Suche senden
Hochladen
PE Packers Used in Malicious Software - Part 1
•
13 gefällt mir
•
5,630 views
A
amiable_indian
Folgen
PE Packers Used in Malicious Software - Paul Craig
Weniger lesen
Mehr lesen
Technologie
Unterhaltung & Humor
Melden
Teilen
Melden
Teilen
1 von 39
Empfohlen
OS Memory Management
OS Memory Management
anand hd
RTOS - Real Time Operating Systems
RTOS - Real Time Operating Systems
Emertxe Information Technologies Pvt Ltd
Real-Time Operating Systems
Real-Time Operating Systems
Praveen Penumathsa
Linux process management
Linux process management
Raghu nath
Process in operating system
Process in operating system
Chetan Mahawar
Data Replication in Distributed System
Data Replication in Distributed System
Ehsan Hessami
Linux System Programming - File I/O
Linux System Programming - File I/O
YourHelper1
Memory Management
Memory Management
DEDE IRYAWAN
Empfohlen
OS Memory Management
OS Memory Management
anand hd
RTOS - Real Time Operating Systems
RTOS - Real Time Operating Systems
Emertxe Information Technologies Pvt Ltd
Real-Time Operating Systems
Real-Time Operating Systems
Praveen Penumathsa
Linux process management
Linux process management
Raghu nath
Process in operating system
Process in operating system
Chetan Mahawar
Data Replication in Distributed System
Data Replication in Distributed System
Ehsan Hessami
Linux System Programming - File I/O
Linux System Programming - File I/O
YourHelper1
Memory Management
Memory Management
DEDE IRYAWAN
Booting and Start-up Sequence
Booting and Start-up Sequence
Trinity Dwarka
Kernel. Operating System
Kernel. Operating System
pratikkadam78
Operating System-Process Scheduling
Operating System-Process Scheduling
Shipra Swati
Ch5: Threads (Operating System)
Ch5: Threads (Operating System)
Ahmar Hashmi
Scheduling
Scheduling
pradeepa velmurugan
Learn to setup a Hadoop Multi Node Cluster
Learn to setup a Hadoop Multi Node Cluster
Edureka!
PsudoCode.pptx
PsudoCode.pptx
Shehrevar Davierwala
Device Management
Device Management
Kabarak University
File System in Operating System
File System in Operating System
Meghaj Mallick
Cpu scheduling in operating System.
Cpu scheduling in operating System.
Ravi Kumar Patel
Introduction to Linux Kernel
Introduction to Linux Kernel
Stryker King
linux file sysytem& input and output
linux file sysytem& input and output
MythiliA5
Architecture of operating system
Architecture of operating system
Supriya Kumari
cpu scheduling OS
cpu scheduling OS
Kiran Kumar Thota
Linux kernel
Linux kernel
Mahmoud Shiri Varamini
Linux installation
Linux installation
Sofcon India Pvt Ltd.
Inside HDFS Append
Inside HDFS Append
Yue Chen
Lecture 2 process
Lecture 2 process
Kumbirai Junior Muzavazi
Process management in os
Process management in os
Sumant Diwakar
Process Scheduling
Process Scheduling
International Islamic University
PE File Format and Packer - Inc0gnito 2016
PE File Format and Packer - Inc0gnito 2016
Hajin Jang
PE Packers Used in Malicious Software - Part 2
PE Packers Used in Malicious Software - Part 2
amiable_indian
Weitere ähnliche Inhalte
Was ist angesagt?
Booting and Start-up Sequence
Booting and Start-up Sequence
Trinity Dwarka
Kernel. Operating System
Kernel. Operating System
pratikkadam78
Operating System-Process Scheduling
Operating System-Process Scheduling
Shipra Swati
Ch5: Threads (Operating System)
Ch5: Threads (Operating System)
Ahmar Hashmi
Scheduling
Scheduling
pradeepa velmurugan
Learn to setup a Hadoop Multi Node Cluster
Learn to setup a Hadoop Multi Node Cluster
Edureka!
PsudoCode.pptx
PsudoCode.pptx
Shehrevar Davierwala
Device Management
Device Management
Kabarak University
File System in Operating System
File System in Operating System
Meghaj Mallick
Cpu scheduling in operating System.
Cpu scheduling in operating System.
