Creating an IDA Python Plugin for Static XOR String Deobfuscation

In this video, we’ll explore a recent XLS document that drops and executes a DLL using RUNDLL32. The DLL is small and only used to download the next stage. However, it employs rather straight-forward string obfuscation using the bitwise XOR operation. An important skill for any reverse engineer/malware analyst is to be able to create plugins to assist in statically decoding these strings and doing so across the entire disassembly database. This video is intended to get you started creating IDA Plugins with Python, recognize the importance of deobfuscating strings and work on translating assembly to a higher-level language (i.e….

Read more

Network Analysis with Arkime is now Live on Pluralsight!

Analyzing network traffic is an important step in developing a proactive threat hunting program. This course will teach you how to perform network traffic analysis using Arkime to find threats in your network. https://www.pluralsight.com/courses/network-analysis-arkime Finding undetected threats in your network through proactive network analysis requires the right tools. In this course, Network Analysis with Arkime, you’ll learn how to utilize Arkime to detect anomalous or malicious network traffic in an enterprise environment. First, you’ll gain insight into how to detect common malware delivery patterns. Next, you’ll learn how to use Arkime to identify malware command and control. Finally, you’ll utilize…

Read more