Binee - Complete Emulation of Advanced Malware

Binee - Complete Emulation of Advanced Malware

BasisTech via YouTube Direct link

Build hook table by linking DLLs outside emulator

7 of 25

7 of 25

Build hook table by linking DLLs outside emulator

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Binee - Complete Emulation of Advanced Malware

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 The Problem: getting information from binaries Each sample contains some total set of information. Our goal is to extract as much of it as possible
  3. 3 Our Goal: Reduce cost of information extraction
  4. 4 The How: Emulation
  5. 5 Existing PE Emulators
  6. 6 Requirements: What are we adding/extending from current work?
  7. 7 Build hook table by linking DLLs outside emulator
  8. 8 Overcoming Microsoft's ApiSet abstraction layer Parse Api SetSchema.dil (multiple versions) and load proper real dll.
  9. 9 What is the minimum that the malware needs in order to continue proper execution?
  10. 10 Requirements for hooking
  11. 11 Two types of hooks in Binee
  12. 12 Example: Entry point execution
  13. 13 Userland structures, TIB/PEB/kshareduser
  14. 14 Starting with the Mock File System
  15. 15 Creating Files in the Mock File Subsystem
  16. 16 Mock Registry Subsystem
  17. 17 Configuration files defines OS environment quickly
  18. 18 Mocked Threading Round robin scheduler approximately simulates a multi-thread environment.
  19. 19 Increasing fidelity with proper Di Main execution
  20. 20 ROP Gadgets - an easy shortcut to loading DLLS
  21. 21 How can I get started?
  22. 22 Implement a missing hook: an example
  23. 23 Implement a missing hook: function documentation SearchPathA function
  24. 24 Implement a missing hook: create a full hook
  25. 25 Implement a missing hook: rinse, repeat

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.