2013 Day1P4 Life of Binaries: PE DOS Header - - vimore.org

2013 Day1P4 Life of Binaries: PE DOS Header

2013 Day1P4 Life of Binaries: PE DOS Header

YouTube

The class materials are available at http://www.OpenSecurityTraining.info/LifeOfBinaries.html Follow us on Twitter for class news @OpenSecTraining. The playlist for this class is here: http://bit.ly/1cdrfel The full quality video can be downloaded at http://archive.org/details/opensecuritytraining Have you ever wondered what happens when a C program is compiled and executed on a system? This three-day class by Xeno Kovah will investigate the life of a binary from birth as C source code to death as a process running in memory being terminated. Topics will include but are not limited to: *Scanning and tokenizing source code. *Parsing a grammar and outputting assembly code. *Different targets for x86 assembly object files generation. (E.g. relocatable vs. position independent code). *Linking object files together to create a well-formed binary. *Detailed description of the Windows PE binary format. *How Windows loads a binary into memory and links it on the fly before executing it. *Detailed description of the Unix/Linux/BSD ELF binary format. Along the way we will discuss the relevance of security at different stages of a binary's life, from how viruses *really* work, to the way which malware "packers" duplicate OS process execution functionality, to the benefit of a security-enhanced OS loader which implements address space layout randomization (ASLR). Lab work will include: *Using the new "Binary Scavenger Hunt" tool which creates randomized PE binaries and asks randomized questions about the material you just learned! *Manipulating compiler options to change the type of assembly which is output *Manipulating linker options to change the structure of binary formats *Reading and understanding PE files with PEView *Using WinDbg to watch the loader resolve imports in an executable *Using Thread Local Storage (TLS) to obfuscate control flow and serve as a basic anti-debug mechanism *Creating a simple example virus for PE *Analyze the changes made to the binary format when a file is packed with UPX *Using the rootkit technique of Import Address Table (IAT) hooking to subvert the integrity of a program's calls to external libraries, allowing processes to be hidden. The prerequisites for this class are a basic understanding of C programming and compilation. This class is recommended for a later class on Rootkits (playlist: http://bit.ly/HLkPVG) as we talk about IAT Hooking, and required for a later class on malware analysis.



2013 Day1P5 Life of Binaries: PE NT Header, File Header

The class materials are available at http://www.OpenSecurityTraining.info/LifeOfBinaries.html Follow us on Twitter for class news @OpenSecTraining. The playlist

YouTube

DOS Executables Explained [Byte Size] | Nostalgia Nerd

.COM .BAT. EXE... these are a few of my favourite things. Ahhhh MS-DOS. A beautiful command line driven operating system which filled our hearts with glee. Core

YouTube

Paula Seling - Timpul

HQ Music Video Venice, Italy After The video take a look at some of Paula's other music, you can find it directly on YouTube by searching for: Paula Seli

YouTube

olly tutorial 5, packed files and PEID

in this cideo i show you packed execuatable, how to open them, how to unpack them, and how to attach to them in olly :) PEID http://www.peid.info/download.html

YouTube

C++ : split strings into tokens using strtok

In this video i show you how to use strtok from c string library. I use strtok to parse a char array string and separate it using a period as a delimiter (token

YouTube

2013 Day1P16 Life of Binaries: PE Delay Load Imports

The class materials are available at http://www.OpenSecurityTraining.info/LifeOfBinaries.html Follow us on Twitter for class news @OpenSecTraining. The playlist

YouTube

Image File Formats - JPEG, GIF, PNG

What's the difference between a JPEG, PNG, GIF, etc...? TunnelBear message: TunnelBear is the easy-to-use VPN app for mobile and desktop. Visit http://tunnelbe

YouTube

Dynamic Malware Analysis D3P17 Actionable Output Yara

Get the class materials to follow along at http://www.opensecuritytraining.info/MalwareDynamicAnalysis.html Follow us on Twitter for class news @OpenSecTraining

YouTube

BUILD A UNIVERSAL IMAGE USING ACRONIS AND WIN 10

TODAY'S LAB: MAKING A UNIVERSAL IMAGE USING VMWORKSTATION AND ACRONIS IMAGING SOFTWARE *********** UNIVERSAL MEANING THAT THE END RESULT IMAGE WILL BE FLEXABL

YouTube

C/C++ Memory Hacking — Run PE | Run Executable From Memory

Source download: Link Removed • Support me on Patreon: http://www.patreon.com/Zer0Mem0ry • Donate Bitcoin: 1JhSKGgRQmir8rRF4Sm5CP4fDDofKFAypd • Facebook: https

YouTube

C++ Programming Tutorial #27 : Command line parsing step 1 : Expectations

Watch Entire Series: http://www.youtube.com/view_play_list?p=PLLDzV9QzfAcW2vdR_dyqQ01rcdnY8YT-0&playnext=1 The first step in solving any computing problem whe

YouTube

Anti-Reversing - Anti-Dump Trick "Header Erase"

I showcase a minimal FASM sample that prevents memory dumping. It erases its own header in memory so that dumping tools don't see a valid PE image anymore. Fol

YouTube

How to Use Hex Offsets and Block Sizes

Hey everybody! Remember to comment, rate, and subscribe! I may do giveaways as the channel grows so feel free to ask for tutorials!

YouTube

2013 Day2P18 LoB: ELF Intro

The class materials are available at http://www.OpenSecurityTraining.info/LifeOfBinaries.html Follow us on Twitter for class news @OpenSecTraining. The playlist

YouTube

Using a Hex Editor

Demonstration of the use of a hex editor for CFDI320 at Champlain College

YouTube

2013 Day2P17 LoB: PE to ELF Topic Transition

The class materials are available at http://www.OpenSecurityTraining.info/LifeOfBinaries.html Follow us on Twitter for class news @OpenSecTraining. The playlist

YouTube

2013 Day1P7 Life of Binaries: PE NT Header, Optional Header

The class materials are available at http://www.OpenSecurityTraining.info/LifeOfBinaries.html Follow us on Twitter for class news @OpenSecTraining. The playlist

YouTube

Malware Theory - Basic Structure of PE Files

I explain the basic structure of the Portable Executable file format using animated graphics. This video is meant for beginners in malware analysis. Follow me

YouTube

Dynamic Malware Analysis D3P19 Actionable Output Snort

Get the class materials to follow along at http://www.opensecuritytraining.info/MalwareDynamicAnalysis.html Follow us on Twitter for class news @OpenSecTraining

YouTube