CATCH ME IF YOU CAN - SSTIC YOU! Marion Marschalek [email protected] 0x1338.blogspot.co.at @pinkflawd...
Transcript of CATCH ME IF YOU CAN - SSTIC YOU! Marion Marschalek [email protected] 0x1338.blogspot.co.at @pinkflawd...
![Page 1: CATCH ME IF YOU CAN - SSTIC YOU! Marion Marschalek marion@0x1338.at 0x1338.blogspot.co.at @pinkflawd Title PowerPoint Presentation Author Marion M Created Date 6/5/2014 11:50:19 AM](https://reader031.fdocuments.net/reader031/viewer/2022022006/5ac236a77f8b9a1c768db241/html5/thumbnails/1.jpg)
CATCH ME IF YOU CAN
![Page 2: CATCH ME IF YOU CAN - SSTIC YOU! Marion Marschalek marion@0x1338.at 0x1338.blogspot.co.at @pinkflawd Title PowerPoint Presentation Author Marion M Created Date 6/5/2014 11:50:19 AM](https://reader031.fdocuments.net/reader031/viewer/2022022006/5ac236a77f8b9a1c768db241/html5/thumbnails/2.jpg)
HUNTERHUNTEDand HAUNTED
![Page 3: CATCH ME IF YOU CAN - SSTIC YOU! Marion Marschalek marion@0x1338.at 0x1338.blogspot.co.at @pinkflawd Title PowerPoint Presentation Author Marion M Created Date 6/5/2014 11:50:19 AM](https://reader031.fdocuments.net/reader031/viewer/2022022006/5ac236a77f8b9a1c768db241/html5/thumbnails/3.jpg)
YOUR HUNTER TODAYMarion Marschalek
![Page 4: CATCH ME IF YOU CAN - SSTIC YOU! Marion Marschalek marion@0x1338.at 0x1338.blogspot.co.at @pinkflawd Title PowerPoint Presentation Author Marion M Created Date 6/5/2014 11:50:19 AM](https://reader031.fdocuments.net/reader031/viewer/2022022006/5ac236a77f8b9a1c768db241/html5/thumbnails/4.jpg)
ANALYST
aims to detect
MALWARE
MALWARE
aims to detect
ANALYST
![Page 5: CATCH ME IF YOU CAN - SSTIC YOU! Marion Marschalek marion@0x1338.at 0x1338.blogspot.co.at @pinkflawd Title PowerPoint Presentation Author Marion M Created Date 6/5/2014 11:50:19 AM](https://reader031.fdocuments.net/reader031/viewer/2022022006/5ac236a77f8b9a1c768db241/html5/thumbnails/5.jpg)
LEVELS of SOPHISTICATIONMass
Sophisticated Toolified
APT aAPT
EPT?
MalwareMalwareMalwareMalwareMalwareMalware
![Page 6: CATCH ME IF YOU CAN - SSTIC YOU! Marion Marschalek marion@0x1338.at 0x1338.blogspot.co.at @pinkflawd Title PowerPoint Presentation Author Marion M Created Date 6/5/2014 11:50:19 AM](https://reader031.fdocuments.net/reader031/viewer/2022022006/5ac236a77f8b9a1c768db241/html5/thumbnails/6.jpg)
while some are not all that sophisticated ....
