Explore a powerful IDA plugin that enhances malware analysis capabilities in this 39-minute conference talk from NorthSec 2020. Dive into the Dynamic Data Resolver, an innovative tool that instruments binaries using the DynamoRIO framework to uncover dynamic values often missed in static analysis. Learn how this plugin can resolve register and memory location values, identify jump locations, detect runtime-decoded strings, dump interesting buffers, and even patch binaries to bypass anti-analysis techniques. Gain insights into the DynamoRIO instrumentation framework basics, understand the plugin's architecture and features, and witness its effectiveness through a live demonstration. Discover how this tool can significantly reduce malware analysis time, presented by Holger Unterbrink, a threat researcher from Cisco Talos known for uncovering major cyber attacks like NotPetya and WannaCry.
Dynamic Data Resolver IDA Plugin - Extending IDA with Dynamic Data
Overview
Syllabus
NorthSec 2020 – Holger Unterbrink – Dynamic Data Resolver IDA plugin
Taught by
NorthSec
Related Courses
-
Qiling Framework with IDA Pro
-
fn_fuzzy - Fast Multiple Binary Diffing Triage With IDA
-
Sandbagility - Reverse Engineering Framework for Windows Dynamic Analysis
-
PyREBox - Making Dynamic Instrumentation Great Again
-
Pindemonium - A DBI-Based Generic Unpacker for Windows Executable
-
Reverse Engineering All the Malware and Why You Should Stop