Ravi Kumar Patel
Introduction to Linux Kernel
Introduction to Linux Kernel
Stryker King
linux file sysytem& input and output
linux file sysytem& input and output
MythiliA5
Architecture of operating system
Architecture of operating system
Supriya Kumari
cpu scheduling OS
cpu scheduling OS
Kiran Kumar Thota
Linux kernel
Linux kernel
Mahmoud Shiri Varamini
Linux installation
Linux installation
Sofcon India Pvt Ltd.
Inside HDFS Append
Inside HDFS Append
Yue Chen
Lecture 2 process
Lecture 2 process
Kumbirai Junior Muzavazi
Process management in os
Process management in os
Sumant Diwakar
Process Scheduling
Process Scheduling
International Islamic University
Was ist angesagt?
(20)
Booting and Start-up Sequence
Booting and Start-up Sequence
Kernel. Operating System
Kernel. Operating System
Operating System-Process Scheduling
Operating System-Process Scheduling
Ch5: Threads (Operating System)
Ch5: Threads (Operating System)
Scheduling
Scheduling
Learn to setup a Hadoop Multi Node Cluster
Learn to setup a Hadoop Multi Node Cluster
PsudoCode.pptx
PsudoCode.pptx
Device Management
Device Management
File System in Operating System
File System in Operating System
Cpu scheduling in operating System.
Cpu scheduling in operating System.
Introduction to Linux Kernel
Introduction to Linux Kernel
linux file sysytem& input and output
linux file sysytem& input and output
Architecture of operating system
Architecture of operating system
cpu scheduling OS
cpu scheduling OS
Linux kernel
Linux kernel
Linux installation
Linux installation
Inside HDFS Append
Inside HDFS Append
Lecture 2 process
Lecture 2 process
Process management in os
Process management in os
Process Scheduling
Process Scheduling
Andere mochten auch
PE File Format and Packer - Inc0gnito 2016
PE File Format and Packer - Inc0gnito 2016
Hajin Jang
PE Packers Used in Malicious Software - Part 2
PE Packers Used in Malicious Software - Part 2
amiable_indian
the PE format 2011/01/17
the PE format 2011/01/17
Ange Albertini
Protection
Protection
Sanjay Sharma
PE102 - a Windows executable format overview (booklet V1)
PE102 - a Windows executable format overview (booklet V1)
Ange Albertini
Pe Format
Pe Format
Hexxx
PE Trojan Detection Based on the Assessment of Static File Features
PE Trojan Detection Based on the Assessment of Static File Features
Antiy Labs
Fortinet av
Fortinet av
Lan & Wan Solutions
PE File Format
PE File Format
n|u - The Open Security Community
Exploring the Portable Executable format
Exploring the Portable Executable format
Ange Albertini
Reversing & malware analysis training part 3 windows pe file format basics
Reversing & malware analysis training part 3 windows pe file format basics
securityxploded
Primer on password security
Primer on password security
securityxploded
Lecture 12 malicious software
Lecture 12 malicious software
rajakhurram
Andere mochten auch
(13)
PE File Format and Packer - Inc0gnito 2016
PE File Format and Packer - Inc0gnito 2016
PE Packers Used in Malicious Software - Part 2
PE Packers Used in Malicious Software - Part 2
the PE format 2011/01/17
the PE format 2011/01/17
Protection
Protection
PE102 - a Windows executable format overview (booklet V1)
PE102 - a Windows executable format overview (booklet V1)
Pe Format
Pe Format
PE Trojan Detection Based on the Assessment of Static File Features
PE Trojan Detection Based on the Assessment of Static File Features
Fortinet av
Fortinet av
PE File Format
PE File Format
Exploring the Portable Executable format
Exploring the Portable Executable format
Reversing & malware analysis training part 3 windows pe file format basics
Reversing & malware analysis training part 3 windows pe file format basics
Primer on password security
Primer on password security
Lecture 12 malicious software
Lecture 12 malicious software
Ähnlich wie PE Packers Used in Malicious Software - Part 1
Infragard Sept08
Infragard Sept08
Brian Tanner
Bypassing anti virus scanners
Bypassing anti virus scanners
martacax
Writing a Simple OS for Fun
Writing a Simple OS for Fun
Sayeed Mahmud
Post exploitation techniques on OSX and Iphone, EuSecWest 2009
Post exploitation techniques on OSX and Iphone, EuSecWest 2009
