YoVDO

Reverse Engineering Windows Defender's JavaScript Engine

Offered By: Recon Conference via YouTube

Tags

REcon Conference Courses Cybersecurity Courses Javascript Courses Reverse Engineering Courses Memory Management Courses

Course Description

Overview

Dive into a comprehensive reverse engineering analysis of Windows Defender's JavaScript engine in this conference talk from Recon 2018 Brussels. Explore the intricacies of the MpEngine.dll, focusing on the approximately 1,200 functions that make up Defender's proprietary JavaScript engine used for analyzing potentially malicious JS code. Learn about the engine's inner workings, including types, memory management, JS/ECMAScript features, and integration with Defender's antivirus system. Discover techniques for building tooling to interact with the engine, identifying non-security JS runtime bugs, and implementing anti-analysis tricks for malicious scripts. Gain insights into the engine's attack surface for exploitation and consider potential vulnerabilities within the remaining 98% of this enormous binary. Presented by Alexei Bulazel, a security researcher with River Loop Security and RPISEC member, this talk offers valuable knowledge for those interested in reverse engineering and security analysis of complex software systems.

Syllabus

Recon 2018 Brussels - Reverse Engineering Windows Defender’s JavaScript Engine


Taught by

Recon Conference

Related Courses

Heterogeneous Parallel Programming
University of Illinois at Urbana-Champaign via Coursera
Advanced Operating Systems
Georgia Institute of Technology via Udacity
計算機程式設計 (Computer Programming)
National Taiwan University via Coursera
Introduction to Operating Systems
Georgia Institute of Technology via Udacity
Android Performance
Google via Udacity