Play all

Deobfuscation SmartAssembly 8+ and recreating Original Module SAE+DnSpy

Advanced DnSpy tricks in .NET reversing - Tracing, Breaking, dealing with VMProtect

Full malware analysis Work-Flow of AgentTesla Malware

Powershell and DnSpy tricks in .NET reversing – AgentTesla [Part2]

Powershell and DnSpy tricks in .NET reversing – AgentTesla [Part1]

Reversing CryptoCrazy Ransomware - PoC Decryptor and some Tricks

[2] Lokibot analyzing - spoofing GULoader and LokiBot C2 [part2] - INetSim + BurpSuite

Fast API resolving of REvil Ransomware related to Kaseya attack

[2] Lokibot analyzing - spoofing GULoader and LokiBot C2 [part1] - Own implementation in Python

[1] Lokibot analyzing - defeating GuLoader with Windbg (Kernel debugging) and Live C2

Visible vs Hidden vs VeryHidden Sheet - Excel Binary File Format (.xls)

Abusing External Resource References MSOffice [part1] - TEMPLATE_INJECTION

Abusing External Resource References MSOffice [part2] - OLEOBJECT_INJECTION

Description:

Dive into advanced malware analysis techniques through this comprehensive 9-hour video series. Learn deobfuscation methods for SmartAssembly 8+ and module recreation using SAE and DnSpy. Master advanced DnSpy tricks for .NET reversing, including tracing, breaking, and handling VMProtect. Explore the full malware analysis workflow of AgentTesla, covering PowerShell and DnSpy techniques across multiple parts. Tackle the reversal of CryptoCrazy Ransomware, developing a PoC decryptor. Analyze Lokibot, spoofing GULoader and C2 communications using INetSim, BurpSuite, and custom Python implementations. Investigate the REvil Ransomware's API resolving methods related to the Kaseya attack. Discover Excel binary file format intricacies and learn to abuse External Resource References in Microsoft Office documents for both template and OLE object injection.

Malware Analysis Tips and Tricks

Add to list

#Information Security (InfoSec) #Malware Analysis #Computer Science #Cryptography

0:00 / 0:00