SlideShare a Scribd company logo

PE Packers Used in Malicious Software - Part 1

ā€¢
ā€¢
A
amiable_indian

The document discusses PE packers used in malicious software. It provides a refresher on the PE file format and import address tables. It defines what a PE packer is, how they work to hide malicious payloads, and techniques used to detect if a file has been packed, such as small import tables, missing/corrupted string tables, unusually small code size, and non-standard section names. Detection of packers involves manual analysis before using tools to identify the specific packer.

TechnologyEntertainment & Humor
1 of 39
Unpacking Malware, Trojans and Worms PE Packers Used in Malicious Software ,[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Overview
Refresher #1 - PE-COFF: The Windows Executable Format. Section-By-Section
PE COFF: Refreshing the mind. ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
PE COFF: Refreshing the mind. ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
PE COFF: Refreshing the mind. ,[object Object],[object Object],[object Object],[object Object]
PE COFF: Refreshing the mind. ,[object Object],[object Object],[object Object],[object Object],[object Object]
Refresher #2 - The Who, How, What, Why of Windows Import Address Tables
Windows Import Address Table ,[object Object],[object Object],[object Object],[object Object],[object Object]
Windows Import Address Table ,[object Object],[object Object],[object Object],[object Object]
Windows Import Address Table ,[object Object],[object Object],[object Object],[object Object],[object Object]
Windows Import Address Table ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object]
What is a PE-Packer? ,[object Object],[object Object],[object Object],[object Object],[object Object]
What is a PE-Packer? ,[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object]
DOS ā€“ MZ header
PE header
Windows reads section table
Memory allocated for executable
Disk image copied to memory
Windows populates IAT of PE packer
.UNPACKER section starts executing
.UNPACKER unpacks .PACKED-DATA into memory
Unpacked, it is now larger in memory
PE Packer populates Import Table
Reset stack registers
Jump to Original Entry Point (OEP)
And it runs!
PE Packers In Malicious Software ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
PE Packers In Malicious Software ,[object Object],[object Object]
PE Packers In Malicious Software ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object]
Detecting a PE Packer ,[object Object],[object Object],[object Object],[object Object],[object Object]
Detecting a PE Packer ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Detecting a PE Packer ,[object Object],[object Object],[object Object],[object Object],[object Object]
Detecting a PE Packer ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Ā 
Detecting a PE Packer ,[object Object],[object Object],[object Object],[object Object]

Recommended

ETL Testing Overview
ETL Testing OverviewETL Testing Overview
ETL Testing Overview
Chetan Gadodia
Ā 
Text analytics
Text analyticsText analytics
Text analytics
Utkarsh Sharma
Ā 
Presentation1
Presentation1Presentation1
Presentation1
huzaifag1
Ā 
Dynamic storage allocation techniques in Compiler design
Dynamic storage allocation techniques in Compiler designDynamic storage allocation techniques in Compiler design
Dynamic storage allocation techniques in Compiler design
kunjan shah
Ā 
Databases: Locking Methods
Databases: Locking MethodsDatabases: Locking Methods
Databases: Locking MethodsDamian T. Gordon
Ā 
DBMS (Deadlock, deadlock prevention, 2phase locking)
DBMS (Deadlock, deadlock prevention, 2phase locking)DBMS (Deadlock, deadlock prevention, 2phase locking)
DBMS (Deadlock, deadlock prevention, 2phase locking)
Gaurav Solanki
Ā 
Chapter 4
Chapter 4Chapter 4
Chapter 4
ushabarad142
Ā 
Ai quantifiers
Ai quantifiersAi quantifiers
Ai quantifiers
Tayyaba Jabeen
Ā 

