Pindemonium - A DBI-Based Generic Unpacker for Windows Executable
Offered By: Black Hat via YouTube
Course Description
Overview
Explore a DBI-based generic unpacker for Windows executables in this 25-minute Black Hat conference talk. Dive into the world of malware obfuscation and packing techniques, and learn how Pindemonium leverages Dynamic Binary Instrumentation (DBI) to combat these threats. Discover how this tool extracts and reconstructs original programs from packed versions, aiding in the analysis of obfuscated binaries. Examine the generic unpacking algorithm designed to detect and defeat popular packing techniques, including those that employ Import Address Table (IAT) obfuscation. Gain insights into the tool's effectiveness against various packers and malware samples, and understand its ability to reconstruct working unpacked binaries. For cases where full reconstruction is not possible, learn how Pindemonium provides valuable memory dumps and logs to assist malware analysts in their work. Access the open-source code on GitHub to further explore this innovative approach to unpacking and malware analysis.
Syllabus
Pindemonium: A DBI-Based Generic Unpacker for Windows Executable
Taught by
Black Hat
Related Courses
Practical Uses of Program Analysis - Automatic Exploit GenerationNorthSec via YouTube Dynamic Binary Instrumentation Techniques to Address Native Code Obfuscation
Black Hat via YouTube Security Instrumentation - The Future of Software Security
LASCON via YouTube Android Rootkits - Analysis from Userland and Kernelland
RSA Conference via YouTube Finding 0days in Embedded Systems with Code Coverage Guided Fuzzing
BruCON Security Conference via YouTube