Hi! I just used the virtual size - assuming that size should match up since we are working with the process image. I haven't used this technique extensively so there could be plenty of issues, but for the most part it seems to work well :) Let me know if this helps.
I liked the idea of pivotting between IOCs from Threat intellegnce reports to get what you missed from that unreashable endpoint.
Thanks!
This is awesome. Thanks for sharing Josh
Glad to hear - you're very welcome!
Thanks!
Welcome!
Great content, thanks for sharing Josh. I just wanted to know how you determined the raw size when making the raw address same as virtual address ?
Hi! I just used the virtual size - assuming that size should match up since we are working with the process image. I haven't used this technique extensively so there could be plenty of issues, but for the most part it seems to work well :) Let me know if this helps.
This is so cool i was wondering could you make a video on rebuilding a virtual function table with ghidra
I’ve added it to my list of topics :) Thanks for the suggestion.
great content :D
Thank you :)