Dissecting a Ransomware-Infected MBR - Raul Alvarez - Hack in Paris - 2017
Offered By: Hack in Paris via YouTube
Course Description
Overview
Explore the intricacies of ransomware-infected Master Boot Records (MBR) in this 38-minute conference talk from Hack in Paris 2017. Delve into the boot process, operating system detection, and the critical impact of compromising a single sector on your hard disk. Follow along as Raul Alvarez dissects the malicious code overwriting an MBR, demonstrating how it seizes control of the boot process until ransom payment. Gain insights into debugging the MBR to observe native code execution without APIs. Learn about MBR vs. GPT, execution flow, resolving normal malware, Device IO Control API, Physical Drive Zero, and more. Witness a practical demonstration of MBR debugging and understand the implications of boot sector manipulation in this comprehensive exploration of ransomware techniques.
Syllabus
Introduction
About me
Smallpox
MBR vs GPT
GPT
Pecha
Execution flow
Resolving normal malware
Resolving xx section
Device IO Control API
Physical Drive Zero
Winobj
Process Monitor
MBR
Boot Sector Marker
Overwrite MBR
New MBR
Debugging the MBR
Taught by
Hack in Paris
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network