Home
Artists
Search Recent Random
Posts
Search DMs Popular Hash Lookup Tags Random
Importer
Import FAQ
Register
Partychan Telegram Live Sex ThePornDude
Home Artists Posts Import Register

Live Stream VOD: Indirect Syscalls and The PikaBot Loader (Patreon)

Published:
2024-03-02 19:57:09
Imported:
Tags:

Content

In this stream we take a look at the new PikaBot loader which uses indirect syscalls to evade AV/EDR. As part of the analysis we develop a quick way to trace indirect syscalls with x64dbg and use this method to unpack the final payload.

Syscall work starts around the 40min mark 😉

Sample

fd8c7df2940c86b821c05d9376f7dc3716306f8e0a933e2e161da09989907ca3 [UnpacMe]

Files

Live Stream VOD: Indirect Syscalls and The PikaBot Loader

Comments

m4n0w4r

Another useful note: https://blog.krakz.fr/notes/syswhispers2/

oalabs
>>132122876

That's a great point, if you want more info on direct syscalls we did a stream on this a few years back demonstrating syswhispers https://www.youtube.com/watch?v=Uba3SQH2jNE

m4n0w4r
>>132122876

Thanks so much ! Before the above note, I also wrote my quick note here: https://kienmanowar.wordpress.com/2024/01/06/quicknote-technical-analysis-of-recent-pikabot-core-module/