Awesome that you are going to produce more videos this year! I tried weekly publishing too but found it hard to keep up with all the other stuff going on in life. So I just decided to be more flexible and relaxed with that. The IDAPython book is a good advice. I haven't done IDA scripting before although I intended to. It's fun to watch you when you are amused about stuff like the shortcut R actually turning the character into "r". X)
Thanks so much : ) Yeh producing one video a week is pretty demanding but there are two of us so we can share the work, I couldn't imagine trying to do this by myself. Alex's book is great! I can't recommend it enough... he has taught me so much about scripting. We are really working hard to do an episode with him. Thanks again for the support : ))
I was screaming at the screen when you looked at data instead of out the first time (when you had implemented the algo without the sub of the counter).
Yes for sure (see our recent video on lazy string decryption) but we wanted to show how to introduce some scripting into your analysis. In many cases you may have an unpacked dump that cannot be debugged and you will have to do it statically... then this tutorial would be useful : )
Links to download the samples are always provided in the description of the video. You need to expand the description to see them. We use malshare which is a free malware sharing platform for researchers. You will need to register for a free account then you can download the sample from the links provided.
Awesome! I'm not really familiar with BinaryNinja but I find your comment super interesting: "BinaryNinja does not support collapsing parts of the code which is why we NOP and then look at the code in IL view which optimizes the NOPs away." I think this is a really cool tip for those who are using BinaryNinja as their primary analysis tool.
Awesome that you are going to produce more videos this year! I tried weekly publishing too but found it hard to keep up with all the other stuff going on in life. So I just decided to be more flexible and relaxed with that.
The IDAPython book is a good advice. I haven't done IDA scripting before although I intended to.
It's fun to watch you when you are amused about stuff like the shortcut R actually turning the character into "r". X)
Thanks so much : )
Yeh producing one video a week is pretty demanding but there are two of us so we can share the work, I couldn't imagine trying to do this by myself. Alex's book is great! I can't recommend it enough... he has taught me so much about scripting. We are really working hard to do an episode with him. Thanks again for the support : ))
This is awesome! Thank you! It's very helpful and fun to watch how you use Python to solve these issues.
Awesome video, I have seen ida scripting usage for the first time. Thank you
My request. Thanks so much.
I always waiting for next part.
Thanks for the interesting sample! Part 2 drops next week!
I was screaming at the screen when you looked at data instead of out the first time (when you had implemented the algo without the sub of the counter).
haha! I know right! I had to leave that in there in the final cut : ))
cant you just run the debugger past the decryption function and dump the memory afterwards and it will be the decrypted file ready to run?
Yes for sure (see our recent video on lazy string decryption) but we wanted to show how to introduce some scripting into your analysis. In many cases you may have an unpacked dump that cannot be debugged and you will have to do it statically... then this tutorial would be useful : )
Hi I'm trying to get the sample of this malware from the link above.
I know it's probably old, but anyway... there is any chance to get this malware ?
Links to download the samples are always provided in the description of the video. You need to expand the description to see them. We use malshare which is a free malware sharing platform for researchers. You will need to register for a free account then you can download the sample from the links provided.
Thanks for the great videos!
I'll converted the script to BinaryNinja: github.com/Tomasuh/various/blob/master/BinaryNinja-scripts/nop-it.py
Awesome! I'm not really familiar with BinaryNinja but I find your comment super interesting: "BinaryNinja does not support collapsing parts of the code which is why we NOP and then look at the code in IL view which optimizes the NOPs away."
I think this is a really cool tip for those who are using BinaryNinja as their primary analysis tool.