Vincenzo Iozzo
Bypassing anti virus scanners
Bypassing anti virus scanners
martacax
PuppetConf 2017: Puppet Tasks: Taming ssh in a "for" loop- Alex Dreyer, Puppet
PuppetConf 2017: Puppet Tasks: Taming ssh in a "for" loop- Alex Dreyer, Puppet
Puppet
Reversingobfuscatedpythonapplications dropbox-140819110311-phpapp01
Reversingobfuscatedpythonapplications dropbox-140819110311-phpapp01
Wajhi Ul Hassan Naqvi
Reversing the dropbox client on windows
Reversing the dropbox client on windows
extremecoders
Big Java Chapter 1
Big Java Chapter 1
Maria Joslin
Making%20R%20Packages%20Under%20Windows
Making%20R%20Packages%20Under%20Windows
tutorialsruby
Making%20R%20Packages%20Under%20Windows
Making%20R%20Packages%20Under%20Windows
tutorialsruby
Large Scale Indexing
Large Scale Indexing
Sease
YAPC::NA 2007 - Epic Perl Coding
YAPC::NA 2007 - Epic Perl Coding
joshua.mcadams
CyberLink LabelPrint 2.5 Exploitation Process
CyberLink LabelPrint 2.5 Exploitation Process
Thomas Gregory
Data analysis with pandas
Data analysis with pandas
Outreach Digital
Data Analysis With Pandas
Data Analysis With Pandas
Stephan Solomonidis
CHAPTER 2 BASIC ANALYSIS.ppt
CHAPTER 2 BASIC ANALYSIS.ppt
ManjuAppukuttan2
Pandas tool for data scientist
Pandas tool for data scientist
MoTechInc
2600 av evasion_deuce
2600 av evasion_deuce
Db Cooper
Joxean Koret - Database Security Paradise [Rooted CON 2011]
Joxean Koret - Database Security Paradise [Rooted CON 2011]
RootedCON
Ähnlich wie PE Packers Used in Malicious Software - Part 1
(20)
Infragard Sept08
Infragard Sept08
Bypassing anti virus scanners
Bypassing anti virus scanners
Writing a Simple OS for Fun
Writing a Simple OS for Fun
Post exploitation techniques on OSX and Iphone, EuSecWest 2009
Post exploitation techniques on OSX and Iphone, EuSecWest 2009
Bypassing anti virus scanners
Bypassing anti virus scanners
PuppetConf 2017: Puppet Tasks: Taming ssh in a "for" loop- Alex Dreyer, Puppet
PuppetConf 2017: Puppet Tasks: Taming ssh in a "for" loop- Alex Dreyer, Puppet
Reversingobfuscatedpythonapplications dropbox-140819110311-phpapp01
Reversingobfuscatedpythonapplications dropbox-140819110311-phpapp01
Reversing the dropbox client on windows
Reversing the dropbox client on windows
Big Java Chapter 1
Big Java Chapter 1
Making%20R%20Packages%20Under%20Windows
Making%20R%20Packages%20Under%20Windows
Making%20R%20Packages%20Under%20Windows
Making%20R%20Packages%20Under%20Windows
Large Scale Indexing
Large Scale Indexing
YAPC::NA 2007 - Epic Perl Coding
YAPC::NA 2007 - Epic Perl Coding
CyberLink LabelPrint 2.5 Exploitation Process
CyberLink LabelPrint 2.5 Exploitation Process
Data analysis with pandas
Data analysis with pandas
Data Analysis With Pandas
Data Analysis With Pandas
CHAPTER 2 BASIC ANALYSIS.ppt
CHAPTER 2 BASIC ANALYSIS.ppt
Pandas tool for data scientist
Pandas tool for data scientist
2600 av evasion_deuce
2600 av evasion_deuce
Joxean Koret - Database Security Paradise [Rooted CON 2011]
Joxean Koret - Database Security Paradise [Rooted CON 2011]
Mehr von amiable_indian
Phishing As Tragedy of the Commons
Phishing As Tragedy of the Commons
amiable_indian
Cisco IOS Attack & Defense - The State of the Art
Cisco IOS Attack & Defense - The State of the Art
amiable_indian
Secrets of Top Pentesters
Secrets of Top Pentesters
amiable_indian
Workshop on Wireless Security
Workshop on Wireless Security
amiable_indian
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
amiable_indian
Workshop on BackTrack live CD
Workshop on BackTrack live CD
amiable_indian
Reverse Engineering for exploit writers
Reverse Engineering for exploit writers
amiable_indian
State of Cyber Law in India
State of Cyber Law in India
amiable_indian
AntiSpam - Understanding the good, the bad and the ugly
AntiSpam - Understanding the good, the bad and the ugly
amiable_indian
Reverse Engineering v/s Secure Coding
Reverse Engineering v/s Secure Coding
amiable_indian
Network Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons Learned
amiable_indian
Economic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds Dissected
amiable_indian
Immune IT: Moving from Security to Immunity
