Coursera Plus Annual is 40% Off — Ends July 6.

Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Walking the PEB, Enhancing IDA's Output with Structures, and Unlocking Runtime-Linking - Lecture 4

Dr Josh Stroschein via YouTube

Start learning Write review
Boot.dev Ad

The Fastest Way to Become a Backend Developer Online

Learn More → Coursera Ad

Learn AI, Data Science & Business — Earn Certificates That Get You Hired

Learn More →

Overview

AI, Data Science & Cloud Certificates from Google, IBM & Meta — 40% Off
One plan covers every Professional Certificate on Coursera. 40% off Coursera Plus Annual.
Unlock All Certificates
Explore the intricacies of malware analysis in this 16-minute video tutorial focusing on Lockbit and similar malware families. Dive deep into the process of locating and utilizing the Process Environment Block (PEB) to identify in-memory DLLs, enabling malware to find necessary libraries and functions during runtime while avoiding the pre-declared import table. Learn how this technique complicates basic analysis and reverse engineering by obscuring function resolution. Discover Lockbit's unique approach of using seeds to add complexity to the process. Follow along as the tutorial guides you through finding PEB references, accessing PEB structure members, viewing relevant structures in WinDbg, and adding structures in IDA. Gain valuable insights into advanced malware analysis techniques and enhance your cybersecurity skills.

Syllabus

Finding the PEB reference
Accessing PEB structure members
Viewing relevant structures in WinDbg
Adding structures in IDA

Taught by

Dr Josh Stroschein

Reviews

Start your review of Walking the PEB, Enhancing IDA's Output with Structures, and Unlocking Runtime-Linking - Lecture 4

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.