TLS Callbacks in PE Files - Detection and Analysis
Offered By: Dr Josh Stroschein via YouTube
Course Description
Overview
Explore the intricacies of TLS (Thread Local Storage) callbacks in this 17-minute video tutorial. Dive into the PE file format to understand how malware authors exploit TLS callbacks as an anti-debugging technique. Learn to identify and analyze these callbacks using tools like Yara, MalCat, and 010 editor. Examine the internal structures of PE files supporting TLS callbacks, and investigate their prevalence in modern malware. Gain practical insights into cybersecurity, reverse engineering, and malware analysis through hands-on demonstrations and real-world examples.
Syllabus
Definition of TLS on MSDN
TLS Structure Definition
Our Sample Program
Identifying TLS Callbacks in 010
Finding the First Callback in 010
TLS Callbacks in IDA Pro
Switching to Malcat
Why Do We Need to Know This?
How Prevalent are TLS Callbacks? Investigating with Yara
Expanding our Search with Yaraify
Investigating Recent Examples
Taught by
Dr Josh Stroschein
Related Courses
Malicious Software and its Underground Economy: Two Sides to Every StoryUniversity of London International Programmes via Coursera Palo Alto Networks Cybersecurity Essentials II
Palo Alto Networks via Coursera Introducción al Análisis del Malware en Windows
National Technological University – Buenos Aires Regional Faculty via Miríadax Android Malware Analysis - From Zero to Hero
Udemy How to Create and Embed Malware (2-in-1 Course)
Udemy