How to Extract Malicious Shellcode Using a Debugger (Malware Analysis)

preview_player
Показать описание
Description: Kickstart your journey into malicious shellcode analysis with this introductory video in the series. In Part 1, I share one approach I use to manually extract shellcode from multi-stage malware using a debugger (x64dbg).

Have malware analysis questions or topics you'd like me to cover? Leave a comment and let me know!

SANS Malware Analysis Courses I Author and Teach:

Password: infected

Tools

Referenced Videos:

  1. Anuj Soni
Рекомендации по теме
How to Extract 0:11:11

How to Extract Malicious Shellcode Using a Debugger (Malware Analysis)

Extract Malicious Shellcode 0:12:56

Extract Malicious Shellcode Automatically (Malware Analysis & Reverse Engineering)

Extract Shellcode from 0:17:51

Extract Shellcode from Fileless Malware like a Pro

Shellcode Analysis: Strings, 0:15:00

Shellcode Analysis: Strings, Deobfuscation & YARA (Malware Analysis & Reverse Engineering)

Cyberdefenders.org GetPDF Walkthrough 0:36:38

Cyberdefenders.org GetPDF Walkthrough (Malicious PDF/Shellcode Analysis)

Shellcode Extraction From 0:00:28

Shellcode Extraction From Malicious Document

Intro to Shellcode 0:59:49

Intro to Shellcode Analysis: Tools and Techniques

Redteam: Create malicious 0:03:26

Redteam: Create malicious SCR shellcode launcher with ShellcodePack

Using CyberChef To 0:12:04

Using CyberChef To Automatically Extract Shellcode from PowerShell Loader [Twitch Clip]

First Exploit! Buffer 0:12:23

First Exploit! Buffer Overflow with Shellcode - bin 0x0E

Payload Extraction from 0:00:26

Payload Extraction from a Malicious RTF Document in 25 seconds

Debugging shellcode using 0:10:37

Debugging shellcode using BlobRunner and IDA Pro

Exploit Development Part 0:11:26

Exploit Development Part 5 : Generating Shellcode and Execution

Analyzing the FBI's 0:22:58

Analyzing the FBI's Qakbot Takedown Code (Malware Analysis & Reverse Engineering)

SHELLCON 2017 Technical 0:27:40

SHELLCON 2017 Technical Keynote: What Can Reverse Engineering Do For You? Amanda Rousseau

Malware Analysis - 0:45:37

Malware Analysis - 3CX SmoothOperator C2 extraction with x64dbg and CyberChef

Become The Malware 0:19:16

Become The Malware Analyst Series: PowerShell Obfuscation Shellcode

Generating Position Independent 0:19:01

Generating Position Independent Shellcode using C++ | Malware Development Series

How to analyze 0:03:49

How to analyze malicious office documents (dumping macro and extracting IOCs) #malware

Windows Red Team 0:36:54

Windows Red Team - Dynamic Shellcode Injection & PowerShell Obfuscation

How to - 0:07:39

How to - Convert Quasar RAT into Shellcode with Donut.exe

Malicious PDF Analysis 0:01:12

Malicious PDF Analysis in Cerbero Suite

MalWerewolf: JS/Shellcode Deobfuscation 0:27:46

MalWerewolf: JS/Shellcode Deobfuscation Part 1

Cobalt Strike Decoding 0:02:44

Cobalt Strike Decoding and C2 Extraction - 3 Minute Malware Analysis

Комментарии
Автор

Great video, Anuj! I love how you explain common patterns you look for when going through the analysis process.

CosmodiumCS
Автор

Excellent video! I really appreciate how you explain how to identify malicious patterns used by malware, even when they are very simple. It’s incredibly helpful for beginners starting with malware analysis at the ASM level.

damianlaw
Автор

Really excited to see the rest of this series. Keep up the amazing work!

natedunlap
Автор

Thanks a lot for making these videos! They're really well structured and they provide decent information for people that are into malware analysis.

gandalf
Автор

Great as always, thanks for the new series!

Drew-bugfireio
Автор

Good thing i stumbled upon your channel, ! very detailed yet quick & simple debugging. Thank you for sharing and making pro level tech knowledge accessible for newbs like me 🤧

newbie-xd
Автор

Amazing content bro 😎 we’re subscribers as of now learning a lot too by the way thx ☺️

DEVStoreApp
Автор

The hex values is api hashing at work. I believe you go into great detail about this in your FOR710 course.

purekillah
Автор

Welcome back Anuj, very happy to see a notification that you placed another video! Do you know by any chance if FOR710, will get an exam ? I did the course in January 2023, with Nick as instructor. Would look forward to certify this one.

boogieman
Автор

These videos are really high quality. Amazing work

yur
Автор

Thanks for the video indeed useful waiting for part 2

samjohn
Автор

I stumbled across your video, very interesting.... but WAY over my head.

dougp
Автор

Thank you for the video! It was really useful 👍

Bchicken
Автор

Amazing video and good explaination thank you for sharing.

mustaphaaitichou
Автор

Excellent video Anuj. Could you possibly discuss about the job prospects for a malware analyst and the skills required for such a job. Thank you

manassalian
Автор

10:34 Is it a hashed API names. Please let me know the right answer

sanathkumar
Автор

I'm assuming those hex values are the expected hash values for certain modules that the malware wants to locate and load?

Aarons
Автор

The hex references are memory addresses to dynamically resolve Windows API's, known as API hashing. Correct ?

boogieman
Автор

how to find strings using dbg and modify them?

Mezzosd
Автор

how can I do the same analysis with a memory dump of the system containing the running process instead of the executable itself ?

yadunath-zo
join shbcf.ru