This session will introduce you with some tools and tricks to identify and remove malwares from the infected system. [Note: View the video in 720HD quality] Demo Video 1 Demo Video 2 Demo Video 3 Demo Video 4
Shell Detect is a tool to detect presence of Shell Code within a file or network stream. You can either provide raw binary file (such as generated from Metasploit or network stream file as input to this tool. These days attackers distribute malicious files which contains hidden exploit shell code. On opening such files, exploit shell […]
This session covered the concept of rootkit and demonstrated some of the techniques used by the rooktits. Demo Video 1: Mader – SSDT Hooking Demo Video 2: Prolaco – Process Hiding using DKOM Demo Video 3: Darkmegi/waltrodock – Installs Device Driver Demo Video 4: Carberp – Syscall Patch and Inline Hooks
This session discussed some of the protections added by the operating system and processors to mitigate the exploitation, and also presented some ways to bypass those protections. DemoVideo 1: Heap Spray DemoVideo 2: Bypassing DEP
This session covered the basic techniques of exploitation, some of these techniques may not work on latest operating system due various protections added into them. But these techniques are very crucial to understand the basic nature of exploit Demo Video 1: EIP Overwrite Demo Video 2: SEH Overwrite
This session covered the concept of basic and advanced malware analysis. Video Demo Demo Video 1: Basic Malware Analysis Demo Video 2: Advanced Malware Analysis
Memory forensics is an investigation technique which involves examining the computer’s memory for forensic artifacts. This presentation covers the concept of memory forensics and shows how to perform memory forensics using an investigation scenario. Video Demo
In reverse engineering understanding cryptographic functions and packers are the two most challenging and sophisticated tasks. In real life virtually all malwares use some form of packing so understanding packing/unpacking is one of the most important task in malware analysis. Check the reference section for additional material. We highly recommend Lena151 (see reference) material for […]
This session covers the concept of basic Reverse engineering. Malwares most of time uses packers and cryptors to thwart the analysis efforts, so it becomes important to understand the concept of unpacking. This presentation covers the concept of packer and a demo showing unpacking of packer called UPX. Video Demo
About Malpimp Malpimp is an advanced API tracing tool and designed to automate the reverse engineering process. In the backend it uses pydbg to hook the APIs. It provides include and exclude policies to increase the control on the application in execution. Being command-line tool makes it perfect for automation of malware as well as […]