Decode Malware Strings with Conditional Breakpoints

preview_player
Показать описание
Description: In this video, we explore how to deobfuscate malware strings using conditional breakpoints in x64dbg.

Timestamps:
0:00 - Intro
1:26 - Running capa
2:39 - Analysis with Ghidra
4:20 - Static file analysis with CFF Explorer
4:40 - Debugging with x64dbg
7:32 - Introducing conditional breakpoints
14:35 - Conditional breakpoints for code deobfuscation

Have malware analysis questions or topics you'd like me to cover? Leave a comment and let me know!

SANS Malware Analysis Courses I Author and Teach:

Password: infected
Description: Malware for conditional breakpoint demos

Tools

Documentation:

Referenced Videos:

  1. Anuj Soni
Рекомендации по теме
Decode Malware Strings 0:21:08

Decode Malware Strings with Conditional Breakpoints

Malware Analysis Bootcamp 0:13:16

Malware Analysis Bootcamp - Extracting Strings

MALWARE ANALYSIS - 0:42:23

MALWARE ANALYSIS - VBScript Decoding & Deobfuscating

Malware Analysis - 0:28:20

Malware Analysis - Decrypt NighHawk Strings with Ghidra Scripting

everything is open 0:13:56

everything is open source if you can reverse engineer (try it RIGHT NOW!)

Finding and Decoding 0:35:01

Finding and Decoding Malicious Powershell Scripts - SANS DFIR Summit 2018

How To Extract 0:25:50

How To Extract & Decrypt Qbot Configs Across Variants

How to Decrypt 0:08:46

How to Decrypt Ransomware: A full guide

Analyzing Windows Malware 0:40:00

Analyzing Windows Malware on Linux: Getting Started Tips and Examples

xavier memes #memes 0:00:06

xavier memes #memes

How to do 0:05:00

How to do reverse Engineering without searching for strings ; debugging without string references

Decode Hex on 0:01:00

Decode Hex on Linux

HUNT Malware with 0:01:00

HUNT Malware with TSHARK in 60 Seconds #shorts

CyberChef Recipe to 0:10:20

CyberChef Recipe to Loop Over Values to Modify and Decode

Coding - Expectation 0:00:38

Coding - Expectation vs Reality | Programming - Expectation vs Reality | Codeiyapa #Shorts

Mac Malware Minutes 0:10:46

Mac Malware Minutes - RodrigoStealer Hex Decode Debugging

[CB19] [BB] FileInsight-plugins: 0:29:09

[CB19] [BB] FileInsight-plugins: Decoding toolbox for malware analysis by Nobutaka Mantani

the truth about 0:10:35

the truth about ChatGPT generated code

Decode string problem 0:11:14

Decode string problem (LeetCode #394) [3 solutions] - Inside code

Reverse Engineering Malware 0:20:28

Reverse Engineering Malware Day 1 Part 15: Data Decoding

How to decrypt 0:01:00

How to decrypt Base64 to binary to plain text in under 60 seconds!

Cobalt Strike Decoding 0:02:44

Cobalt Strike Decoding and C2 Extraction - 3 Minute Malware Analysis

How To Decode 0:06:17

How To Decode Malware Loaders In CyberChef (Xworm)

Best Programming Languages 0:00:16

Best Programming Languages #programming #coding #javascript

Комментарии
Автор

Anuj! Great well explained video! Thanks for all the hard work you put into these. Keep it up! 👏

matthewlandry
Автор

Another great video Anuj! Looking forward to seeing more. It helps with my course in Advanced Malware Analysis from Zero 2 Automated!!!

michaelf
Автор

Wondeful video !
I know how much time it takes to make this high quality content
Keep it up Anuj ! Hope you keep making more videos
Can you make one about Manually Unpacking Malware ? I'd love to share some samples with you

somedieyoungZZ
Автор

Thanks a lot Anuj! Apart from your technical knowledge I appreciate the didactic knowledge even more!! Very well explained

boogieman
Автор

Great videos. I have learned many things from here. Hopefully there will be more content on the topic of obfuscating malware from you in the near future

uchoangviet
Автор

Wondeful Video ! I know how much time it takes to pump out these high qualites video
Keep it up Anuj ! Any plans on making a video on manually unpacking malware ? I'd love to give some samples for it
Thanks 😄

somedieyoungZZ
Автор

Learned a lot from this one, thank you Anuj :)

neloangelo__
Автор

Keep it up, videos are always fantastic!

jacktaubl
Автор

Anuj ! thank you for your effort and shariing this insighful content that worth :)

mustaphaaitichou
Автор

well explained and well presented thank you

aliihsansenel
Автор

You can also do the filtering in the logfile using notepad++ itself instead of using de find command.
This can be done by marking all lines containing the OUTPUT string and then remove all non marked lines.

steled
Автор

great stuff! have john h. learn from you before streaming any malware related content again! :-)

lumikarhu
Автор

Well explained @anuj … making a video on .net malware deobfuscation will also be very helpful …. 🙏🙏🙏

mojack
Автор

Hi Anuj, Thanks for making a video on this topic, conditional breakpoints are highly underrated. Could you pls make video on tracing and its uses. There are a few ppl taking about it uses or significance.

blueteams
Автор

Hi Anuj, just a quick question. In this decoding of the strings. Is there a way to decode them and see their associated indexes? Thanks again!

michaelf
Автор

Great video. Why are there are all the int instructions after the call to VirtualProtect (I think they're breakpoints, but the number seems excessive to me.)?

logiciananimal
Автор

Maybe I have to fill some knowledge gap here... but how did you know the decoded strings at 7:19 in the video were UTF-16?

fernandoaguilar
Автор

I'm trying to apply your method to get password for protected file packed with InnoSetup which dropping malware. I already found function with Capa which you showed. Thanks a lot.

SejTuSe
Автор

TY, from capa hwo did you know the 4th address was the xor function?

christophertharp
Автор

Great video Anuj..! Will try all this for sure.. Thanks a lot..!!

Can please make another fantastic video on debugging running processes (attach/attach to debugger)??

Context is like:-
debugging a.exe <launched> b.exe, now wanted to debug b.exe process at the same time..

Thanks in advance..!! :)

mauserqh