Recommended

ETL Testing Overview
ETL Testing OverviewETL Testing Overview
ETL Testing Overview
Chetan Gadodia
Ā 
Text analytics
Text analyticsText analytics
Text analytics
Utkarsh Sharma
Ā 
Presentation1
Presentation1Presentation1
Presentation1
huzaifag1
Ā 
Dynamic storage allocation techniques in Compiler design
Dynamic storage allocation techniques in Compiler designDynamic storage allocation techniques in Compiler design
Dynamic storage allocation techniques in Compiler design
kunjan shah
Ā 
Databases: Locking Methods
Databases: Locking MethodsDatabases: Locking Methods
Databases: Locking MethodsDamian T. Gordon
Ā 
DBMS (Deadlock, deadlock prevention, 2phase locking)
DBMS (Deadlock, deadlock prevention, 2phase locking)DBMS (Deadlock, deadlock prevention, 2phase locking)
DBMS (Deadlock, deadlock prevention, 2phase locking)
Gaurav Solanki
Ā 
Chapter 4
Chapter 4Chapter 4
Chapter 4
ushabarad142
Ā 
Ai quantifiers
Ai quantifiersAi quantifiers
Ai quantifiers
Tayyaba Jabeen
Ā 
SURAT ELEKTRONIK
SURAT ELEKTRONIKSURAT ELEKTRONIK
SURAT ELEKTRONIK
PurnamaKhalidIslamy
Ā 
2.6 backup and recovery
2.6 backup and recovery2.6 backup and recovery
2.6 backup and recoverymrmwood
Ā 
Introduction To Big Data with Hadoop and Spark - For Batch and Real Time Proc...
Introduction To Big Data with Hadoop and Spark - For Batch and Real Time Proc...Introduction To Big Data with Hadoop and Spark - For Batch and Real Time Proc...
Introduction To Big Data with Hadoop and Spark - For Batch and Real Time Proc...
Agile Testing Alliance
Ā 
Memory hierarchy unit 2 by ram k paliwal
Memory hierarchy unit 2 by ram k paliwalMemory hierarchy unit 2 by ram k paliwal
Memory hierarchy unit 2 by ram k paliwal
Ram Paliwal
Ā 
Operating System-Process Scheduling
Operating System-Process SchedulingOperating System-Process Scheduling
Operating System-Process Scheduling
Shipra Swati
Ā 
Clean code in Jupyter notebooks
Clean code in Jupyter notebooksClean code in Jupyter notebooks
Clean code in Jupyter notebooks
Katerina Nerush
Ā 
MODUL AJAR INFORMATIKA - TEKNOLOGI INFORMASI DAN KOMPUTER.pdf
MODUL AJAR INFORMATIKA - TEKNOLOGI INFORMASI DAN KOMPUTER.pdfMODUL AJAR INFORMATIKA - TEKNOLOGI INFORMASI DAN KOMPUTER.pdf
MODUL AJAR INFORMATIKA - TEKNOLOGI INFORMASI DAN KOMPUTER.pdf
FykryRichardAlMusa
Ā 
Nemesis - SAINTCON.pdf
Nemesis - SAINTCON.pdfNemesis - SAINTCON.pdf
Nemesis - SAINTCON.pdf
Will Schroeder
Ā 
File organization 1
File organization 1File organization 1
File organization 1
Rupali Rana
Ā 
Os unit 3 , process management
Os unit 3 , process managementOs unit 3 , process management
Os unit 3 , process management
Arnav Chowdhury
Ā 
Vector computing
Vector computingVector computing
Vector computing
Safayet Hossain
Ā 
BACKUP & RECOVERY IN DBMS
BACKUP & RECOVERY IN DBMSBACKUP & RECOVERY IN DBMS
BACKUP & RECOVERY IN DBMS
BaivabiNayak
Ā 
Media Penyimpanan
Media PenyimpananMedia Penyimpanan
Media Penyimpanan
ShevaniaMeidika
Ā 
Join Algorithms in MapReduce
Join Algorithms in MapReduceJoin Algorithms in MapReduce
Join Algorithms in MapReduce
Shrihari Rathod
Ā 
ETL QA
ETL QAETL QA
ETL QAdillip kar
Ā 
Database userā€™s
Database userā€™sDatabase userā€™s
Database userā€™s
Gaurang Kamat
Ā 
data stage-material
data stage-materialdata stage-material
data stage-material
Rajesh Kv
Ā 
POUG2019 - Test your PL/SQL - your database will love you
POUG2019 - Test your PL/SQL - your database will love youPOUG2019 - Test your PL/SQL - your database will love you
POUG2019 - Test your PL/SQL - your database will love you
Jacek Gebal
Ā 
Arquitetura de Memoria do PostgreSQL
Arquitetura de Memoria do PostgreSQLArquitetura de Memoria do PostgreSQL
Arquitetura de Memoria do PostgreSQL
Raul Oliveira
Ā 
Concurrency Control in Database Management System
Concurrency Control in Database Management SystemConcurrency Control in Database Management System
Concurrency Control in Database Management System
Janki Shah
Ā 
PE File Format and Packer - Inc0gnito 2016
PE File Format and Packer - Inc0gnito 2016PE File Format and Packer - Inc0gnito 2016
PE File Format and Packer - Inc0gnito 2016
Hajin Jang
Ā 
PE Packers Used in Malicious Software - Part 2
PE Packers Used in Malicious Software - Part 2PE Packers Used in Malicious Software - Part 2
PE Packers Used in Malicious Software - Part 2
amiable_indian
Ā 

