2013 Day2P04 LoB: IAT Hooking Demo | memory trong task manager quá cao

memory trong task manager quá cao. Có phải bạn đang tìm kiếm chủ đề về 2013 Day2P04 LoB: IAT Hooking Demo phải không? Nếu đúng như vậy thì mời bạn xem nó ngay tại đây. Xem thêm các video thú vị tại website

VIDEO 2013 Day2P04 LoB: IAT Hooking Demo

memory trong task manager quá cao



The class materials are available at http://www.OpenSecurityTraining.info/LifeOfBinaries.html
Follow us on Twitter for class news @OpenSecTraining.
The playlist for this class is here: http://bit.ly/1cdrfel
The full quality video can be downloaded at http://archive.org/details/opensecuritytraining

Have you ever wondered what happens when a C program is compiled and executed on a system? This three-day class by Xeno Kovah will investigate the life of a binary from birth as C source code to death as a process running in memory being terminated.

Topics will include but are not limited to:

*Scanning and tokenizing source code.

*Parsing a grammar and outputting assembly code.

*Different targets for x86 assembly object files generation. (E.g. relocatable vs. position independent code).

*Linking object files together to create a well-formed binary.

*Detailed description of the Windows PE binary format.

*How Windows loads a binary into memory and links it on the fly before executing it.

*Detailed description of the Unix/Linux/BSD ELF binary format.

Along the way we will discuss the relevance of security at different stages of a binary’s life, from how viruses *really* work, to the way which malware “packers” duplicate OS process execution functionality, to the benefit of a security-enhanced OS loader which implements address space layout randomization (ASLR).

Lab work will include:

*Using the new “Binary Scavenger Hunt” tool which creates randomized PE binaries and asks randomized questions about the material you just learned!

*Manipulating compiler options to change the type of assembly which is output

*Manipulating linker options to change the structure of binary formats

*Reading and understanding PE files with PEView

*Using WinDbg to watch the loader resolve imports in an executable

*Using Thread Local Storage (TLS) to obfuscate control flow and serve as a basic anti-debug mechanism

*Creating a simple example virus for PE

*Analyze the changes made to the binary format when a file is packed with UPX

*Using the rootkit technique of Import Address Table (IAT) hooking to subvert the integrity of a program’s calls to external libraries, allowing processes to be hidden.

The prerequisites for this class are a basic understanding of C programming and compilation. This class is recommended for a later class on Rootkits (playlist: http://bit.ly/HLkPVG) as we talk about IAT Hooking, and required for a later class on malware analysis.

Picture 2013 Day2P04 LoB: IAT Hooking Demo

Tag 2013 Day2P04 LoB: IAT Hooking Demo

memory trong task manager quá cao,OpenSecurityTraining.info,Computer security class,security,Computer Security,Cyber Security,Host Security,binaries,binary executable format,Windows executable,Windows PE,PE,PE/COFF,Portable Executable,parsing,lexing,tokenizing,concrete syntax tree,parse tree,abstract syntax tree,abstract assembly tree,context free grammars,compiling,linking,x86 assembly,IAT,IAT hooking,EAT,TLS,DEP,ASLR,SEH,computer virus,packers,UPX,debugging,WinDbg,ELF binary format,ELF

Xem thêm bài viết thuộc chuyên mục: Tổng hợp