Under the Hood of Wslink Multilayered Virtual Machine
Offered By: Recon Conference via YouTube
Course Description
Overview
Dive into the intricate world of advanced malware obfuscation techniques in this 35-minute conference talk from Recon 2022. Explore the unique Wslink loader, associated with the Lazarus group, and its sophisticated virtual machine (VM) obfuscator. Uncover the multiple layers of protection employed, including junk code insertion, virtual operand encoding, opcode duplication, opaque predicates, instruction merging, and nested VM structures. Learn about a semiautomatic approach to deobfuscation, combining symbolic execution with simplifying rules and concrete value analysis. Witness the effectiveness of this method as it's applied to bytecode chunks from both obfuscated and non-obfuscated samples, providing valuable insights for malware analysts and cybersecurity professionals.
Syllabus
Recon 2022 - Under the hood of wlink multilayered virtual machine
Taught by
Recon Conference
Related Courses
Dal Reverse engineering alla stampa 3DUniversity of Naples Federico II via Federica Rapid Manufacturing
Indian Institute of Technology Kanpur via Swayam Generative Design for Industrial Applications
Autodesk via Coursera Fundamentos de Ciberseguridad: un enfoque práctico
Inter-American Development Bank via edX Functional And Conceptual Design
Indian Institute of Technology Madras via Swayam