More Related Content

What's hot

SURAT ELEKTRONIK
SURAT ELEKTRONIKSURAT ELEKTRONIK
SURAT ELEKTRONIK
PurnamaKhalidIslamy
Ā 
2.6 backup and recovery
2.6 backup and recovery2.6 backup and recovery
2.6 backup and recoverymrmwood
Ā 
Introduction To Big Data with Hadoop and Spark - For Batch and Real Time Proc...
Introduction To Big Data with Hadoop and Spark - For Batch and Real Time Proc...Introduction To Big Data with Hadoop and Spark - For Batch and Real Time Proc...
Introduction To Big Data with Hadoop and Spark - For Batch and Real Time Proc...
Agile Testing Alliance
Ā 
Memory hierarchy unit 2 by ram k paliwal
Memory hierarchy unit 2 by ram k paliwalMemory hierarchy unit 2 by ram k paliwal
Memory hierarchy unit 2 by ram k paliwal
Ram Paliwal
Ā 
Operating System-Process Scheduling
Operating System-Process SchedulingOperating System-Process Scheduling
Operating System-Process Scheduling
Shipra Swati
Ā 
Clean code in Jupyter notebooks
Clean code in Jupyter notebooksClean code in Jupyter notebooks
Clean code in Jupyter notebooks
Katerina Nerush
Ā 
MODUL AJAR INFORMATIKA - TEKNOLOGI INFORMASI DAN KOMPUTER.pdf
MODUL AJAR INFORMATIKA - TEKNOLOGI INFORMASI DAN KOMPUTER.pdfMODUL AJAR INFORMATIKA - TEKNOLOGI INFORMASI DAN KOMPUTER.pdf
MODUL AJAR INFORMATIKA - TEKNOLOGI INFORMASI DAN KOMPUTER.pdf
FykryRichardAlMusa
Ā 
Nemesis - SAINTCON.pdf
Nemesis - SAINTCON.pdfNemesis - SAINTCON.pdf
Nemesis - SAINTCON.pdf
Will Schroeder
Ā 
File organization 1
File organization 1File organization 1
File organization 1
Rupali Rana
Ā 
Os unit 3 , process management
Os unit 3 , process managementOs unit 3 , process management
Os unit 3 , process management
Arnav Chowdhury
Ā 
Vector computing
Vector computingVector computing
Vector computing
Safayet Hossain
Ā 
BACKUP & RECOVERY IN DBMS
BACKUP & RECOVERY IN DBMSBACKUP & RECOVERY IN DBMS
BACKUP & RECOVERY IN DBMS
BaivabiNayak
Ā 
Media Penyimpanan
Media PenyimpananMedia Penyimpanan
Media Penyimpanan
ShevaniaMeidika
Ā 
Join Algorithms in MapReduce
Join Algorithms in MapReduceJoin Algorithms in MapReduce
Join Algorithms in MapReduce
Shrihari Rathod
Ā 
Database userā€™s
Database userā€™sDatabase userā€™s
Database userā€™s
Gaurang Kamat
Ā 
data stage-material
data stage-materialdata stage-material
data stage-material
Rajesh Kv
Ā 
POUG2019 - Test your PL/SQL - your database will love you
POUG2019 - Test your PL/SQL - your database will love youPOUG2019 - Test your PL/SQL - your database will love you
POUG2019 - Test your PL/SQL - your database will love you
Jacek Gebal
Ā 
Arquitetura de Memoria do PostgreSQL
Arquitetura de Memoria do PostgreSQLArquitetura de Memoria do PostgreSQL
Arquitetura de Memoria do PostgreSQL
Raul Oliveira
Ā 
Concurrency Control in Database Management System
Concurrency Control in Database Management SystemConcurrency Control in Database Management System
Concurrency Control in Database Management System
Janki Shah
Ā 

What's hot (20)