Immune IT: Moving from Security to Immunity
amiable_indian
Reverse Engineering for exploit writers
Reverse Engineering for exploit writers
amiable_indian
Hacking Client Side Insecurities
Hacking Client Side Insecurities
amiable_indian
Web Exploit Finder Presentation
Web Exploit Finder Presentation
amiable_indian
Network Security Data Visualization
Network Security Data Visualization
amiable_indian
Enhancing Computer Security via End-to-End Communication Visualization
Enhancing Computer Security via End-to-End Communication Visualization
amiable_indian
Top Network Vulnerabilities Over Time
Top Network Vulnerabilities Over Time
amiable_indian
What are the Business Security Metrics?
What are the Business Security Metrics?
amiable_indian
Mehr von amiable_indian
(20)
Phishing As Tragedy of the Commons
Phishing As Tragedy of the Commons
Cisco IOS Attack & Defense - The State of the Art
Cisco IOS Attack & Defense - The State of the Art
Secrets of Top Pentesters
Secrets of Top Pentesters
Workshop on Wireless Security
Workshop on Wireless Security
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Workshop on BackTrack live CD
Workshop on BackTrack live CD
Reverse Engineering for exploit writers
Reverse Engineering for exploit writers
State of Cyber Law in India
State of Cyber Law in India
AntiSpam - Understanding the good, the bad and the ugly
AntiSpam - Understanding the good, the bad and the ugly
Reverse Engineering v/s Secure Coding
Reverse Engineering v/s Secure Coding
Network Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons Learned
Economic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds Dissected
Immune IT: Moving from Security to Immunity
Immune IT: Moving from Security to Immunity
Reverse Engineering for exploit writers
Reverse Engineering for exploit writers
Hacking Client Side Insecurities
Hacking Client Side Insecurities
Web Exploit Finder Presentation
Web Exploit Finder Presentation
Network Security Data Visualization
Network Security Data Visualization
Enhancing Computer Security via End-to-End Communication Visualization
Enhancing Computer Security via End-to-End Communication Visualization
Top Network Vulnerabilities Over Time
Top Network Vulnerabilities Over Time
What are the Business Security Metrics?
What are the Business Security Metrics?
Kürzlich hochgeladen
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
Nanddeep Nachan
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
Zilliz
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Juan lago vázquez
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
Dropbox
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
apidays
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
apidays
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
Andrey Devyatkin
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
Khem
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Edi Saputra
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
The Digital Insurer
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
wesley chun
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
wesley chun
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
apidays
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
The Digital Insurer
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
DianaGray10
Kürzlich hochgeladen
(20)
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
PE Packers Used in Malicious Software - Part 1
1.
2.
3.
Refresher #1 -
PE-COFF: The Windows Executable Format. Section-By-Section
4.
5.
6.
7.
8.
Refresher #2 -
The Who, How, What, Why of Windows Import Address Tables
9.
10.
11.
12.
13.
14.
15.
16.
17.
DOS – MZ
header
18.
PE header
19.
Windows reads section
table
20.
Memory allocated for
executable
21.
Disk image copied
to memory
22.
Windows populates IAT
of PE packer
23.
.UNPACKER section starts
executing
24.
.UNPACKER unpacks .PACKED-DATA
into memory
25.
Unpacked, it is
now larger in memory
26.
PE Packer populates
Import Table
27.
Reset stack registers
28.
Jump to Original
Entry Point (OEP)
29.
And it runs!
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.