Скачать с ютуб 05 - How Lockbit Uses the DLL Name as a Seed for API Hashing в хорошем качестве

05 - How Lockbit Uses the DLL Name as a Seed for API Hashing

In part 05, we continue to our deep dive into Lockbit's runtime-linking. In this video, you'll see how Lockbit uses the DLL name to create a seed. This seed is used in the actual computation of the API name, which is a twist on a standard malware technique. You'll see how this technique is used and I'll discuss the broader impact it has on your reversing efforts. Join this channel to get access to perks:    / @jstrosch   Cybersecurity, reverse engineering, malware analysis and ethical hacking content! 🎓 Courses on Pluralsight 👉🏻 https://www.pluralsight.com/authors/j... 🌶️ YouTube 👉🏻 Like, Comment & Subscribe! 🙏🏻 Support my work 👉🏻   / joshstroschein   🌎 Follow me 👉🏻   / jstrosch  ,   / joshstroschein   ⚙️ Tinker with me on Github 👉🏻 https://github.com/jstrosch 🤝 Join the Discord community and more 👉🏻 https://www.thecyberyeti.com 0:30 Finding the image_base 1:25 Parsing the image dos header 3:36 DATA Directories 5:30 The IMAGE_EXPORT_DIRECTORY 6:40 AddressOf* 8:21 Checksum from a DLL name - where the seeds come from 9:15 Brief note on the UNICODE structure