Unpacking Gootkit Part 2 - Debugging Anti-Analysis Tricks With IDA Pro and x64dbg - - vimore.org

Unpacking Gootkit Part 2 - Debugging Anti-Analysis Tricks With IDA Pro and x64dbg

Unpacking Gootkit Part 2 - Debugging Anti-Analysis Tricks With IDA Pro and x64dbg

YouTube

Open Analysis Live! We use IDA Pro and x64dbg to take a second look at Gootkit and determine how it uses files name checks to evade analysis. Expand for more... Our original Gootkit unpacking video where we explain the packer and dumping from memory. https://youtu.be/242Tn0IL2jE Packed sample: Sha256: da336edead5e63d2759ebe1414575ce7f07162f28a99fa55a4d8badfc87b6720 https://malshare.com/sample.php?action=detail&hash=ef4cf20e80a95791d76b3df8d9096f60 Unpacked Gootkit (stage 1): Sha256: b0d421e2d415e0e5a4b94e4adaa8a6625405db3739156e79b2e85ba2fb1d6067 https://malshare.com/sample.php?action=detail&hash=f92aa495c4f932a1f0a7dd7669d592e4 Excellent blog from @r3mrum on crc32 hashes and Gootkit: https://r3mrum.wordpress.com/2018/02/15/string-hashing-reverse-engineering-an-anti-analysis-control/ Lastline CRC32 hashes for Gootkit: https://www.lastline.com/labsblog/evasive-malware-tricks/ x64dbg: https://x64dbg.com/#start IDA: https://www.hex-rays.com/products/ida/support/download_freeware.shtml Feedback, questions, and suggestions are always welcome : ) Sergei https://twitter.com/herrcore Sean https://twitter.com/seanmw As always check out our tools, tutorials, and more content over at http://www.openanalysis.net



Unpacking Princess Locker and Fixing Corrupted PE Header (OALabs x MalwareAnalysisForHedgehogs)

Open Analysis Live teams up with MalwareAnalysisForHedgehogs to unpack Princess Locker ransomware. We show how to use x64dbg and hooks on VirtualAlloc to dump t

YouTube

Simple Anti-Debugger API Methods

Here's some WINAPI for catching them darn debuggers out in the wild.

YouTube

x64dbg and HxD Tutorial: How to Patch "CD Required" Errors (No-CD Patches) [PainKiller Editor]

► SUBSCRIBE: http://goo.gl/tkkXvf —► Twitch Channel: http://twitch.tv/Sn34kyMofo Description: If you've ever been met with an error where a CD is required to p

YouTube

Simple Reverse Engineering on Windows

In this video we'll be learning how to use simple reverse engineering techniques to see inside a Windows EXE and manipulate it. The program we'll be looking at

YouTube

Disabling an anti-debugger method

The CopyTrans application contains code to prevent a debugger such as OllyDbg from being attached to the CopyTrans.exe process. In this video we look at the tec

YouTube

Unpacking Emotet / Geodo (Stage 1) Using x64dbg - Subscriber Request

Open Analysis Live! We use x64dbg to unpack a new Emotet / Geodo malware (Stage 1). This was a subscriber request asking us to determine how this was packed. P

YouTube

How To Defeat Anti-VM and Anti-Debug Packers With IDA Pro

Open Analysis Live! We use IDA Pro and the debugger to unpack a Loki malware sample from a packer that has a ton of anti-analysis, anti-debug, and ant-vm tricks

YouTube

LetsCrack #1 - LaFarges crackme #2 in IDA Pro

Day 2 using IDA, so I'm still very new. Hope this helps inspire someone to give it a shot. Learn with me, give me tips, etc. JC's video, which is much more in

YouTube

How to use x64dbg debugger ( x64dbg quick tut ) | Using x64 dbg on Windows 10

x64dbg debugger reverse engineering tutorial + how to hack software | Hack & protect software from cracking [Series] ===================================== Subsc

YouTube

How to Reverse Engineer with IDA Pro Disassembler Part1

Hello GuidedHacking fans! If you want to hack video games you have got to learn the basics of assembly how the stack works learn how to use a decompiler / disa

YouTube

Analyze JavaScript and VBScript Malware With x64dbg Debugger and API Hooking

Open Analysis Live! The fastest way to analyze JavaScript and VBScript malware is by using a debugger to hook API calls. In this tutorial we demonstrate this te

YouTube

Cracking Software with x64dbg-2018-19

A part of ethical: link for x64dbg------ https://x64dbg.com/#start link for power iso ------------ https://www.poweriso.com/downloa

YouTube

Unpacking and Extracting TrickBot Malware Configuration With x64dbg and Python

Open Analysis Live! We unpack TrickBot and extract it's configuration file using x64dbg and a Python script from the KevinTheHermit project. Expand for more...

YouTube

How to Crack a program using OllyDbg 1

this is the first of my tutorials in using olly debugger and cracking a program using it. i will be uploading many more tutorials covering varying difficulties

YouTube

Fast Malware Unpacking With CryptDecrypt and RtlDecompressBuffer

Open Analysis Live! We demonstrate a quick trick to unpack malware that uses CryptDecrypt or RtlDecompressBuffer. Packers that rely on these APIs can be unpacke

YouTube

Malware Samples Crashing x64dbg Fixed!

We dive into why some recent malware samples have been crashing in x64dbg. Expand for more... Example (Vidar) sent from subscriber packed with packer that cr

YouTube

Lazy String Decryption Tips With IDA PRO and Shade Ransomware Unpacked!

We use x64dbg debugger to unpack troldesh / shade ransomware then we use IDA PRO to quickly decrypt strings and resolve dynamic imports. Expand for details...

YouTube

How to crack Filmora and remove the trial limitations using x64dbg

How to remove the trial limitations from Filmora - pop-up registration nags and video watermark http://morituri.co.nf/

YouTube

Basic Dynamic Analysis with IDA Pro and WinDBG

This video demonstrates the basics of using IDA Pro and WinDBG presented in the form of evaluating a sample application. Enjoy! -brad antoniewicz

YouTube

Unpacking Themida 2.x 64bit … Without Actually Unpacking - REDUX!

Open Analysis Live! In this tutorial we show how to unpack a Themida 2.x 64bit PE file.... kind of : ) Instead of attacking the Themida protection directly we w

YouTube