04 - Walking the PEB, Enhancing IDA's Output w/ Structures, and Unlocking the Key to Runtime-Linking
In part 04, we'll take a close look at how Lockbit, and many other malware families, locate and use the PEB to identify in-memory DLLs. This allows for the malware to find libraries and functions it needs during runtime, while also avoiding using the pre-declared import table. This makes it more challenging for basic analysis and reverse engineering, as we have to initially investigate how these functions are being resolved. You'll also begin to see some additional twists that Lockbit adds to this process by using seeds...
Join this channel to get access to perks:
/ @jstrosch
Cybersecurity, reverse engineering, malware analysis and ethical hacking content!
🎓 Courses on Pluralsight 👉🏻 https://www.pluralsight.com/authors/j...
🌶️ YouTube 👉🏻 Like, Comment & Subscribe!
🙏🏻 Support my work 👉🏻 / joshstroschein
🌎 Follow me 👉🏻 / jstrosch , / joshstroschein
⚙️ Tinker with me on Github 👉🏻 https://github.com/jstrosch
🤝 Join the Discord community and more 👉🏻 https://www.thecyberyeti.com
0:16 Finding the PEB reference
2:35 Accessing PEB structure members
4:17 Viewing relevant structures in WinDbg
12:00 Adding structures in IDA
Watch video 04 - Walking the PEB, Enhancing IDA's Output w/ Structures, and Unlocking the Key to Runtime-Linking online without registration, duration hours minute second in high quality. This video was added by user Dr Josh Stroschein - The Cyber Yeti 24 September 2024, don't forget to share it with your friends and acquaintances, it has been viewed on our site 50 once and liked it 2 people.