SURAT ELEKTRONIK
SURAT ELEKTRONIKSURAT ELEKTRONIK
SURAT ELEKTRONIK
Ā 
2.6 backup and recovery
2.6 backup and recovery2.6 backup and recovery
2.6 backup and recovery
Ā 
Introduction To Big Data with Hadoop and Spark - For Batch and Real Time Proc...
Introduction To Big Data with Hadoop and Spark - For Batch and Real Time Proc...Introduction To Big Data with Hadoop and Spark - For Batch and Real Time Proc...
Introduction To Big Data with Hadoop and Spark - For Batch and Real Time Proc...
Ā 
Memory hierarchy unit 2 by ram k paliwal
Memory hierarchy unit 2 by ram k paliwalMemory hierarchy unit 2 by ram k paliwal
Memory hierarchy unit 2 by ram k paliwal
Ā 
Operating System-Process Scheduling
Operating System-Process SchedulingOperating System-Process Scheduling
Operating System-Process Scheduling
Ā 
Clean code in Jupyter notebooks
Clean code in Jupyter notebooksClean code in Jupyter notebooks
Clean code in Jupyter notebooks
Ā 
MODUL AJAR INFORMATIKA - TEKNOLOGI INFORMASI DAN KOMPUTER.pdf
MODUL AJAR INFORMATIKA - TEKNOLOGI INFORMASI DAN KOMPUTER.pdfMODUL AJAR INFORMATIKA - TEKNOLOGI INFORMASI DAN KOMPUTER.pdf
MODUL AJAR INFORMATIKA - TEKNOLOGI INFORMASI DAN KOMPUTER.pdf
Ā 
Nemesis - SAINTCON.pdf
Nemesis - SAINTCON.pdfNemesis - SAINTCON.pdf
Nemesis - SAINTCON.pdf
Ā 
File organization 1
File organization 1File organization 1
File organization 1
Ā 
Os unit 3 , process management
Os unit 3 , process managementOs unit 3 , process management
Os unit 3 , process management
Ā 
Vector computing
Vector computingVector computing
Vector computing
Ā 
BACKUP & RECOVERY IN DBMS
BACKUP & RECOVERY IN DBMSBACKUP & RECOVERY IN DBMS
BACKUP & RECOVERY IN DBMS
Ā 
Media Penyimpanan
Media PenyimpananMedia Penyimpanan
Media Penyimpanan
Ā 
Join Algorithms in MapReduce
Join Algorithms in MapReduceJoin Algorithms in MapReduce
Join Algorithms in MapReduce
Ā 
ETL QA
ETL QAETL QA
ETL QA
Ā 
Database userā€™s
Database userā€™sDatabase userā€™s
Database userā€™s
Ā 
data stage-material
data stage-materialdata stage-material
data stage-material
Ā 
POUG2019 - Test your PL/SQL - your database will love you
POUG2019 - Test your PL/SQL - your database will love youPOUG2019 - Test your PL/SQL - your database will love you
POUG2019 - Test your PL/SQL - your database will love you
Ā 
Arquitetura de Memoria do PostgreSQL
Arquitetura de Memoria do PostgreSQLArquitetura de Memoria do PostgreSQL
Arquitetura de Memoria do PostgreSQL
Ā 
Concurrency Control in Database Management System
Concurrency Control in Database Management SystemConcurrency Control in Database Management System
Concurrency Control in Database Management System
Ā 

Viewers also liked

PE File Format and Packer - Inc0gnito 2016
PE File Format and Packer - Inc0gnito 2016PE File Format and Packer - Inc0gnito 2016
PE File Format and Packer - Inc0gnito 2016
Hajin Jang
Ā 
PE Packers Used in Malicious Software - Part 2
PE Packers Used in Malicious Software - Part 2PE Packers Used in Malicious Software - Part 2
PE Packers Used in Malicious Software - Part 2
amiable_indian
Ā 
the PE format 2011/01/17
the PE format 2011/01/17the PE format 2011/01/17
the PE format 2011/01/17Ange Albertini
Ā 
PE102 - a Windows executable format overview (booklet V1)
PE102 - a Windows executable format overview (booklet V1)PE102 - a Windows executable format overview (booklet V1)
PE102 - a Windows executable format overview (booklet V1)Ange Albertini
Ā 
Pe Format
Pe FormatPe Format
Pe Format
Hexxx
Ā 
PE Trojan Detection Based on the Assessment of Static File Features
PE Trojan Detection Based on the Assessment of Static File FeaturesPE Trojan Detection Based on the Assessment of Static File Features
PE Trojan Detection Based on the Assessment of Static File FeaturesAntiy Labs
Ā 
PE File Format
PE File FormatPE File Format
PE File Format
n|u - The Open Security Community
Ā 
Exploring the Portable Executable format
Exploring the Portable Executable formatExploring the Portable Executable format
Exploring the Portable Executable format
Ange Albertini
Ā 
Reversing & malware analysis training part 3 windows pe file format basics
Reversing & malware analysis training part 3 windows pe file format basicsReversing & malware analysis training part 3 windows pe file format basics
Reversing & malware analysis training part 3 windows pe file format basics
securityxploded
Ā 
Primer on password security
Primer on password securityPrimer on password security
Primer on password security
securityxploded
Ā 
Lecture 12 malicious software
Lecture 12 malicious software Lecture 12 malicious software
Lecture 12 malicious software
rajakhurram
Ā 

