Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Reverse Engineering Windows Defender Part II

Recon Conference via YouTube

Overview

Dive into an in-depth exploration of Windows Defender Antivirus' core functionality through this conference talk from Recon 2018. Uncover the intricacies of Defender's proprietary emulator for analyzing potentially malicious Windows PE binaries on endpoints. Learn about groundbreaking reverse engineering techniques for antivirus binary emulators, including instrumentation for observation and debugging, virtual environment components, bytecode lifting and execution, memory management, and emulation of usermode Windows API and NT kernel. Discover how file system and registry emulation integrate with Defender's antivirus features. Gain insights from security researcher Alexei Bulazel as he shares his expertise on emulator internals and reverse engineering, offering a unique perspective on Windows Defender's mpengine.dll and its vast functionality.

Syllabus

Recon 2018 - Reverse Engineering Windows Defender Part II

Taught by

Recon Conference

Reviews

Start your review of Reverse Engineering Windows Defender Part II

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.