This session covered the concept of rootkit and demonstrated some of the techniques used by the rooktits. Demo Video 1: Mader – SSDT Hooking Demo Video 2: Prolaco – Process Hiding using DKOM Demo Video 3: Darkmegi/waltrodock – Installs Device Driver Demo Video 4: Carberp – Syscall Patch and Inline Hooks
This session discussed some of the protections added by the operating system and processors to mitigate the exploitation, and also presented some ways to bypass those protections. DemoVideo 1: Heap Spray DemoVideo 2: Bypassing DEP
This session covered the basic techniques of exploitation, some of these techniques may not work on latest operating system due various protections added into them. But these techniques are very crucial to understand the basic nature of exploit Demo Video 1: EIP Overwrite Demo Video 2: SEH Overwrite
This session covered the concept of basic and advanced malware analysis. Video Demo Demo Video 1: Basic Malware Analysis Demo Video 2: Advanced Malware Analysis
Memory forensics is an investigation technique which involves examining the computer’s memory for forensic artifacts. This presentation covers the concept of memory forensics and shows how to perform memory forensics using an investigation scenario. Video Demo
In reverse engineering understanding cryptographic functions and packers are the two most challenging and sophisticated tasks. In real life virtually all malwares use some form of packing so understanding packing/unpacking is one of the most important task in malware analysis. Check the reference section for additional material. We highly recommend Lena151 (see reference) material for […]
This session covers the concept of basic Reverse engineering. Malwares most of time uses packers and cryptors to thwart the analysis efforts, so it becomes important to understand the concept of unpacking. This presentation covers the concept of packer and a demo showing unpacking of packer called UPX. Video Demo
About Malpimp Malpimp is an advanced API tracing tool and designed to automate the reverse engineering process. In the backend it uses pydbg to hook the APIs. It provides include and exclude policies to increase the control on the application in execution. Being command-line tool makes it perfect for automation of malware as well as […]
Reverse engineering tools are essential in understanding the functionality and the inner workings of a binary. The presentation covers the concept of some of the commonly used reverse engineering tools.
While Analyzing the malwares most of the time we don’t have its source code, so in order to understand their functionality one has to debug/disassemble the binary (executable, dll etc.), Understanding the assembly language will help you build a high level logic while your are debugging/disassembling the malware sample.