Revisiting Ring3 API Hooks: Tricks to Defeat Analysis Tools - Rafael Salema Marquez - Ekoparty - 2021
Offered By: Ekoparty Security Conference via YouTube
Course Description
Overview
Explore advanced ring3 API hooking techniques designed to evade malware analysis tools in this 42-minute conference talk from Ekoparty 2021. Delve into the world of malware development as Rafael Salema Marquez introduces novel variations of existing API hook methods, including "Egg hook" and "Hollow hook." Learn how these techniques can confuse and defeat popular forensics tools, gaining insights into the strategies employed by malware writers to remain undetected. Examine the basic concepts of API hooks, inline hooks, and IAT hooks before diving into the intricacies of the new approaches. Follow along with practical demonstrations and proof of concept implementations, understanding their impact on virtual machine environments and analysis results.
Syllabus
Introduction
Agenda
Rafaels background
What is important
Dark side
Credentials
Expose new techniques
Basic knowledge
What is API hooks
Avoid distractions
Inline hooks
IAT hooks
Regular flow
How it works
Detection strategies
Egg hook
Egg hook explanation
Create process suspended
allocate memory
the fun part
proof of concept
virtual machine
fast look
results
actual results
outro
Taught by
Ekoparty Security Conference
Related Courses
Malicious Software and its Underground Economy: Two Sides to Every StoryUniversity of London International Programmes via Coursera Palo Alto Networks Cybersecurity Essentials II
Palo Alto Networks via Coursera Introducción al Análisis del Malware en Windows
National Technological University – Buenos Aires Regional Faculty via Miríadax Android Malware Analysis - From Zero to Hero
Udemy How to Create and Embed Malware (2-in-1 Course)
Udemy