Reverse Engineering Windows Defender Part II
Offered By: Recon Conference via YouTube
Course Description
Overview
Dive into an in-depth exploration of Windows Defender Antivirus' core functionality through this conference talk from Recon 2018. Uncover the intricacies of Defender's proprietary emulator for analyzing potentially malicious Windows PE binaries on endpoints. Learn about groundbreaking reverse engineering techniques for antivirus binary emulators, including instrumentation for observation and debugging, virtual environment components, bytecode lifting and execution, memory management, and emulation of usermode Windows API and NT kernel. Discover how file system and registry emulation integrate with Defender's antivirus features. Gain insights from security researcher Alexei Bulazel as he shares his expertise on emulator internals and reverse engineering, offering a unique perspective on Windows Defender's mpengine.dll and its vast functionality.
Syllabus
Recon 2018 - Reverse Engineering Windows Defender Part II
Taught by
Recon Conference
Related Courses
Malicious Software and its Underground Economy: Two Sides to Every StoryUniversity of London International Programmes via Coursera Palo Alto Networks Cybersecurity Essentials II
Palo Alto Networks via Coursera Introducción al Análisis del Malware en Windows
National Technological University – Buenos Aires Regional Faculty via Miríadax Android Malware Analysis - From Zero to Hero
Udemy How to Create and Embed Malware (2-in-1 Course)
Udemy