Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Under the Hood of Wslink Multilayered Virtual Machine

Recon Conference via YouTube

Overview

Dive into the intricate world of advanced malware obfuscation techniques in this 35-minute conference talk from Recon 2022. Explore the unique Wslink loader, associated with the Lazarus group, and its sophisticated virtual machine (VM) obfuscator. Uncover the multiple layers of protection employed, including junk code insertion, virtual operand encoding, opcode duplication, opaque predicates, instruction merging, and nested VM structures. Learn about a semiautomatic approach to deobfuscation, combining symbolic execution with simplifying rules and concrete value analysis. Witness the effectiveness of this method as it's applied to bytecode chunks from both obfuscated and non-obfuscated samples, providing valuable insights for malware analysts and cybersecurity professionals.

Syllabus

Recon 2022 - Under the hood of wlink multilayered virtual machine

Taught by

Recon Conference

Reviews

Start your review of Under the Hood of Wslink Multilayered Virtual Machine

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.