all InfoSec news
Malware Analysis - Decrypt NighHawk Strings with Ghidra Scripting
Dec. 4, 2022, 5:25 p.m. | MalwareAnalysisForHedgehogs
MalwareAnalysisForHedgehogs www.youtube.com
Buy me a coffee: https://ko-fi.com/struppigel
Follow me on Twitter: https://twitter.com/struppigel
Sample: https://bazaar.abuse.ch/sample/9a57919cc5c194e28acd62719487c563a8f0ef1205b65adbe535386e34e418b8/
C++ Strings layout: https://joellaity.com/2020/01/31/string.html
00:00 Intro
01:11 Finding the decryption function
06:17 Creating a proper C++ string type
12:20 Understanding the decryption function
17:14 Writing the script
24:58 Running the script & cleaning mistakes
analysis decrypt ghidra malware malware analysis scripting strings
More from www.youtube.com / MalwareAnalysisForHedgehogs
Binary Ninja - Fix unresolved stack pointer
2 months, 1 week ago |
www.youtube.com
Malware Analysis - 3 ways to deobfuscate JScript and JavaScript malware
4 months, 1 week ago |
www.youtube.com
Malware Analysis - ZPAQ to .NET downloader to Injector DLL unpacking
5 months, 4 weeks ago |
www.youtube.com
Jobs in InfoSec / Cybersecurity
Financial Crimes Compliance - Senior - Consulting - Location Open
@ EY | New York City, US, 10001-8604
Software Engineer - Cloud Security
@ Neo4j | Malmö
Security Consultant
@ LRQA | Singapore, Singapore, SG, 119963
Identity Governance Consultant
@ Allianz | Sydney, NSW, AU, 2000
Educator, Cybersecurity
@ Brain Station | Toronto
Principal Security Engineer
@ Hippocratic AI | Palo Alto