YoVDO

Under the Hood of Wslink Multilayered Virtual Machine

Offered By: Recon Conference via YouTube

Tags

REcon Conference Courses Cybersecurity Courses Reverse Engineering Courses Malware Analysis Courses

Course Description

Overview

Dive into the intricate world of advanced malware obfuscation techniques in this 35-minute conference talk from Recon 2022. Explore the unique Wslink loader, associated with the Lazarus group, and its sophisticated virtual machine (VM) obfuscator. Uncover the multiple layers of protection employed, including junk code insertion, virtual operand encoding, opcode duplication, opaque predicates, instruction merging, and nested VM structures. Learn about a semiautomatic approach to deobfuscation, combining symbolic execution with simplifying rules and concrete value analysis. Witness the effectiveness of this method as it's applied to bytecode chunks from both obfuscated and non-obfuscated samples, providing valuable insights for malware analysts and cybersecurity professionals.

Syllabus

Recon 2022 - Under the hood of wlink multilayered virtual machine


Taught by

Recon Conference

Related Courses

Dal Reverse engineering alla stampa 3D
University of Naples Federico II via Federica
Rapid Manufacturing
Indian Institute of Technology Kanpur via Swayam
Generative Design for Industrial Applications
Autodesk via Coursera
Fundamentos de Ciberseguridad: un enfoque práctico
Inter-American Development Bank via edX
Functional And Conceptual Design
Indian Institute of Technology Madras via Swayam