Viewers also liked (13)

PE File Format and Packer - Inc0gnito 2016
PE File Format and Packer - Inc0gnito 2016PE File Format and Packer - Inc0gnito 2016
PE File Format and Packer - Inc0gnito 2016
Ā 
PE Packers Used in Malicious Software - Part 2
PE Packers Used in Malicious Software - Part 2PE Packers Used in Malicious Software - Part 2
PE Packers Used in Malicious Software - Part 2
Ā 
the PE format 2011/01/17
the PE format 2011/01/17the PE format 2011/01/17
the PE format 2011/01/17
Ā 
Protection
ProtectionProtection
Protection
Ā 
PE102 - a Windows executable format overview (booklet V1)
PE102 - a Windows executable format overview (booklet V1)PE102 - a Windows executable format overview (booklet V1)
PE102 - a Windows executable format overview (booklet V1)
Ā 
Pe Format
Pe FormatPe Format
Pe Format
Ā 
PE Trojan Detection Based on the Assessment of Static File Features
PE Trojan Detection Based on the Assessment of Static File FeaturesPE Trojan Detection Based on the Assessment of Static File Features
PE Trojan Detection Based on the Assessment of Static File Features
Ā 
Fortinet av
Fortinet avFortinet av
Fortinet av
Ā 
PE File Format
PE File FormatPE File Format
PE File Format
Ā 
Exploring the Portable Executable format
Exploring the Portable Executable formatExploring the Portable Executable format
Exploring the Portable Executable format
Ā 
Reversing & malware analysis training part 3 windows pe file format basics
Reversing & malware analysis training part 3 windows pe file format basicsReversing & malware analysis training part 3 windows pe file format basics
Reversing & malware analysis training part 3 windows pe file format basics
Ā 
Primer on password security
Primer on password securityPrimer on password security
Primer on password security
Ā 
Lecture 12 malicious software
Lecture 12 malicious software Lecture 12 malicious software
Lecture 12 malicious software
Ā 

