Join us as we reverse engineer Warzone Rat! Expand for more details.... ----- OALABS DISCORD / discord OALABS PATREON / oalabs OALABS TIP JAR https://ko-fi.com/oalabs OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ ----- Chapters: 0:00 Introduction 4:25 Setting Up IDA 6:15 How to Force hex-rays to Decompile All Functions 7:42 Methodology for Identifying an Embedded Configuration File 9:16 C++ Reversing Basics 18:53 Adding a Struct in IDA 22:10 Fixing Incorrect Struct Size 26:39 Quickly Reversing Functionality 28:42 Reverse Engineering With Structs 32:04 Malware Trick Used to Locate Address in Memory 36:43 Walking a PE File Using Pointers 41:21 Creating and Importing IDC Files Automated unpacking: https://www.unpac.me/#/ Unpacked sample https://malshare.com/sample.php?actio... IDC script (download don't copy paste): https://gist.github.com/herrcore/ccf4... The following tutorials may help with some of the basic concepts presented in this video. C++ Reversing Basics • Reverse Engineering C++ Malware With IDA Pro IDA Pro Microcode and x86 Calling Conventions • IDA Pro Decompiler Basics Microcode and x8... RC4 Crypto • Reverse Engineering RC4 Crypto For Malware... Feedback, questions, and suggestions are always welcome : ) Sergei / herrcore Sean / seanmw As always check out our tools, tutorials, and more content over at https://www.openanalysis.net #ReverseEngineering #Malware #WarZoneRat