Explore advanced .NET analysis techniques using WinDBG in this 31-minute conference talk from Hack.lu 2017. Dive into the Microsoft ecosystem and learn how to automate .NET analysis for malware research. Follow along as Paul Rascagneres demonstrates live examples of analyzing PowerShell scripts and unpacking a .NET packer family. Gain insights into the importance of .NET in the Microsoft ecosystem, its appeal to malware developers, and the necessary skills for malware researchers. Discover how to leverage WinDBG, the Microsoft debugger, for efficient .NET analysis and malware investigation. Cover topics including WinDBG introduction, PowerShell analysis, .NET unpacker case studies, and PYKD scripting.
Overview
Syllabus
Intro
Win DBG Introduction
Case Study 1: PowerShell Analysis
Case Study 2: .NET Unpacker
PYKD Script
Taught by
Cooper
