Black Friday 2024: 25+ Ways to Save on Online Learning

Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Lockbit's DLL Name Seeding Technique for API Hashing - Part 5

Dr Josh Stroschein via YouTube

Start learning Write review

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Grab it
Explore the intricacies of Lockbit's runtime-linking technique in this 14-minute video tutorial. Delve into how Lockbit utilizes the DLL name as a seed for API hashing, a unique twist on standard malware techniques. Learn to identify the image_base, parse the image DOS header, and understand DATA Directories. Examine the IMAGE_EXPORT_DIRECTORY and AddressOf* functions. Discover how the DLL name generates checksums that serve as seeds for API name computation. Gain insights into the UNICODE structure and its relevance. Enhance your reverse engineering skills and grasp the broader implications of these techniques on malware analysis efforts.

Syllabus

Finding the image_base
Parsing the image dos header
DATA Directories
The IMAGE_EXPORT_DIRECTORY
AddressOf*
Checksum from a DLL name - where the seeds come from
Brief note on the UNICODE structure

Taught by

Dr Josh Stroschein

Reviews

Start your review of Lockbit's DLL Name Seeding Technique for API Hashing - Part 5

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.