TLS Callbacks in PE Files - Detection and Analysis

Explore the intricacies of TLS (Thread Local Storage) callbacks in this 17-minute video tutorial. Dive into the PE file format to understand how malware authors exploit TLS callbacks as an anti-debugging technique. Learn to identify and analyze these callbacks using tools like Yara, MalCat, and 010 editor. Examine the internal structures of PE files supporting TLS callbacks, and investigate their prevalence in modern malware. Gain practical insights into cybersecurity, reverse engineering, and malware analysis through hands-on demonstrations and real-world examples.

Definition of TLS on MSDN
TLS Structure Definition
Our Sample Program
Identifying TLS Callbacks in 010
Finding the First Callback in 010
TLS Callbacks in IDA Pro
Switching to Malcat
Why Do We Need to Know This?
How Prevalent are TLS Callbacks? Investigating with Yara
Expanding our Search with Yaraify
Investigating Recent Examples