Open Analysis Live! We use IDA Pro and the debugger to unpack a Loki malware sample from a packer that has a ton of anti-analysis, anti-debug, and ant-vm tricks. The original sample from Malware Traffic Analysis: http://www.malware-traffic-analysis.net/2017/11/16/index.html The hybrid-analysis sandbox run: https://www.hybrid-analysis.com/sample/8a3e6b18b0532c63b3e7eda71e6962f5128c2be9e8f52a817bd90d701852473a?environmentId=100 Two excellent manuals for understanding anti-analysis tricks (PDF): http://anti-reversing.com/Downloads/Anti-Reversing/The_Ultimate_Anti-Reversing_Reference.pdf https://www.blackhat.com/presentations/bh-usa-07/Yason/Whitepaper/bh-usa-07-yason-WP.pdf The unpacked sample: https://www.hybrid-analysis.com/sample/4447d464723e1276756f03fc7a77b3d99ea379d5decbc6d78478aad4c498e2ac?environmentId=100 LordPE ... old school cool : )) https://www.aldeid.com/wiki/LordPE We are always looking for feedback, what did you like, what do you want to see more of, what do you want to see us analyze next? Let us know on twitter: https://twitter.com/herrcore https://twitter.com/seanmw As always check out our tools, tutorials, and more content over at http://www.openanalysis.net P.S. @BinaryAdventure has created an excellent tutorial demonstrating the same technique but using OllyDbg! Check it out https://youtu.be/g_fziRrG_Aw
Open Analysis Live! A few tips and tricks to help you analyze malware with IDA Pro. PE Mapped Virtual Address vs. Offset In Binary File: 02:55 IDA Pro Layout T
Open Analysis Live! In this tutorial we show how to unpack a Themida 2.x 64bit PE file.... kind of : ) Instead of attacking the Themida protection directly we w
Your precious 0-day? That meticulously crafted exploit? The perfect foothold? At some point, they'll be captured, dissected, and put on display. Reverse enginee
Open Analysis Live! We analyze Adwind / JRAT malware using x64dbg and Java ByteCode Viewer. This was a subscriber request asking us to take a closer look at Adw
I will discuss each of the techniques the malware author used in order to prevent reverse engineering of their Android native library including manipulating the
5:36 приношу извинения, фрапс выкинул ~22 секунды видео ((. В тот момент я говорил о том, что необходимо проверять каждую ситуацию, но можно пропускать похожие
x64dbg debugger reverse engineering tutorial + how to hack software | Hack & protect software from cracking [Series] ===================================== Subsc
Here I demonstrate how to overcome a simple self-defence tactic that some malware samples commonly utilise to target their victims and prevent sandbox / VM anal
Manual Unpacking VMProtect v.2.07 Tutorial this Tutorial perfect working script : http://www9.zippyshare.com/v/kmYPTWRe/file.html
Вас ждет практическая демонстрация автоматизации трудоемких задач при работе с отладчиком WinDbg. Слушатели получат практические навыки разработки скриптов с по
Here I show you 5 of my favourite tools to use for behavioural analysis. They are: 1. Process Hacker (http://processhacker.sourceforge.net/) 2. Process Monitor
In this video we demonstrate how to properly label C-Style structs in IDA Pro using our example program.
An introduction to Reverse Engineering, a behind the scenes of malware analysis, and using tools like Ollydbg. As a practical example we'll be looking into the
How to remove the trial limitations from Filmora - pop-up registration nags and video watermark http://morituri.co.nf/
We demonstrate how to unpack the first two stages of Bokbot / IcedID malware with x64dbg, PeBear, and IDA Pro. Expand for more... Original sample: 0ca2971ffedf
Open Analysis Live! A quick tutorial on mapping output from your sandbox with disassembled code in IDA. How to quickly match API calls and locate interesting co
This video is part 1 of a short series of tutorials to show how you can get started reverse engineering a large, real-world program by decompiling it with IDA P
Open Analysis Live! The fastest way to analyze JavaScript and VBScript malware is by using a debugger to hook API calls. In this tutorial we demonstrate this te
in this video we analyze a user submitted program and we reverse engineer it to work as if it was activated. we accomplish this by applying some of the techniqu