Malware Theory - How Packers Work, Polymorphism and Misconceptions
ฝัง
- เผยแพร่เมื่อ 6 ส.ค. 2024
- How do packers work? What is binary padding and why is not the same as polymorphism. What is polymorphism in packers? Why is a scantime crypter not a packer?
I answer those questions.
My malware analysis course for beginners: www.udemy.com/course/windows-...
Buy me a coffee: ko-fi.com/struppigel
Follow me on Twitter: / struppigel
00:00 Intro
01:01 Why learn about packers?
01:36 Packer types
02:30 How packing works
03:50 Misconception: Packers inject stub into target
05:03 How packed files execute target file
06:11 Legit and malicious packers?
07:00 Misconception: Scantime crypter are packers
08:02 Target file placement in the stub
09:12 Binary Padding and why it is no polymorphism
10:03 Polymorphic packers
10:49 Oligomorphic packers
11:47 How polymorphism helps malware evade AVs
13:36 Metamorphism does not apply to packers
Revealing Packed Malware: ieeexplore.ieee.org/document/...
#malware #malwareanalysis #reverseengineering #unpacking #packers - วิทยาศาสตร์และเทคโนโลยี
Superb! Thank you for the time it took you to write and produce this video. Education is a wonderful thing.
As always, amazing content. Very nice explanations, I especially like the hand drawing slides very intiativ and informative. 🙏
hand drawing slides... very very good, i love this :)
This was very clear and easy to follow. Thank you.
Very good video thanks for this clear to the point explanation !
Thanks for the explanation. 😘
Thanks!
Kindly more videos
hey man, I have a question, how do I test the malware that I made I don't want to upload it virustotal obviously
I just want to test without it getting detected.
Kleenscan
You mentioned common malware actors will use packers, but APTs would not. What would APTs use or otherwise do to serve the same purpose?
I misspoke. I meant samples for targeted attacks. Malware that is spread on masse needs packing for evasion in the long run, but not malware that is used once or twice for a specific target. So often targeted samples are not packed.
could u ever do a demo vedio of al this packking and all of mayb a simple metsploit payload or smthg common u see everytime
I think that's a good idea if coupled with how to unpack those again. But I cannot promise anything. I am currently very involved with other projects.
Couldnt a malware devloper use a c2 to create self morphing malware by having the malware send a request to the c2 to reobfuscate and recompile the malware then send the new malware back and have it replace the old one, this would allow for long time persistence because even if the original stub gets detected it would have already changed completely
Sure, but that is not called packing.