Defeating Anti-reverse Engineering and Anti-debugging Techniques

Focused View

Josh Stroschein

1:53:40

12 View

01.Course Overview

01.01.Course Overview.mp4

01:52

02.How Anti-analysis Affects Your Analysis

02.01.Module Introduction.mp4

00:35

02.02.Goals and Motivations.mp4

03:36

02.03.Where You Will Encounter These Tricks.mp4

02:30

02.04.What You Should Know.mp4

02:25

02.05.Conclusion.mp4

00:27

03.Detecting and Defeating Anti-reverse Engineering Techniques

03.01.Module Introduction.mp4

00:55

03.02.Tricking the Disassembler.mp4

05:21

03.03.Hiding Strings and API Calls.mp4

04:22

03.04.Messing with Function Calls and Returns.mp4

08:38

03.05.Demo Tracing Difficult Function Calls and Returns.mp4

08:05

03.06.Obfuscating Control Flow.mp4

05:31

03.07.Identifying Control-flow Obfuscation.mp4

08:37

03.08.Conclusion.mp4

00:48

04.Stopping Anti-debugging Techniques

04.01.Module Introduction.mp4

00:39

04.02.Tricking a Debugger.mp4

03:44

04.03.Detecting a Debugger.mp4

07:38

04.04.Process Hollowing and Shellcode.mp4

04:29

04.05.Demo Tracing Process Hollowing.mp4

10:16

04.06.Abusing Exceptions.mp4

05:24

04.07.Switching Architectures.mp4

02:54

04.08.Conclusion.mp4

00:30

05.Adding Stealth to Your Malware Sandbox

05.01.Module Introduction.mp4

00:45

05.02.Using Virtualization for Your Sandboxing.mp4

08:43

05.03.Processes, Shares, and Other Artifacts.mp4

06:20

05.04.Other Evidence of a Virtual Environment.mp4

05:20

05.05.Conclusion and Course Wrap-up.mp4

03:16

Description

Anti-reverse engineering and anti-debugging techniques are often used by malware authors to disrupt or prevent analysis, helping them to avoid detection. This course will teach you effective strategies for detecting and defeating these techniques.

What You'll Learn?

Anti-reverse engineering and anti-debugging techniques are often leveraged by malware authors to disrupt or prevent detailed analysis, helping them to avoid detection by even the most advanced security products. These efforts increase the odds that they will be successful in attacking an organization and can allow them to stay hidden within an organization for prolonged periods of time. In this course, Defeating Anti-reverse Engineering and Anti-debugging Techniques, you will gain the skills necessary to not only identify prevalent anti-analysis techniques, but also how to defeat them. First, you will gain insight into why malware authors employ such anti-analysis techniques and gain a deeper understanding of where to expect them. Next, you will dig deep into anti-analysis techniques used to disrupt both your static and dynamic analysis activities. You will get hands-on with identifying anti-disassembly techniques, control-flow obfuscation and hiding string and API calls. Then, you will learn how malware authors trick your debugger, employ code hiding techniques such as process hollowing and how they leverage shellcode to complicate analysis. Finally, you will explore techniques used to detect the presence of a sandbox, which leads to incomplete or inaccurate results and can throw off your analysis. Each module of this course will include in-depth demonstrations and hands-on labs utilizing real-world malware. By the end of this course, you will have the knowledge and skills to defeat anti-reversing and anti-debugging techniques used by the most sophisticated malware authors.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Ethical Hacking

Penetration Testing

Josh Stroschein

Instructor's Courses

Josh is an experienced malware analyst and reverse engineer and has a passion for sharing his knowledge with others. He is a reverse engineer at Google (Chronicle), where he focuses on tackling the latest threats. Josh is an accomplished trainer, providing training at places such as Ring Zero, BlackHat, Defcon, Toorcon, Hack-In-The-Box, Suricon, and other public and private venues. Josh is also an author on Pluralsight, where he publishes content around malware analysis, reverse engineering, and other security related topics.

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.