![Page 7: CATCH ME IF YOU CAN - SSTIC YOU! Marion Marschalek marion@0x1338.at 0x1338.blogspot.co.at @pinkflawd Title PowerPoint Presentation Author Marion M Created Date 6/5/2014 11:50:19 AM](https://reader031.fdocuments.net/reader031/viewer/2022022006/5ac236a77f8b9a1c768db241/html5/thumbnails/7.jpg)
SIMULATION
DEBUGGING
VIRTUALIZATION
DISASSEMBLINGSTATIC ANALYSIS
ARTIFICIAL INTELLIGENCE
![Page 8: CATCH ME IF YOU CAN - SSTIC YOU! Marion Marschalek marion@0x1338.at 0x1338.blogspot.co.at @pinkflawd Title PowerPoint Presentation Author Marion M Created Date 6/5/2014 11:50:19 AM](https://reader031.fdocuments.net/reader031/viewer/2022022006/5ac236a77f8b9a1c768db241/html5/thumbnails/8.jpg)
SIMULATION
VIRTUALIZATION
STATIC ANALYSIS
DISASSEMBLING
DEBUGGING
ARTIFICIAL
INTELLIGENCE
![Page 9: CATCH ME IF YOU CAN - SSTIC YOU! Marion Marschalek marion@0x1338.at 0x1338.blogspot.co.at @pinkflawd Title PowerPoint Presentation Author Marion M Created Date 6/5/2014 11:50:19 AM](https://reader031.fdocuments.net/reader031/viewer/2022022006/5ac236a77f8b9a1c768db241/html5/thumbnails/9.jpg)
SIMULATION
VIRTUALIZATION
STATIC ANALYSIS
DISASSEMBLING
DEBUGGING
ARTIFICIAL
INTELLIGENCE
![Page 10: CATCH ME IF YOU CAN - SSTIC YOU! Marion Marschalek marion@0x1338.at 0x1338.blogspot.co.at @pinkflawd Title PowerPoint Presentation Author Marion M Created Date 6/5/2014 11:50:19 AM](https://reader031.fdocuments.net/reader031/viewer/2022022006/5ac236a77f8b9a1c768db241/html5/thumbnails/10.jpg)
SIMULATION
VIRTUALIZATION
STATIC ANALYSIS
DISASSEMBLING
DEBUGGING
ARTIFICIAL
INTELLIGENCE
![Page 11: CATCH ME IF YOU CAN - SSTIC YOU! Marion Marschalek marion@0x1338.at 0x1338.blogspot.co.at @pinkflawd Title PowerPoint Presentation Author Marion M Created Date 6/5/2014 11:50:19 AM](https://reader031.fdocuments.net/reader031/viewer/2022022006/5ac236a77f8b9a1c768db241/html5/thumbnails/11.jpg)
SIMULATION
VIRTUALIZATION
STATIC ANALYSIS
DISASSEMBLING
DEBUGGING
ARTIFICIAL
INTELLIGENCE
![Page 12: CATCH ME IF YOU CAN - SSTIC YOU! Marion Marschalek marion@0x1338.at 0x1338.blogspot.co.at @pinkflawd Title PowerPoint Presentation Author Marion M Created Date 6/5/2014 11:50:19 AM](https://reader031.fdocuments.net/reader031/viewer/2022022006/5ac236a77f8b9a1c768db241/html5/thumbnails/12.jpg)
SIMULATION
VIRTUALIZATION
STATIC ANALYSIS
DISASSEMBLING
DEBUGGING
ARTIFICIAL
INTELLIGENCE
...
