Malware Analysis - Decrypt NighHawk Strings with Ghidra Scripting

preview_player
Показать описание
Ghidra makes scripting very easy. Here it helps us to deobfuscate strings in a NightHawk malware sample.

00:00 Intro
01:11 Finding the decryption function
06:17 Creating a proper C++ string type
12:20 Understanding the decryption function
17:14 Writing the script
24:58 Running the script & cleaning mistakes
  1. MalwareAnalysisForHedgehogs
  2. malware analysis
  3. reverse engineering
  4. malware
  5. Ghidra
  6. disassembler
Рекомендации по теме
Malware Analysis - 0:28:20

Malware Analysis - Decrypt NighHawk Strings with Ghidra Scripting

KLBanker String Decryption 0:10:32

KLBanker String Decryption With Python - Malware Analysis

Reverse Engineering: Decrypt 0:08:15

Reverse Engineering: Decrypt Encrypted Excelsheet to recover the flag [HTB: Ransom]

BEST MALWARE ANALYSIS 0:00:18

BEST MALWARE ANALYSIS TOOLS🔐 @HACKER KID

Understanding strings | 0:07:25

Understanding strings | Malware analysis full course | Malware Analysis tutorial

[65] Malware Lab 0:37:21

[65] Malware Lab - Reverse Engineering String Decryption Algorithms with Ghidra

APPSEC AFRICA: Malware 0:42:42

APPSEC AFRICA: Malware Analysis with GHIDRA CIA Tools - AZZEDINE RAMRAMI |CSCAMP2019

3 Practice Blue 0:04:42

3 Practice Blue 2 Decryption Reverse Engineering Ransomware

Starting Real Malware 0:07:55

Starting Real Malware Analysis with Ghidra | Reverse Engineering

How Do You 0:14:48

How Do You Handle Malware Safely? Start By Learning the REMnux VM!

How to use 0:20:25

How to use the National Security Agency's software for reverse engineering Binaries. - Ghidra

Malware Analysis Fundamentals: 0:19:43

Malware Analysis Fundamentals: Strings & Things

Ransomware Analysis using 0:13:25

Ransomware Analysis using Ghidra

Extracting Config From 0:14:43

Extracting Config From Malware - Guide

Writing Malware Analysis 0:12:57

Writing Malware Analysis Papers and Blog Articles

1 Green Dragon 0:14:13

1 Green Dragon Ransomware Reverse Engineering Ransomware

Decryption of files 0:04:20

Decryption of files encrypted by RSA 2048 Ransomware | Data Recovery

#Hacktivity2022 // Automating 0:37:37

#Hacktivity2022 // Automating Binary Analysis with Ghidra's P-Code by Gergely Révay

Analysis of njRAT 0:09:29

Analysis of njRAT malware part 1

Python to decrypt 0:11:45

Python to decrypt RSA / ChaCha20 ransomware - encryptor [Flare-On 2022]

Advanced Static Analysis 0:48:10

Advanced Static Analysis - TryHackMe walk through - Ghidra

Ghidra search for 0:00:26

Ghidra search for malware address string

BTNW Ransomware (.bttw 0:04:26

BTNW Ransomware (.bttw Files) | How to Remove & Decrypt?

RansomAES Ransomware 0:03:17

RansomAES Ransomware

Комментарии
Автор

Really nice video.
Ghidra uses an intermediate code representation called P-code so, people have a lot of control. That's why the string in the binary didn't change and in the Decompiler it did change.

prakashyadav
Автор

thanks for this video, it's great and informative, had a fun time watching, especially since I'm trying my best to learn C++ reversing :)

xca
Автор

Hi loved the video. Is it possible for you to make a video on reversing MFC applications? is there special approach for MFC applications or can just tackle them like any other application?

gokusaiyan
Автор

Hi, is malware analyst a good career choice and are there jobs really available? Tools are quite native with less automation. Into IT since a decade in infra. Kindly share your views please

anantP-ipop
Автор

do i need to drink something till ghidra load the binary?

Options_
Автор

Thanks for the video man, can you make a series for beginners who wants to learn RE/malware

sheleshrauthan