Dive into advanced malware analysis techniques through this comprehensive 9-hour video series. Learn deobfuscation methods for SmartAssembly 8+ and module recreation using SAE and DnSpy. Master advanced DnSpy tricks for .NET reversing, including tracing, breaking, and handling VMProtect. Explore the full malware analysis workflow of AgentTesla, covering PowerShell and DnSpy techniques across multiple parts. Tackle the reversal of CryptoCrazy Ransomware, developing a PoC decryptor. Analyze Lokibot, spoofing GULoader and C2 communications using INetSim, BurpSuite, and custom Python implementations. Investigate the REvil Ransomware's API resolving methods related to the Kaseya attack. Discover Excel binary file format intricacies and learn to abuse External Resource References in Microsoft Office documents for both template and OLE object injection.
Overview
Syllabus
Deobfuscation SmartAssembly 8+ and recreating Original Module SAE+DnSpy.
Advanced DnSpy tricks in .NET reversing - Tracing, Breaking, dealing with VMProtect.
Full malware analysis Work-Flow of AgentTesla Malware.
Powershell and DnSpy tricks in .NET reversing – AgentTesla [Part2].
Powershell and DnSpy tricks in .NET reversing – AgentTesla [Part1].
Reversing CryptoCrazy Ransomware - PoC Decryptor and some Tricks.
[2] Lokibot analyzing - spoofing GULoader and LokiBot C2 [part2] - INetSim + BurpSuite.
Fast API resolving of REvil Ransomware related to Kaseya attack.
[2] Lokibot analyzing - spoofing GULoader and LokiBot C2 [part1] - Own implementation in Python.
[1] Lokibot analyzing - defeating GuLoader with Windbg (Kernel debugging) and Live C2.
Visible vs Hidden vs VeryHidden Sheet - Excel Binary File Format (.xls).
Abusing External Resource References MSOffice [part1] - TEMPLATE_INJECTION.
Abusing External Resource References MSOffice [part2] - OLEOBJECT_INJECTION.
Taught by
DuMp-GuY TrIcKsTeR
