Скачать или смотреть 04 - Walking the PEB, Enhancing IDA's Output w/ Structures, and Unlocking the Key to Runtime-Linking

In part 04, we'll take a close look at how Lockbit, and many other malware families, locate and use the PEB to identify in-memory DLLs. This allows for the malware to find libraries and functions it needs during runtime, while also avoiding using the pre-declared import table. This makes it more challenging for basic analysis and reverse engineering, as we have to initially investigate how these functions are being resolved. You'll also begin to see some additional twists that Lockbit adds to this process by using seeds...

Join this channel to get access to perks:
   / @jstrosch  

Cybersecurity, reverse engineering, malware analysis and ethical hacking content!
🎓 Courses on Pluralsight 👉🏻 https://www.pluralsight.com/authors/j...
🌶️ YouTube 👉🏻 Like, Comment & Subscribe!
🙏🏻 Support my work 👉🏻   / joshstroschein  
🌎 Follow me 👉🏻   / jstrosch  ,   / joshstroschein  
⚙️ Tinker with me on Github 👉🏻 https://github.com/jstrosch
🤝 Join the Discord community and more 👉🏻 https://www.thecyberyeti.com

0:16 Finding the PEB reference
2:35 Accessing PEB structure members
4:17 Viewing relevant structures in WinDbg
12:00 Adding structures in IDA