YoVDO

Pindemonium - A DBI-Based Generic Unpacker for Windows Executable

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Cybersecurity Courses Reverse Engineering Courses Malware Analysis Courses Dynamic Binary Instrumentation Courses

Course Description

Overview

Explore a DBI-based generic unpacker for Windows executables in this 25-minute Black Hat conference talk. Dive into the world of malware obfuscation and packing techniques, and learn how Pindemonium leverages Dynamic Binary Instrumentation (DBI) to combat these threats. Discover how this tool extracts and reconstructs original programs from packed versions, aiding in the analysis of obfuscated binaries. Examine the generic unpacking algorithm designed to detect and defeat popular packing techniques, including those that employ Import Address Table (IAT) obfuscation. Gain insights into the tool's effectiveness against various packers and malware samples, and understand its ability to reconstruct working unpacked binaries. For cases where full reconstruction is not possible, learn how Pindemonium provides valuable memory dumps and logs to assist malware analysts in their work. Access the open-source code on GitHub to further explore this innovative approach to unpacking and malware analysis.

Syllabus

Pindemonium: A DBI-Based Generic Unpacker for Windows Executable


Taught by

Black Hat

Related Courses

Practical Uses of Program Analysis - Automatic Exploit Generation
NorthSec via YouTube
Dynamic Binary Instrumentation Techniques to Address Native Code Obfuscation
Black Hat via YouTube
Security Instrumentation - The Future of Software Security
LASCON via YouTube
Android Rootkits - Analysis from Userland and Kernelland
RSA Conference via YouTube
Finding 0days in Embedded Systems with Code Coverage Guided Fuzzing
BruCON Security Conference via YouTube