GoSecure Malware Unpacking Workshop
- Learn to Unpack Malware IRL
- Real Samples
- Real Tools
- Real Experience
docs/index.pdf
contains the slides and solutions
samples/
contains all the samples and stages
workshop.zip
contains the working files for students
Getting Started
- Download Malboxes https://github.com/GoSecure/malboxes
- Try the samples yourself / follow the slides
Real World Samples
- NJRat
- Sofacy / FancyBear
- KPot
- Stuxnet
Solutions
- 0.bin - NJRat Unpacking - https://www.youtube.com/watch?v=PML0_AKM538
- 3.bin - Stuxnet Unpacking Stage 1 - https://www.youtube.com/watch?v=fr88tu7B3bU
- 3.bin - Stuxnet Unpacking Stage 2 - https://www.youtube.com/watch?v=dJleiAlMtl8