TLS Callbacks in PE Files - Detection and Analysis
Offered By: Dr Josh Stroschein via YouTube
Course Description
Overview
Explore the intricacies of TLS (Thread Local Storage) callbacks in this 17-minute video tutorial. Dive into the PE file format to understand how malware authors exploit TLS callbacks as an anti-debugging technique. Learn to identify and analyze these callbacks using tools like Yara, MalCat, and 010 editor. Examine the internal structures of PE files supporting TLS callbacks, and investigate their prevalence in modern malware. Gain practical insights into cybersecurity, reverse engineering, and malware analysis through hands-on demonstrations and real-world examples.
Syllabus
Definition of TLS on MSDN
TLS Structure Definition
Our Sample Program
Identifying TLS Callbacks in 010
Finding the First Callback in 010
TLS Callbacks in IDA Pro
Switching to Malcat
Why Do We Need to Know This?
How Prevalent are TLS Callbacks? Investigating with Yara
Expanding our Search with Yaraify
Investigating Recent Examples
Taught by
Dr Josh Stroschein
Related Courses
Dal Reverse engineering alla stampa 3DUniversity of Naples Federico II via Federica Rapid Manufacturing
Indian Institute of Technology Kanpur via Swayam Generative Design for Industrial Applications
Autodesk via Coursera Fundamentos de Ciberseguridad: un enfoque práctico
Inter-American Development Bank via edX Functional And Conceptual Design
Indian Institute of Technology Madras via Swayam