Overview
Syllabus
Intro
Modern C++ Malware for Targeted Attacks
Virtual Methods
Virtual Function Tables
C++ Templates
C++ Code Reconstruction Problems
REconstructing Flamer Framework
Data Types Beins Used: Smart pointers
Data Types Being Used: Vectors
Approaching Flamer
REconstructing Object's Attributes
XAgent Framework
Object Interconnection: IAgent Module
XAgent: LocalDataStorage
XAgent: Cryptor
XAgent: IReservedApi
XAgent: Identifying Used Types
Hex-Rays Decompiler Plugin SDK
DEMO time :
HexRaysCodexplorer: v1.7 [NSEC Edition]
Why python?
HexRaysCodeXplorer: Next plans
Thank you for your attention!
Taught by
NorthSec