Reverse Engineering Windows Defender Part II
Offered By: Recon Conference via YouTube
Course Description
Overview
Dive into an in-depth exploration of Windows Defender Antivirus' core functionality through this conference talk from Recon 2018. Uncover the intricacies of Defender's proprietary emulator for analyzing potentially malicious Windows PE binaries on endpoints. Learn about groundbreaking reverse engineering techniques for antivirus binary emulators, including instrumentation for observation and debugging, virtual environment components, bytecode lifting and execution, memory management, and emulation of usermode Windows API and NT kernel. Discover how file system and registry emulation integrate with Defender's antivirus features. Gain insights from security researcher Alexei Bulazel as he shares his expertise on emulator internals and reverse engineering, offering a unique perspective on Windows Defender's mpengine.dll and its vast functionality.
Syllabus
Recon 2018 - Reverse Engineering Windows Defender Part II
Taught by
Recon Conference
Related Courses
Heterogeneous Parallel ProgrammingUniversity of Illinois at Urbana-Champaign via Coursera Advanced Operating Systems
Georgia Institute of Technology via Udacity 計算機程式設計 (Computer Programming)
National Taiwan University via Coursera Introduction to Operating Systems
Georgia Institute of Technology via Udacity Android Performance
Google via Udacity