Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

TLS Callbacks in PE Files - Detection and Analysis

Dr Josh Stroschein via YouTube

Overview

Explore the intricacies of TLS (Thread Local Storage) callbacks in this 17-minute video tutorial. Dive into the PE file format to understand how malware authors exploit TLS callbacks as an anti-debugging technique. Learn to identify and analyze these callbacks using tools like Yara, MalCat, and 010 editor. Examine the internal structures of PE files supporting TLS callbacks, and investigate their prevalence in modern malware. Gain practical insights into cybersecurity, reverse engineering, and malware analysis through hands-on demonstrations and real-world examples.

Syllabus

Definition of TLS on MSDN
TLS Structure Definition
Our Sample Program
Identifying TLS Callbacks in 010
Finding the First Callback in 010
TLS Callbacks in IDA Pro
Switching to Malcat
Why Do We Need to Know This?
How Prevalent are TLS Callbacks? Investigating with Yara
Expanding our Search with Yaraify
Investigating Recent Examples

Taught by

Dr Josh Stroschein

Reviews

Start your review of TLS Callbacks in PE Files - Detection and Analysis

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.