Description: In this video, we explore how to deobfuscate malware strings using conditional breakpoints in x64dbg.
Timestamps:
0:00 Intro
1:26 Running capa
2:39 Analysis with Ghidra
4:20 Static file analysis with CFF Explorer
4:40 Debugging with x64dbg
7:32 Introducing conditional breakpoints
14:35 Conditional breakpoints for code deobfuscation
Have malware analysis questions or topics you'd like me to cover? Leave a comment and let me know!
SANS Malware Analysis Courses I Author and Teach:
https://sans.org/for610 (coauthor)
https://sans.org/for710
Samples: https://github.com/as0ni/youtubefile...
Password: infected
Description: Malware for conditional breakpoint demos
Tools
Frida: https://frida.re/
x64dbg: https://x64dbg.com/
Ghidra: https://ghidrasre.org/
Capa: https://github.com/mandiant/capa
CFF Explorer: https://ntcore.com/?page_id=388
Documentation:
https://help.x64dbg.com/en/latest/int...
https://help.x64dbg.com/en/latest/int... ml
https://help.x64dbg.com/en/latest/int...
Referenced Videos:
Binary Emulation for Malware Analysis w/ John Hammond: • Make Malware Analysis FASTER with Bin...
How I Debug DLL Malware: • How I Debug DLL Malware (Emotet)
Find Anuj Soni on X: https://x.com/asoni
Connect on LinkedIn: / sonianuj