That's awesome to hear thanks very much : ))

Stay tuned, I think we will cover some C2 stuff soon : )

Hey that's awesome to hear. Thank you so much : )))

🤣🤣🤣🤣

: ))))

OMG yeh sorry about that. I thought it was 4 F's not five haha. Wanted to leave that in there though so you can all have a peak behind the curtain of how these things are made : )

Thanks! That's awesome to hear!

You can highlight the function and press "n" to open the name text box like you see in the video.

@@OALABS ohh

@@OALABS also one question, is theres anyway to generate all byte codes of functions?

I'm not sure what you mean, but if you have a specific example feel free to jump on our discord and ask there. Make sure you are specific though and post a link to the sample you are analyzing.

You can check out our old IDA tips video... it's from a while ago so the editing isn't quite as good but it might have some info that is useful for you kzbin.info/www/bejne/p3S0g36Clt9lpLM

Thanks for the feedback, we will make more like this in the future for sure. We also have an older (lower quality) vid where we talk about how to defeat some anti-analysis tricks kzbin.info/www/bejne/jZ2oaZSYmJ2JY5Y I'm not sure if that covers everything you are looking for but it's a start.

Thanks : )

Yes this is a great idea and something we have been trying to arrange with Josh for a while. We have just suffered from such a busy schedule that we haven't had a chance to arrange another collaboration. This is definitely going to happen though.

Yes exactly. The imports are resolved dynamically at runtime and called directly.

If you scroll down I thing your question is similar to @Do py's. You might be interested in some of the resources Micheal and I recommended to them.

That would be a neat tutorial, but that's pretty rare since it's a lot more work for the malware developer. This sort of block-table import resolving is pretty much the standard unless the malware dev has spent a lot of time on it. The only malware that I know of that does individual import resolving is Dridex and they have their own macros for it. If you send me some hashes of other malware that does this I could maybe make a tutorial out of it?

@@BSOD.Enjoyer 牛逼

"Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software" is pretty much the industry standard to get started from what I've heard. It's a pretty good read to get some of the basic concepts in your head. Other than that, honestly just jumping in and playing with IDA or a debugger for a bit to get familiar with it a little bit.

We actually get this question a lot, and if you scroll through the comments of our other videos you will see we have had a few pretty long answers over the years. I agree with what Michael said, that's a good book if you are interested. But if you are like me and you prefer to learn hands on with videos etc. I highly recommend these other channels too: Colin Hardy kzbin.info/door/ND1KVdVt8A580SjdaS4cZg Malware Analysis for Hedgehogs kzbin.info/door/VFXrUwuWxNlm6UNZtBLJ-A Hasherezade kzbin.info/door/NWVswPNgn5kutPNa5sprkg Also for written content I think the Dr. Fu blog is amazing! fumalwareanalysis.blogspot.com/p/malware-analysis-tutorials-reverse.html Good luck! And feel free to drop any questions you have in the chat here.

Oh also, all this free course work from opensecuritytraining.info/. It's a bit boring since it's just recorded college lectures but if you are looking for a very thorough free resource it can't be beat!

That's a great question, and it depends on what you need to do. In most of our tutorials we demonstrate how to quickly triage malware; unpack it and get it ready for reverse engineering. In this tutorial we are starting to show how you begin actually reverse engineering malware. So what's the difference? If you just need to quickly identify the malware and what it does, using the dynamic trick we showed in part 1 of this tutorial will work great and it's nice and fast. However, if you need to report on this malware you may get questions like, how do they resolve their imports, have you seen this import resolving technique used in other malware, is there anything unique we can use to identify this malware by based on the way it resolves imports, etc. These questions can't be answered without fully reversing the malware. That is the main difference between triage, and proper reverse engineering; when you are reverse engineering your are attempting to collect as much information about the binary as possible. At the time of collection you may not understand what is relevant and what is not. There is also a practical benefit to building the IDA scripts which we will demonstrate in the next tutorial. Often when you track the evolution of malware over the course of its life cycle you will have to look at many similar samples. It is much faster to do this type of "bulk" reverse engineering with static scripts rather than having to use a debugger to build the imports each time. Apologies for the long answer but I think this question is very important as it gets at the heart of difference between proper reverse engineering, and triage.

@@OALABS Thanks for the detailed response didn't even considered the signature aspect.I guess this specific example doesn't demonstrate the benefits of static analysis all too well since as you described the method is well known and reversing the specifics doesn't bring too much new information to the table, of course it's just a tutorial and great one at that. I was using myself IDA Python to find and decrypt salted strings in some sample and it was amazing so I don't look down on static analysis in any way I just avoid it since it usually takes more time (depends on the case). Looking forward for the next video ;)

Yes I have my own private license 💸💸💸

@OALabs In your opinion, does one need x64 Hex-Rays decompiler for a malware analysis or is it sufficient to have x86 only?

@@OALABS that's cool as fuck i just pirate it running through wine or just run ghidra

@@asafcohen3562 Bro, OALabs could just crack IDA himself in like 10 mins.

😂😂😂😂

Our contact information is on our website.

@@OALABS how can I open SPRX files ?

@@OALABS to open source

Our contact info is on our website : )

@@OALABS I was thinking if you can teach how to decompile a program packed with themida. I had some problems doing it

Sorry we only analyze malware.