YoVDO

Reverse Engineering Windows Defender Part II

Offered By: Recon Conference via YouTube

Tags

REcon Conference Courses Reverse Engineering Courses Malware Analysis Courses Memory Management Courses

Course Description

Overview

Dive into an in-depth exploration of Windows Defender Antivirus' core functionality through this conference talk from Recon 2018. Uncover the intricacies of Defender's proprietary emulator for analyzing potentially malicious Windows PE binaries on endpoints. Learn about groundbreaking reverse engineering techniques for antivirus binary emulators, including instrumentation for observation and debugging, virtual environment components, bytecode lifting and execution, memory management, and emulation of usermode Windows API and NT kernel. Discover how file system and registry emulation integrate with Defender's antivirus features. Gain insights from security researcher Alexei Bulazel as he shares his expertise on emulator internals and reverse engineering, offering a unique perspective on Windows Defender's mpengine.dll and its vast functionality.

Syllabus

Recon 2018 - Reverse Engineering Windows Defender Part II


Taught by

Recon Conference

Related Courses

Heterogeneous Parallel Programming
University of Illinois at Urbana-Champaign via Coursera Advanced Operating Systems
Georgia Institute of Technology via Udacity 計算機程式設計 (Computer Programming)
National Taiwan University via Coursera Introduction to Operating Systems
Georgia Institute of Technology via Udacity Android Performance
Google via Udacity