![Page 13: CATCH ME IF YOU CAN - SSTIC YOU! Marion Marschalek marion@0x1338.at 0x1338.blogspot.co.at @pinkflawd Title PowerPoint Presentation Author Marion M Created Date 6/5/2014 11:50:19 AM](https://reader031.fdocuments.net/reader031/viewer/2022022006/5ac236a77f8b9a1c768db241/html5/thumbnails/13.jpg)
SIMULATION
VIRTUALIZATION
STATIC ANALYSIS
DISASSEMBLING
DEBUGGING
ARTIFICIAL
INTELLIGENCE
RANDOMNESS
![Page 14: CATCH ME IF YOU CAN - SSTIC YOU! Marion Marschalek marion@0x1338.at 0x1338.blogspot.co.at @pinkflawd Title PowerPoint Presentation Author Marion M Created Date 6/5/2014 11:50:19 AM](https://reader031.fdocuments.net/reader031/viewer/2022022006/5ac236a77f8b9a1c768db241/html5/thumbnails/14.jpg)
THE ANCIENT ART OF BYPASSING ANTI-ANALYSIS
![Page 15: CATCH ME IF YOU CAN - SSTIC YOU! Marion Marschalek marion@0x1338.at 0x1338.blogspot.co.at @pinkflawd Title PowerPoint Presentation Author Marion M Created Date 6/5/2014 11:50:19 AM](https://reader031.fdocuments.net/reader031/viewer/2022022006/5ac236a77f8b9a1c768db241/html5/thumbnails/15.jpg)
PEBBeingDebugged Flag: IsDebuggerPresent()
PEBNtGlobalFlag, Heap Flags
DebugPort: CheckRemoteDebuggerPresent() / NtQueryInformationProcess()
Debugger Interrupts
Timing Checks
SeDebugPrivilege
Parent Process
DebugObject: NtQueryObject()
Debugger Window
Debugger Process
Device Drivers
OllyDbg: Guard Pages
Software Breakpoint Detection
Hardware Breakpoint Detection
Patching Detection via Code Checksum Calculation
Encryption and Compression
Garbage Code and Code Permutation
Anti-Disassembly
Misdirection and Stopping Execution via Exceptions
Blocking Input
ThreadHideFromDebugger
Disabling Breakpoints
Unhandled Exception Filter
OllyDbg: OutputDebugString() Format String Bug
Process Injection
Debugger Blocker
TLS Callbacks
Stolen Bytes
API Redirection
Multi-Threaded Packers
Virtual Machines
![Page 16: CATCH ME IF YOU CAN - SSTIC YOU! Marion Marschalek marion@0x1338.at 0x1338.blogspot.co.at @pinkflawd Title PowerPoint Presentation Author Marion M Created Date 6/5/2014 11:50:19 AM](https://reader031.fdocuments.net/reader031/viewer/2022022006/5ac236a77f8b9a1c768db241/html5/thumbnails/16.jpg)
THE AWESOMENESS COMPILATIONTHE „ULTIMATE“ ANTI-DEBUGGING REFERENCE [Ferrie]http://pferrie.host22.com/papers/antidebug.pdf
THE ART OF UNPACKING [Yason]https://www.blackhat.com/presentations/bh-usa-07/Yason/Whitepaper/bh-usa-07-yason-WP.pdf
SCIENTIFIC BUT NOT ACADEMICAL OVERVIEW OF MALWARE ANTI-DEBUGGING, ANTI-DEBUGGING AND ANTI-VM TECHNIQUES [Branco, Barbosa, Neto]http://research.dissect.pe/docs/blackhat2012-paper.pdf
VIRTUAL MACHINE DETECTION ENHANCED [Rin, EP_X0FF]http://www.heise.de/security/downloads/07/1/1/8/3/5/5/9/vmde.pdf
![Page 17: CATCH ME IF YOU CAN - SSTIC YOU! Marion Marschalek marion@0x1338.at 0x1338.blogspot.co.at @pinkflawd Title PowerPoint Presentation Author Marion M Created Date 6/5/2014 11:50:19 AM](https://reader031.fdocuments.net/reader031/viewer/2022022006/5ac236a77f8b9a1c768db241/html5/thumbnails/17.jpg)
AWESOMENESS IMPLEMENTED
