Malware Analysis - Code Injection via CreateRemoteThread & WriteProcessMemory - - vimore.org

Malware Analysis - Code Injection via CreateRemoteThread & WriteProcessMemory

Malware Analysis - Code Injection via CreateRemoteThread & WriteProcessMemory

YouTube

We take a look into the malware Gatak which uses WriteProcessMemory and CreateRemoteThread to inject code into rundll32.exe. Many thanks to @_jsoo_ for providing the sample! Follow me on Twitter: https://twitter.com/struppigel Gatak VirusBtn article: https://www.virusbulletin.com/virusbulletin/2016/04/how-it-works-steganography-hides-malware-image-files/ Sample HA: https://www.hybrid-analysis.com/sample/638554093bfbd55f65b42eb86a9d11ecf53b678cb4e9e5ec058c0e4712189f0e?environmentId=100 Sample Any Run: https://app.any.run/tasks/80896885-8b9b-4f0f-93c1-dabc5f39577c API Monitor: http://www.rohitab.com/apimonitor Process Explorer: https://technet.microsoft.com/en-us/sysinternals/processexplorer.aspx x64dbg: http://x64dbg.com/ HxD: https://mh-nexus.de/en/hxd/



Malware Analysis - Hook Injection PoC by Robert Kuster

We analyse a hook injection PoC by Robert Kuster and partially fix it for Windows 7. Follow me on Twitter: @struppigel Article and PoC: https://www.codeproject

YouTube

Three and a half ways to unpack malware using Ollydbg

Here I demonstrate to you three (and a half!) ways to unpack malware. Malware is often packed for the purpose of AntiVirus and Analysis evasion, therefore it is

YouTube

Anti-Reversing - A Way to Learn Anti-Reversing Tricks

We write and compile our own minimal sample with a debugger check using FASM and experiment with the sample in OllyDbg. My twitter profile: https://twitter.com

YouTube

Rémi Gallego - Malware Injection (Hacknet OST)

Follow me on Soundcloud: https://soundcloud.com/remigallego Hacknet is a modern, super immersive terminal-driven hacking game with a fully internally-consisten

YouTube

How to perform Remote Code Injection attacks *REUPLOADED*

Visit https://bugcrowd.com/jackktutorials to get started in your security research career! Remember to Like, Comment and Subscribe if you enjoyed the video! A

YouTube

Spectre Demo and Practical Malware Analysis

Demo of Spectre Attack on Ubuntu, and then a Practical Malware Analysis workshop, from a WASTC conference at Cisco on Jan 4, 2018 http://www.wastc.org/events/w

YouTube

Malware Analysis - Finding Fresh Samples Without Paid Account

I describe three ways to find or get fresh malware samples if you have no access to Virustotal or other paid accounts. As a bonus we deobfuscate a small powersh

YouTube

Read Process Memory with ReadProcessMemory Windows API

Windows API Exploitation for Red Blue Teams: http://www.pentesteracademy.com/course?id=31

YouTube

API Hooking - Using EasyHook to hook NtCreateFile in Notepad.exe

Short video demoing a sweet library called EasyHook which can be used to hook API calls on Windows. The library is fully maintained and works with x64 as well,

YouTube

Malware Analysis - DOSfuscation Deobfuscation

Fireeye made a white paper on cmd.exe command obfuscation (DOSfuscation). We deobfuscate a malware sample that uses techniques described in their paper. Dosfus

YouTube

SNES Code Injection -- Flappy Bird in SMW

Using various Super Mario World glitches, I injected the code for Flappy Bird (code written by p4plus2). This is the first time a human has ever completed this

YouTube

First Exploit! Buffer Overflow with Shellcode - bin 0x0E

We write our first real exploit to get root access. Solving stack5 from exploit-exercises.com with a simple Buffer Overflow and shellcode. Run into some proble

YouTube

Unpacking Process Injection Malware With IDA PRO (Part 1)

Open Analysis Live! This is a re-post from our old site. We walk though the steps needed to unpack process injection using IDA Pro. In this first part we identi

YouTube

Debugging an application using Sysinternals Procmon and Procexp

Scott uses Process Monitor and Process Explorer to debug an interesting interaction between Google Chrome and GitHub for Windows

YouTube

What's new in the FOR610: Reverse-Engineering Malware Analysis course in 2017

SANS course FOR610: Reverse-Engineering Malware has undergone a major revamp in 2017. The refreshed materials introduce new malware analysis tools, fresh sample

YouTube

Malware Analysis - Unpacking Locky with VirtualAlloc

A quick showcase of unpacking a Locky ransomware sample. Sidenote: My fear of accidental execution is that it will encrypt the OllyDbg files which I still need

YouTube

Windows Memory Analysis

As a continuation of the “Introduction to Memory Forensics” video, we will use Volatility to analyze a Windows memory image that contains malware. We’ll first s

YouTube

Hackyard - dynamic shellcode injection

The injection points are based on the execution flow of the executable. Dynamic shellcode injection mean that the start of the injected code does NOT occur in l

YouTube

Malware Analysis Part #1: Basic Static Analysis

Basic Static Malware Analysis with PEview = http://wjradburn.com/software/ CFF Explorer = http://www.ntcore.com/exsuite.php PEinsider = http://cerbero.io/peins

YouTube

9.CreateProcess Function - Windows System Programming in C/C++

In this Tutorial, I have created a process in Windows. I have used following API's. 1. CreateProcess -- create the process. 2. GetProcessID - Printing the proce

YouTube