YoVDO

Under the Hood of Wslink Multilayered Virtual Machine

Offered By: Recon Conference via YouTube

Tags

REcon Conference Courses Reverse Engineering Courses Malware Analysis Courses Symbolic Execution Courses

Course Description

Overview

Dive into a 35-minute conference talk from Recon 2022 that explores the intricate workings of Wslink, a sophisticated loader associated with the Lazarus group. Uncover the advanced virtual machine obfuscator protecting Wslink samples and learn about the multiple layers of obfuscation techniques employed, including junk code insertion, virtual operand encoding, and nested VMs. Follow along as the speaker, Vladislav Hrčka, an experienced malware analyst from ESET, presents a semiautomatic approach to deobfuscating the VM's internals. Gain insights into the symbolic execution method used to extract virtual opcode semantics and understand how treating certain VM constructs as concrete values enables automatic handling of additional obfuscation techniques. Compare the deobfuscation results against non-obfuscated samples to validate the effectiveness of this approach in reverse engineering challenging malware.

Syllabus

Recon 2022 - Under the hood of Wslink multilayered virtual machine


Taught by

Recon Conference

Related Courses

Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera
Palo Alto Networks Cybersecurity Essentials II
Palo Alto Networks via Coursera
Introducción al Análisis del Malware en Windows
National Technological University – Buenos Aires Regional Faculty via Miríadax
Android Malware Analysis - From Zero to Hero
Udemy
How to Create and Embed Malware (2-in-1 Course)
Udemy