Description: In this video, we explore how to deobfuscate malware strings using conditional breakpoints in x64dbg.

Timestamps:
0:00 Intro
1:26 Running capa
2:39 Analysis with Ghidra
4:20 Static file analysis with CFF Explorer
4:40 Debugging with x64dbg
7:32 Introducing conditional breakpoints
14:35 Conditional breakpoints for code deobfuscation

Have malware analysis questions or topics you'd like me to cover? Leave a comment and let me know!

SANS Malware Analysis Courses I Author and Teach:
https://sans.org/for610 (coauthor)
https://sans.org/for710

Samples: https://github.com/as0ni/youtubefile...
Password: infected
Description: Malware for conditional breakpoint demos

Tools
Frida: https://frida.re/
x64dbg: https://x64dbg.com/
Ghidra: https://ghidrasre.org/
Capa: https://github.com/mandiant/capa
CFF Explorer: https://ntcore.com/?page_id=388

Documentation:
https://help.x64dbg.com/en/latest/int...
https://help.x64dbg.com/en/latest/int... ml
https://help.x64dbg.com/en/latest/int...

Referenced Videos:
Binary Emulation for Malware Analysis w/ John Hammond:    • Make Malware Analysis FASTER with Bin...  
How I Debug DLL Malware:    • How I Debug DLL Malware (Emotet)  

Find Anuj Soni on X: https://x.com/asoni
Connect on LinkedIn:   / sonianuj