02 - Performing Basic Triage Analysis and Unpacking with x64dbg
Part 02 picks up by spending a little time performing basic triage analysis on the resulting ransomware binaries that we produced from the builder in part 01. I rarely skip this step as it often yields important insights into what you may be considering reversing. In this video, we'll use Detect-It-Easy to look at PE file characteristics and use entropy to identify signs of packing. We'll then compare the obfuscated and unobfuscated binaries together and even go through dumping the obfuscated version using x64dbg and scylla.
Join this channel to get access to perks:
/ @jstrosch
🚨 WARNING! If you follow along by creating your own binaries, ensure you have a safe analysis environment. The builder produces the real Lockbit ransomware and can cause irreversible damage to your systems! 🚨
Cybersecurity, reverse engineering, malware analysis and ethical hacking content!
🎓 Courses on Pluralsight 👉🏻 https://www.pluralsight.com/authors/j...
🌶️ YouTube 👉🏻 Like, Comment & Subscribe!
🙏🏻 Support my work 👉🏻 / joshstroschein
🌎 Follow me 👉🏻 / jstrosch , / joshstroschein
⚙️ Tinker with me on Github 👉🏻 https://github.com/jstrosch
🤝 Join the Discord community and more 👉🏻 https://www.thecyberyeti.com
1:01 What do the strings tell us?
3:40 Viewing strings in the obfuscated version
4:13 Using DIE to view imports
7:13 Analyzing the obfuscated version
9:35 Comparing versions with IDA Pro
14:35 Unpacking the obfuscated version with x64dbg
Смотрите видео 02 - Performing Basic Triage Analysis and Unpacking with x64dbg онлайн без регистрации, длительностью часов минут секунд в хорошем качестве. Это видео добавил пользователь Dr Josh Stroschein - The Cyber Yeti 19 Сентябрь 2024, не забудьте поделиться им ссылкой с друзьями и знакомыми, на нашем сайте его посмотрели 91 раз и оно понравилось 4 людям.