Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Pindemonium - A DBI-Based Generic Unpacker for Windows Executable

Black Hat via YouTube

Overview

Explore a DBI-based generic unpacker for Windows executables in this 25-minute Black Hat conference talk. Dive into the world of malware obfuscation and packing techniques, and learn how Pindemonium leverages Dynamic Binary Instrumentation (DBI) to combat these threats. Discover how this tool extracts and reconstructs original programs from packed versions, aiding in the analysis of obfuscated binaries. Examine the generic unpacking algorithm designed to detect and defeat popular packing techniques, including those that employ Import Address Table (IAT) obfuscation. Gain insights into the tool's effectiveness against various packers and malware samples, and understand its ability to reconstruct working unpacked binaries. For cases where full reconstruction is not possible, learn how Pindemonium provides valuable memory dumps and logs to assist malware analysts in their work. Access the open-source code on GitHub to further explore this innovative approach to unpacking and malware analysis.

Syllabus

Pindemonium: A DBI-Based Generic Unpacker for Windows Executable

Taught by

Black Hat

Reviews

Start your review of Pindemonium - A DBI-Based Generic Unpacker for Windows Executable

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.