Live Stream VOD: Using Angr Symbolic Execution to Remove Control Flow Obfuscation From Pandora Ransomware (Patreon)

Published:

2022-04-01 22:11:20

Imported:

2022-12

Content

In this Twitch stream we use Angr symbolic execution and IDA scripts to removed the control flow flattening obfuscation from Pandora Ransomware.

Sample

5b56c5d86347e164c6e571c86dbf5b1535eae6b979fede6ed66b01e79ea33b7b

Unpacked sample (we will be using this as our example)

2619862c382d3e375f13f3859c6ab44db1a4bce905b4a617df2390fbf36902e7

Our notes (with working code) are split between two notebooks.

Pandora Ransomware Notes (unpacking and initial analysis)

Angr Control Flow Deobfuscation (symbolic execution code)

Files

Live Stream VOD: Using Angr Symbolic Execution to Remove Control Flow Obfuscation From Pandora Ransomware

This is "Live Stream VOD: Using Angr Symbolic Execution to Remove Control Flow Obfuscation From Pandora Ransomware" by OALABS on Vimeo, the home for high...