Home
Artists
Search Recent Random
Posts
Search DMs Popular Hash Lookup Tags Random
Importer
Import FAQ
Register
Partychan Matrix ThePornDude
Home Artists Posts Import Register
Patreon importer is back online! Tell your friends ✅

Live Stream VOD: Indirect Syscalls and The PikaBot Loader (Patreon)

Published:
2024-03-02 19:57:09
Imported:
Tags:

Content

In this stream we take a look at the new PikaBot loader which uses indirect syscalls to evade AV/EDR. As part of the analysis we develop a quick way to trace indirect syscalls with x64dbg and use this method to unpack the final payload.

Syscall work starts around the 40min mark 😉

Sample

fd8c7df2940c86b821c05d9376f7dc3716306f8e0a933e2e161da09989907ca3 [UnpacMe]

Files

Live Stream VOD: Indirect Syscalls and The PikaBot Loader

Comments

m4n0w4r

Another useful note: https://blog.krakz.fr/notes/syswhispers2/

oalabs
>>132122876

That's a great point, if you want more info on direct syscalls we did a stream on this a few years back demonstrating syswhispers https://www.youtube.com/watch?v=Uba3SQH2jNE

m4n0w4r
>>132122876

Thanks so much ! Before the above note, I also wrote my quick note here: https://kienmanowar.wordpress.com/2024/01/06/quicknote-technical-analysis-of-recent-pikabot-core-module/