Defeating APT10 Compiler-level Obfuscation
Offered By: Recon Conference via YouTube
Course Description
Overview
Explore advanced techniques for defeating compiler-level obfuscations used by APT10 in this 29-minute conference talk from Recon 2019. Dive into the challenges posed by opaque predicates and control flow flattening in malware analysis, focusing on the ANEL (UpperCut) RAT targeting Japan. Learn how to automatically de-obfuscate ANEL code by modifying the IDA Pro plugin HexRaysDeob. Gain insights into disassembler tool internals, methods for defining and tracking opaque predicate patterns, and strategies for breaking control flow flattening. Discover the implementation details of a publicly available tool that can de-obfuscate approximately 89% of encountered functions in tested samples. Equip yourself with valuable knowledge to combat these obfuscation techniques, which may be adopted by other threat actors in the future.
Syllabus
Recon 2019 - Defeating APT10 Compiler-level Obfuscation by Takahiro Haruyama
Taught by
Recon Conference
Related Courses
Malicious Software and its Underground Economy: Two Sides to Every StoryUniversity of London International Programmes via Coursera Palo Alto Networks Cybersecurity Essentials II
Palo Alto Networks via Coursera Introducción al Análisis del Malware en Windows
National Technological University – Buenos Aires Regional Faculty via Miríadax Android Malware Analysis - From Zero to Hero
Udemy How to Create and Embed Malware (2-in-1 Course)
Udemy