Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Reverse Engineering Windows Defender's JavaScript Engine

Recon Conference via YouTube

Overview

Dive into a comprehensive reverse engineering analysis of Windows Defender's JavaScript engine in this conference talk from Recon 2018 Brussels. Explore the intricacies of the MpEngine.dll, focusing on the approximately 1,200 functions that make up Defender's proprietary JavaScript engine used for analyzing potentially malicious JS code. Learn about the engine's inner workings, including types, memory management, JS/ECMAScript features, and integration with Defender's antivirus system. Discover techniques for building tooling to interact with the engine, identifying non-security JS runtime bugs, and implementing anti-analysis tricks for malicious scripts. Gain insights into the engine's attack surface for exploitation and consider potential vulnerabilities within the remaining 98% of this enormous binary. Presented by Alexei Bulazel, a security researcher with River Loop Security and RPISEC member, this talk offers valuable knowledge for those interested in reverse engineering and security analysis of complex software systems.

Syllabus

Recon 2018 Brussels - Reverse Engineering Windows Defender’s JavaScript Engine

Taught by

Recon Conference

Reviews

Start your review of Reverse Engineering Windows Defender's JavaScript Engine

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.