all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Hiding .NET IL code from DnSpy with R2R Stomping

Add to bookmarks
Oct. 14, 2023, 12:02 p.m. | MalwareAnalysisForHedgehogs

MalwareAnalysisForHedgehogs www.youtube.com

We create a .NET executable that hides code from decompilation and debugging with DnSpy by using a technique called R2R Stomping. Afterwards we explore how to analyse such samples and what effect it has on antivirus detection.

Malware course: https://www.udemy.com/course/windows-malware-analysis-for-hedgehogs-beginner-training/?couponCode=CE8D957072A4B79B5EB2

Checkpoint article: https://research.checkpoint.com/2023/r2r-stomping-are-you-ready-to-run/

Twitter: https://twitter.com/struppigel

00:00 Introduction
00:43 What is R2R Stomping
02:13 Compiling an R2R binary
04:17 Stomping the code
07:50 Verify that it works - debugging .NET Core
10:00 How to recognize R2R binaries
12:14 Determine if a …

antivirus binary called code debugging detection dnspy introduction r2r stomping what is

Visit resource

More from www.youtube.com / MalwareAnalysisForHedgehogs

Triaging Files on VirusTotal 1 week, 6 days ago | www.youtube.com
can depth files find +11
Malware Analysis - JS to PowerShell to XWorm with Binary Refinery 1 month ago | www.youtube.com
analysis atom binary configuration +19
Malware Theory - Five Unpacking Methods and Generic Unpacking Approach 1 month, 2 weeks ago | www.youtube.com
breakpoints debugger emulation encryption +7
Binary Ninja - Fix unresolved stack pointer 2 months, 1 week ago | www.youtube.com
binary binary ninja fix function +1
Malware Analysis - Unpacking AutoIt stub with large obfuscated script 3 months ago | www.youtube.com
analysis autoit decrypt decryption +14
Malware Analysis - C2 extractor for Turla's Kopiluwak using Binary Refinery 3 months, 1 week ago | www.youtube.com
analysis apt beginners binary +16
Malware Analysis - 3 ways to deobfuscate JScript and JavaScript malware 4 months, 1 week ago | www.youtube.com
analysis code cons current +18
Malware Analysis - .NETReactor deobfuscation and configuration extraction of AgentTesla 5 months, 3 weeks ago | www.youtube.com
agenttesla analysis box configuration +10
Malware Analysis - ZPAQ to .NET downloader to Injector DLL unpacking 5 months, 3 weeks ago | www.youtube.com
analysis archive binary deal +15

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Financial Crimes Compliance - Senior - Consulting - Location Open

@ EY | New York City, US, 10001-8604
View on infosec-jobs.com

Software Engineer - Cloud Security

@ Neo4j | Malmö
View on infosec-jobs.com

Security Consultant

@ LRQA | Singapore, Singapore, SG, 119963
View on infosec-jobs.com

Identity Governance Consultant

@ Allianz | Sydney, NSW, AU, 2000
View on infosec-jobs.com

Educator, Cybersecurity

@ Brain Station | Toronto
View on infosec-jobs.com

Principal Security Engineer

@ Hippocratic AI | Palo Alto
View on infosec-jobs.com
View more jobs