Similar to PE Packers Used in Malicious Software - Part 1

Infragard Sept08
Infragard Sept08Infragard Sept08
Infragard Sept08
Brian Tanner
Ā 
Bypassing anti virus scanners
Bypassing anti virus scannersBypassing anti virus scanners
Bypassing anti virus scannersmartacax
Ā 
Writing a Simple OS for Fun
Writing a Simple OS for FunWriting a Simple OS for Fun
Writing a Simple OS for Fun
Sayeed Mahmud
Ā 
Post exploitation techniques on OSX and Iphone, EuSecWest 2009
Post exploitation techniques on OSX and Iphone, EuSecWest 2009Post exploitation techniques on OSX and Iphone, EuSecWest 2009
Post exploitation techniques on OSX and Iphone, EuSecWest 2009
Vincenzo Iozzo
Ā 
Bypassing anti virus scanners
Bypassing anti virus scannersBypassing anti virus scanners
Bypassing anti virus scannersmartacax
Ā 
PuppetConf 2017: Puppet Tasks: Taming ssh in a "for" loop- Alex Dreyer, Puppet
PuppetConf 2017: Puppet Tasks: Taming ssh in a "for" loop- Alex Dreyer, PuppetPuppetConf 2017: Puppet Tasks: Taming ssh in a "for" loop- Alex Dreyer, Puppet
PuppetConf 2017: Puppet Tasks: Taming ssh in a "for" loop- Alex Dreyer, Puppet
Puppet
Ā 
Reversing the dropbox client on windows
Reversing the dropbox client on windowsReversing the dropbox client on windows
Reversing the dropbox client on windows
extremecoders
Ā 
Reversingobfuscatedpythonapplications dropbox-140819110311-phpapp01
Reversingobfuscatedpythonapplications dropbox-140819110311-phpapp01Reversingobfuscatedpythonapplications dropbox-140819110311-phpapp01
Reversingobfuscatedpythonapplications dropbox-140819110311-phpapp01
Wajhi Ul Hassan Naqvi
Ā 
Big Java Chapter 1
Big Java Chapter 1Big Java Chapter 1
Big Java Chapter 1
Maria Joslin
Ā 
Making%20R%20Packages%20Under%20Windows
Making%20R%20Packages%20Under%20WindowsMaking%20R%20Packages%20Under%20Windows
Making%20R%20Packages%20Under%20Windowstutorialsruby
Ā 
Making%20R%20Packages%20Under%20Windows
Making%20R%20Packages%20Under%20WindowsMaking%20R%20Packages%20Under%20Windows
Making%20R%20Packages%20Under%20Windowstutorialsruby
Ā 
Large Scale Indexing
Large Scale IndexingLarge Scale Indexing
Large Scale Indexing
Sease
Ā 
YAPC::NA 2007 - Epic Perl Coding
YAPC::NA 2007 - Epic Perl CodingYAPC::NA 2007 - Epic Perl Coding
YAPC::NA 2007 - Epic Perl Coding
joshua.mcadams
Ā 
CyberLink LabelPrint 2.5 Exploitation Process
CyberLink LabelPrint 2.5 Exploitation ProcessCyberLink LabelPrint 2.5 Exploitation Process
CyberLink LabelPrint 2.5 Exploitation Process
Thomas Gregory
Ā 
Data analysis with pandas
Data analysis with pandasData analysis with pandas
Data analysis with pandas
Outreach Digital
Ā 
Data Analysis With Pandas
Data Analysis With PandasData Analysis With Pandas
Data Analysis With Pandas
Stephan Solomonidis
Ā 
CHAPTER 2 BASIC ANALYSIS.ppt
CHAPTER 2 BASIC ANALYSIS.pptCHAPTER 2 BASIC ANALYSIS.ppt
CHAPTER 2 BASIC ANALYSIS.ppt
ManjuAppukuttan2
Ā 
Pandas tool for data scientist
Pandas tool for data scientist Pandas tool for data scientist
Pandas tool for data scientist
MoTechInc
Ā 
2600 av evasion_deuce
2600 av evasion_deuce2600 av evasion_deuce
2600 av evasion_deuceDb Cooper
Ā 
Joxean Koret - Database Security Paradise [Rooted CON 2011]
Joxean Koret - Database Security Paradise [Rooted CON 2011]Joxean Koret - Database Security Paradise [Rooted CON 2011]
Joxean Koret - Database Security Paradise [Rooted CON 2011]RootedCON
Ā 

Similar to PE Packers Used in Malicious Software - Part 1 (20)

