Completed
Motivation
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
High Confidence Malware Attribution Using the Rich Header
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 What is the PE File Format?
- 3 The MS-DOS Stub Header
- 4 The IMAGE_FILE_HEADER
- 5 The Section Table
- 6 The Import Address Table (IAT)
- 7 Rich Header Backstory
- 8 Rich Header Checksum
- 9 De-Obfuscated Rich Header
- 10 How the Rich Header is Built
- 11 The Devil's in the Rich Header
- 12 Case Studies in Rich Header Analysis
- 13 Packers 101
- 14 Our Own Findings
- 15 What is a Hash Function?
- 16 What is Metadata Hashing?
- 17 Imphash Weaknesses
- 18 Pehash Weaknesses
- 19 Metadata Hashes vs ASPack
- 20 Metadata Hashes vs PECompact
- 21 Metadata Hashes vs Petite
- 22 Metadata Hashes vs Themida
- 23 Metadata Hash Stats - APT1 Dataset
- 24 Metadata Hash Stats - All Files
- 25 RichPE Hash Accuracy
- 26 RichPE Weaknesses
- 27 Motivation
- 28 Checking Rich Header Validity
- 29 Spoofing a Rich Header?
- 30 Rich Header Spoofing Feasibility?
- 31 Invalid Metadata Test Stats
- 32 OlympicDestroyer vs Basic Metadata Tests
- 33 RLPack vs Basic Metadata Tests
- 34 Acknowledgements
- 35 Source Code