Tips For Writing a .NET Static Config Extractor for Malware [ Reverse Engineering AMA ]
What are some tips for dealing with static config extraction of .NET malware? -- Big thanks to all the reverse engineers who helped us put this together! Rattle (Jesko) https://twitter.com/huettenhain https://github.com/binref/refinery Jordan (psifertex) https://twitter.com/psifertex https://binary.ninja/ Karsten https://twitter.com/struppigel https://www.youtube.com/c/MalwareAnalysisForHedgehogs Drakonia https://twitter.com/dr4k0nia https://dr4k0nia.github.io/ C3rb3ru5 https://twitter.com/c3rb3ru5d3d53c https://c3rb3ru5d3d53c.github.io/ Josh https://twitter.com/jershmagersh https://pwnage.io/ Dodo https://twitter.com/dodo_sec https://github.com/dodo-sec Washi https://twitter.com/washi_dev https://washi.dev/ ----- OALABS PATREON https://www.patreon.com/oalabs OALABS DISCORD https://discord.gg/6h5Bh5AMDU Twitch https://www.twitch.tv/oalabslive OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ -----
What are some tips for dealing with static config extraction of .NET malware? -- Big thanks to all the reverse engineers who helped us put this together! Rattle (Jesko) https://twitter.com/huettenhain https://github.com/binref/refinery Jordan (psifertex) https://twitter.com/psifertex https://binary.ninja/ Karsten https://twitter.com/struppigel https://www.youtube.com/c/MalwareAnalysisForHedgehogs Drakonia https://twitter.com/dr4k0nia https://dr4k0nia.github.io/ C3rb3ru5 https://twitter.com/c3rb3ru5d3d53c https://c3rb3ru5d3d53c.github.io/ Josh https://twitter.com/jershmagersh https://pwnage.io/ Dodo https://twitter.com/dodo_sec https://github.com/dodo-sec Washi https://twitter.com/washi_dev https://washi.dev/ ----- OALABS PATREON https://www.patreon.com/oalabs OALABS DISCORD https://discord.gg/6h5Bh5AMDU Twitch https://www.twitch.tv/oalabslive OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ -----