Locating DLL Name from the Process Environment Block (PEB)

I often encounter software, especially when performing malware analysis, that dynamically constructs it’s own import table. This can be done for a variety of reasons and in a variety of ways. In this article, we’ll explore one method I recently encountered. I typically become suspicious of this activity when I see the following assembly instructions: mov ebx, fs:[ 0x30 ][…]

Read more

About These Videos

Many of these videos are from classes I taught at Dakota State University. Since I no longer teach them, I figured it would be beneficial to provide them here – either as a resource to my current students or to anyone that is just curious and looking for this information. Keep in mind that many of these videos were recorded[…]

Read more

02 – Joining A CTF

Once you have created an account, you may either decide to join a public or private competition. If you cannot find the competition you joined, try checking both the Live & Inactive competition tabs within the left sidemenu. Joining a public competition On the home page, click the side menu tab on the left Find a Public Competition. From here[…]

Read more