Infragard Sept08
Infragard Sept08Infragard Sept08
Infragard Sept08
Ā 
Bypassing anti virus scanners
Bypassing anti virus scannersBypassing anti virus scanners
Bypassing anti virus scanners
Ā 
Writing a Simple OS for Fun
Writing a Simple OS for FunWriting a Simple OS for Fun
Writing a Simple OS for Fun
Ā 
Post exploitation techniques on OSX and Iphone, EuSecWest 2009
Post exploitation techniques on OSX and Iphone, EuSecWest 2009Post exploitation techniques on OSX and Iphone, EuSecWest 2009
Post exploitation techniques on OSX and Iphone, EuSecWest 2009
Ā 
Bypassing anti virus scanners
Bypassing anti virus scannersBypassing anti virus scanners
Bypassing anti virus scanners
Ā 
PuppetConf 2017: Puppet Tasks: Taming ssh in a "for" loop- Alex Dreyer, Puppet
PuppetConf 2017: Puppet Tasks: Taming ssh in a "for" loop- Alex Dreyer, PuppetPuppetConf 2017: Puppet Tasks: Taming ssh in a "for" loop- Alex Dreyer, Puppet
PuppetConf 2017: Puppet Tasks: Taming ssh in a "for" loop- Alex Dreyer, Puppet
Ā 
Reversing the dropbox client on windows
Reversing the dropbox client on windowsReversing the dropbox client on windows
Reversing the dropbox client on windows
Ā 
Reversingobfuscatedpythonapplications dropbox-140819110311-phpapp01
Reversingobfuscatedpythonapplications dropbox-140819110311-phpapp01Reversingobfuscatedpythonapplications dropbox-140819110311-phpapp01
Reversingobfuscatedpythonapplications dropbox-140819110311-phpapp01
Ā 
Big Java Chapter 1
Big Java Chapter 1Big Java Chapter 1
Big Java Chapter 1
Ā 
Making%20R%20Packages%20Under%20Windows
Making%20R%20Packages%20Under%20WindowsMaking%20R%20Packages%20Under%20Windows
Making%20R%20Packages%20Under%20Windows
Ā 
Making%20R%20Packages%20Under%20Windows
Making%20R%20Packages%20Under%20WindowsMaking%20R%20Packages%20Under%20Windows
Making%20R%20Packages%20Under%20Windows
Ā 
Large Scale Indexing
Large Scale IndexingLarge Scale Indexing
Large Scale Indexing
Ā 
YAPC::NA 2007 - Epic Perl Coding
YAPC::NA 2007 - Epic Perl CodingYAPC::NA 2007 - Epic Perl Coding
YAPC::NA 2007 - Epic Perl Coding
Ā 
CyberLink LabelPrint 2.5 Exploitation Process
CyberLink LabelPrint 2.5 Exploitation ProcessCyberLink LabelPrint 2.5 Exploitation Process
CyberLink LabelPrint 2.5 Exploitation Process
Ā 
Data analysis with pandas
Data analysis with pandasData analysis with pandas
Data analysis with pandas
Ā 
Data Analysis With Pandas
Data Analysis With PandasData Analysis With Pandas
Data Analysis With Pandas
Ā 
CHAPTER 2 BASIC ANALYSIS.ppt
CHAPTER 2 BASIC ANALYSIS.pptCHAPTER 2 BASIC ANALYSIS.ppt
CHAPTER 2 BASIC ANALYSIS.ppt
Ā 
Pandas tool for data scientist
Pandas tool for data scientist Pandas tool for data scientist
Pandas tool for data scientist
Ā 
2600 av evasion_deuce
2600 av evasion_deuce2600 av evasion_deuce
2600 av evasion_deuce
Ā 
Joxean Koret - Database Security Paradise [Rooted CON 2011]
Joxean Koret - Database Security Paradise [Rooted CON 2011]Joxean Koret - Database Security Paradise [Rooted CON 2011]
Joxean Koret - Database Security Paradise [Rooted CON 2011]
Ā 

More from amiable_indian

Phishing As Tragedy of the Commons
Phishing As Tragedy of the CommonsPhishing As Tragedy of the Commons
Phishing As Tragedy of the Commonsamiable_indian
Ā 
Cisco IOS Attack & Defense - The State of the Art
Cisco IOS Attack & Defense - The State of the Art Cisco IOS Attack & Defense - The State of the Art
Cisco IOS Attack & Defense - The State of the Art amiable_indian
Ā 
Secrets of Top Pentesters
Secrets of Top PentestersSecrets of Top Pentesters
Secrets of Top Pentestersamiable_indian
Ā 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Securityamiable_indian
Ā 
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...amiable_indian
Ā 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CDamiable_indian
Ā 
Reverse Engineering for exploit writers
Reverse Engineering for exploit writersReverse Engineering for exploit writers
Reverse Engineering for exploit writersamiable_indian
Ā 
State of Cyber Law in India
State of Cyber Law in IndiaState of Cyber Law in India
State of Cyber Law in Indiaamiable_indian
Ā 
AntiSpam - Understanding the good, the bad and the ugly
AntiSpam - Understanding the good, the bad and the uglyAntiSpam - Understanding the good, the bad and the ugly
AntiSpam - Understanding the good, the bad and the uglyamiable_indian
Ā 
Reverse Engineering v/s Secure Coding
Reverse Engineering v/s Secure CodingReverse Engineering v/s Secure Coding
Reverse Engineering v/s Secure Codingamiable_indian
Ā 
Network Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons LearnedNetwork Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons Learnedamiable_indian
Ā 
Economic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds DissectedEconomic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds Dissectedamiable_indian
Ā 
Immune IT: Moving from Security to Immunity
Immune IT: Moving from Security to ImmunityImmune IT: Moving from Security to Immunity
Immune IT: Moving from Security to Immunityamiable_indian
Ā 
Reverse Engineering for exploit writers
Reverse Engineering for exploit writersReverse Engineering for exploit writers
Reverse Engineering for exploit writersamiable_indian
Ā 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecuritiesamiable_indian
Ā 
Web Exploit Finder Presentation
Web Exploit Finder PresentationWeb Exploit Finder Presentation
Web Exploit Finder Presentationamiable_indian
Ā 
Network Security Data Visualization
Network Security Data VisualizationNetwork Security Data Visualization
Network Security Data Visualization
amiable_indian
Ā 
Enhancing Computer Security via End-to-End Communication Visualization
Enhancing Computer Security via End-to-End Communication Visualization Enhancing Computer Security via End-to-End Communication Visualization
Enhancing Computer Security via End-to-End Communication Visualization
amiable_indian
Ā 
Top Network Vulnerabilities Over Time
Top Network Vulnerabilities Over TimeTop Network Vulnerabilities Over Time
Top Network Vulnerabilities Over Time
amiable_indian
Ā 
What are the Business Security Metrics?
What are the Business Security Metrics? What are the Business Security Metrics?
What are the Business Security Metrics?
amiable_indian
Ā 

