High Confidence Malware Attribution Using the Rich Header

High Confidence Malware Attribution Using the Rich Header

0xdade via YouTube Direct link

Metadata Hashes vs PECompact

20 of 35

20 of 35

Metadata Hashes vs PECompact

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

High Confidence Malware Attribution Using the Rich Header

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 What is the PE File Format?
  3. 3 The MS-DOS Stub Header
  4. 4 The IMAGE_FILE_HEADER
  5. 5 The Section Table
  6. 6 The Import Address Table (IAT)
  7. 7 Rich Header Backstory
  8. 8 Rich Header Checksum
  9. 9 De-Obfuscated Rich Header
  10. 10 How the Rich Header is Built
  11. 11 The Devil's in the Rich Header
  12. 12 Case Studies in Rich Header Analysis
  13. 13 Packers 101
  14. 14 Our Own Findings
  15. 15 What is a Hash Function?
  16. 16 What is Metadata Hashing?
  17. 17 Imphash Weaknesses
  18. 18 Pehash Weaknesses
  19. 19 Metadata Hashes vs ASPack
  20. 20 Metadata Hashes vs PECompact
  21. 21 Metadata Hashes vs Petite
  22. 22 Metadata Hashes vs Themida
  23. 23 Metadata Hash Stats - APT1 Dataset
  24. 24 Metadata Hash Stats - All Files
  25. 25 RichPE Hash Accuracy
  26. 26 RichPE Weaknesses
  27. 27 Motivation
  28. 28 Checking Rich Header Validity
  29. 29 Spoofing a Rich Header?
  30. 30 Rich Header Spoofing Feasibility?
  31. 31 Invalid Metadata Test Stats
  32. 32 OlympicDestroyer vs Basic Metadata Tests
  33. 33 RLPack vs Basic Metadata Tests
  34. 34 Acknowledgements
  35. 35 Source Code

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.