04 - Walking the PEB, Enhancing IDA's Output w/ Structures, and Unlocking the Key to Runtime-Linking

preview_player
Показать описание
In part 04, we'll take a close look at how Lockbit, and many other malware families, locate and use the PEB to identify in-memory DLLs. This allows for the malware to find libraries and functions it needs during runtime, while also avoiding using the pre-declared import table. This makes it more challenging for basic analysis and reverse engineering, as we have to initially investigate how these functions are being resolved. You'll also begin to see some additional twists that Lockbit adds to this process by using seeds...

Join this channel to get access to perks:

Cybersecurity, reverse engineering, malware analysis and ethical hacking content!
🌶️ YouTube 👉🏻 Like, Comment & Subscribe!

0:16 Finding the PEB reference
2:35 Accessing PEB structure members
4:17 Viewing relevant structures in WinDbg
12:00 Adding structures in IDA
  1. Dr Josh Stroschein - The Cyber Yeti
  2. cyber
  3. cybersecurity
  4. training
  5. malware
  6. malware analysis
Рекомендации по теме
04 - Walking 0:16:29

04 - Walking the PEB, Enhancing IDA's Output w/ Structures, and Unlocking the Key to Runtime-Li...

Walking the PEB 0:01:48

Walking the PEB with WinDbg

Exploring PEB with 0:02:26

Exploring PEB with WinDbg

PEB structures iron-sheet 0:00:30

PEB structures iron-sheet installation process and configuration #innovation #bgmi

Prefabricated building construction 0:00:10

Prefabricated building construction #peb #prefabricated #construction #chennai #bengaluru #bhopal

Peb Fort Trek 0:00:20

Peb Fort Trek - Cinematic | Easy trek near Mumbai and Pune | Best monsoon trek #pebfort #trekking

Nco thaum peb 0:00:34

Nco thaum peb tseem me

Thov VajTswv Nrog 0:00:53

Thov VajTswv Nrog Nraim peb Sawvdaws mus kom txog hnub kawg Ameen

PEB Building Wearhouse 0:01:01

PEB Building Wearhouse

Kabbeh Ki Ronak💕 0:00:22

Kabbeh Ki Ronak💕 #viral #makkahclocktower

PEB FORT MATHERAN 0:00:33

PEB FORT MATHERAN ⛰️🪻🌼

Zapp & Roger 0:04:46

Zapp & Roger - Computer Love

01/04/2022 - Coj 0:13:16

01/04/2022 - Coj sawv daws mus saib peb kawm ntawv - twm ntawv as kiv - Reading English in class

hmoob tus nkauj 0:00:16

hmoob tus nkauj nyab #the #peb

Trailer Peb Fort 0:00:16

Trailer Peb Fort | Vikatgad | Neral | Maharashtra | Marathi Vlog I Cinematic Shots I ll TRAVEL VLOG

5 FAKE Signs 0:01:00

5 FAKE Signs On This $350,000 Richard Mille Watch

Level Up 6 0:05:39

Level Up 6 (Eclipse) | Dinosaur | Exercises For Kids | Solar Eclipse Brain Break | PE Bowman

Pet Shop Boys 0:04:18

Pet Shop Boys - Domino Dancing (Official Video) [HD REMASTERED]

Midland Spills the 0:09:02

Midland Spills the Sweet Tea on Being Country Glam | The Walk in | Amazon Music

Vikatgad (Peb) Fort 0:01:01

Vikatgad (Peb) Fort #ratnagirikarvinayak #sahyadrimountains #dominar250bs62021 #naturelovers

How to Create 0:11:23

How to Create Pre-engineered Building ( PEB ) in COMOSYS 2024_Part_04

coj peb saib 0:00:15

coj peb saib chaw luam yas

Koj Yog Neeg 0:55:02

Koj Yog Neeg Rhuav Plhu Rau Peb Cov Nus 04/02/2024

Peep and the 0:08:50

Peep and the Big Wide World: A Peep of a Different Color

Комментарии
Автор

I keep getting access violations when debugging with LB3.exe. Once the binary is loaded and I press start, it runs into

(f40.1d94): Access violation - code (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled

PS: I have started windbg as admin

trevor