More from amiable_indian (20)

Phishing As Tragedy of the Commons
Phishing As Tragedy of the CommonsPhishing As Tragedy of the Commons
Phishing As Tragedy of the Commons
Ā 
Cisco IOS Attack & Defense - The State of the Art
Cisco IOS Attack & Defense - The State of the Art Cisco IOS Attack & Defense - The State of the Art
Cisco IOS Attack & Defense - The State of the Art
Ā 
Secrets of Top Pentesters
Secrets of Top PentestersSecrets of Top Pentesters
Secrets of Top Pentesters
Ā 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Security
Ā 
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Ā 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CD
Ā 
Reverse Engineering for exploit writers
Reverse Engineering for exploit writersReverse Engineering for exploit writers
Reverse Engineering for exploit writers
Ā 
State of Cyber Law in India
State of Cyber Law in IndiaState of Cyber Law in India
State of Cyber Law in India
Ā 
AntiSpam - Understanding the good, the bad and the ugly
AntiSpam - Understanding the good, the bad and the uglyAntiSpam - Understanding the good, the bad and the ugly
AntiSpam - Understanding the good, the bad and the ugly
Ā 
Reverse Engineering v/s Secure Coding
Reverse Engineering v/s Secure CodingReverse Engineering v/s Secure Coding
Reverse Engineering v/s Secure Coding
Ā 
Network Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons LearnedNetwork Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons Learned
Ā 
Economic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds DissectedEconomic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds Dissected
Ā 
Immune IT: Moving from Security to Immunity
Immune IT: Moving from Security to ImmunityImmune IT: Moving from Security to Immunity
Immune IT: Moving from Security to Immunity
Ā 
Reverse Engineering for exploit writers
Reverse Engineering for exploit writersReverse Engineering for exploit writers
Reverse Engineering for exploit writers
Ā 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecurities
Ā 
Web Exploit Finder Presentation
Web Exploit Finder PresentationWeb Exploit Finder Presentation
Web Exploit Finder Presentation
Ā 
Network Security Data Visualization
Network Security Data VisualizationNetwork Security Data Visualization
Network Security Data Visualization
Ā 
Enhancing Computer Security via End-to-End Communication Visualization
Enhancing Computer Security via End-to-End Communication Visualization Enhancing Computer Security via End-to-End Communication Visualization
Enhancing Computer Security via End-to-End Communication Visualization
Ā 
Top Network Vulnerabilities Over Time
Top Network Vulnerabilities Over TimeTop Network Vulnerabilities Over Time
Top Network Vulnerabilities Over Time
Ā 
What are the Business Security Metrics?
What are the Business Security Metrics? What are the Business Security Metrics?
What are the Business Security Metrics?
Ā 

Recently uploaded

Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
Ā 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
Ā 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
Ā 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
Ā 
Dev Dives: Train smarter, not harder ā€“ active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder ā€“ active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder ā€“ active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder ā€“ active learning and UiPath LLMs for do...
UiPathCommunity
Ā 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
Ā 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
Ā 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
Ā 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
Ā 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
Ā 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
Ā 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
Ā 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
Ā 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
Ā 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
Ā 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
Ā 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
Ā 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
Ā 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
Ā 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
Ā 

Recently uploaded (20)

Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
Ā 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Ā 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Ā 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Ā 
Dev Dives: Train smarter, not harder ā€“ active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder ā€“ active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder ā€“ active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder ā€“ active learning and UiPath LLMs for do...
Ā 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
Ā 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Ā 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Ā 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Ā 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
Ā 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
Ā 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Ā 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
Ā 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
Ā 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Ā 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Ā 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Ā 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Ā 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Ā 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Ā 

PE Packers Used in Malicious Software - Part 1