II
Palo Alto Networks via Coursera Introducción al Análisis del Malware en Windows
National Technological University – Buenos Aires Regional Faculty via Miríadax Android Malware Analysis - From Zero to Hero
Udemy How to Create and Embed Malware (2-in-1 Course)
Udemy