Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

The Beast Within - Evading Dynamic Malware Analysis Using Microsoft COM

Black Hat via YouTube

Overview

Explore the intricacies of Microsoft Common Object Model (COM) and its impact on dynamic malware analysis in this Black Hat conference talk. Delve into the challenges faced by malware analyzers when dealing with COM interfaces, which mirror functionality provided by common Windows APIs. Discover how malware authors exploit COM calls to perform various operations, such as creating files and starting new processes, while evading detection. Examine practical approaches to automated dynamic COM malware analysis and learn which methods are effective and which are impractical. Gain insights into the widespread use of COM interfaces by malware in the wild, based on data from sample sharing programs. Investigate the limitations of existing dynamic analysis solutions in monitoring COM correctly, and understand why hooking-based approaches fall short. Learn about transition-based monitoring as a more effective method for capturing all COM calls at the first interface layer, and explore the challenges involved in parsing various COM parameter encoding formats. Understand how this approach provides a detailed list of COM calls executed by malware without modifying the analysis environment, making it harder for malware to detect and evade sandbox analysis.

Syllabus

The Beast Within - Evading Dynamic Malware Analysis Using Microsoft COM

Taught by

Black Hat

Reviews

Start your review of The Beast Within - Evading Dynamic Malware Analysis Using Microsoft COM

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.