![Page 18: CATCH ME IF YOU CAN - SSTIC YOU! Marion Marschalek marion@0x1338.at 0x1338.blogspot.co.at @pinkflawd Title PowerPoint Presentation Author Marion M Created Date 6/5/2014 11:50:19 AM](https://reader031.fdocuments.net/reader031/viewer/2022022006/5ac236a77f8b9a1c768db241/html5/thumbnails/18.jpg)
![Page 19: CATCH ME IF YOU CAN - SSTIC YOU! Marion Marschalek marion@0x1338.at 0x1338.blogspot.co.at @pinkflawd Title PowerPoint Presentation Author Marion M Created Date 6/5/2014 11:50:19 AM](https://reader031.fdocuments.net/reader031/viewer/2022022006/5ac236a77f8b9a1c768db241/html5/thumbnails/19.jpg)
![Page 20: CATCH ME IF YOU CAN - SSTIC YOU! Marion Marschalek marion@0x1338.at 0x1338.blogspot.co.at @pinkflawd Title PowerPoint Presentation Author Marion M Created Date 6/5/2014 11:50:19 AM](https://reader031.fdocuments.net/reader031/viewer/2022022006/5ac236a77f8b9a1c768db241/html5/thumbnails/20.jpg)
UPATRESMALL | NASTY | THORNY | standardmalwareofftheshelf
PAYLOAD
PACKERPROTECTION
![Page 21: CATCH ME IF YOU CAN - SSTIC YOU! Marion Marschalek marion@0x1338.at 0x1338.blogspot.co.at @pinkflawd Title PowerPoint Presentation Author Marion M Created Date 6/5/2014 11:50:19 AM](https://reader031.fdocuments.net/reader031/viewer/2022022006/5ac236a77f8b9a1c768db241/html5/thumbnails/21.jpg)
ANTI-SIMULATION
![Page 22: CATCH ME IF YOU CAN - SSTIC YOU! Marion Marschalek marion@0x1338.at 0x1338.blogspot.co.at @pinkflawd Title PowerPoint Presentation Author Marion M Created Date 6/5/2014 11:50:19 AM](https://reader031.fdocuments.net/reader031/viewer/2022022006/5ac236a77f8b9a1c768db241/html5/thumbnails/22.jpg)
WINDOW CONFUSIONand implicit breakpoint detection
![Page 23: CATCH ME IF YOU CAN - SSTIC YOU! Marion Marschalek marion@0x1338.at 0x1338.blogspot.co.at @pinkflawd Title PowerPoint Presentation Author Marion M Created Date 6/5/2014 11:50:19 AM](https://reader031.fdocuments.net/reader031/viewer/2022022006/5ac236a77f8b9a1c768db241/html5/thumbnails/23.jpg)
*WANNABE* TIMING DEFENCE
![Page 24: CATCH ME IF YOU CAN - SSTIC YOU! Marion Marschalek marion@0x1338.at 0x1338.blogspot.co.at @pinkflawd Title PowerPoint Presentation Author Marion M Created Date 6/5/2014 11:50:19 AM](https://reader031.fdocuments.net/reader031/viewer/2022022006/5ac236a77f8b9a1c768db241/html5/thumbnails/24.jpg)
CITADEL IDA Stealth Bruteforcing
PEB!NtGlobalFlags Anti-debug r.e.d.a.c.t.e.d.
Let‘s start at the end .....
![Page 25: CATCH ME IF YOU CAN - SSTIC YOU! Marion Marschalek marion@0x1338.at 0x1338.blogspot.co.at @pinkflawd Title PowerPoint Presentation Author Marion M Created Date 6/5/2014 11:50:19 AM](https://reader031.fdocuments.net/reader031/viewer/2022022006/5ac236a77f8b9a1c768db241/html5/thumbnails/25.jpg)
. . .
![Page 26: CATCH ME IF YOU CAN - SSTIC YOU! Marion Marschalek marion@0x1338.at 0x1338.blogspot.co.at @pinkflawd Title PowerPoint Presentation Author Marion M Created Date 6/5/2014 11:50:19 AM](https://reader031.fdocuments.net/reader031/viewer/2022022006/5ac236a77f8b9a1c768db241/html5/thumbnails/26.jpg)
![Page 27: CATCH ME IF YOU CAN - SSTIC YOU! Marion Marschalek marion@0x1338.at 0x1338.blogspot.co.at @pinkflawd Title PowerPoint Presentation Author Marion M Created Date 6/5/2014 11:50:19 AM](https://reader031.fdocuments.net/reader031/viewer/2022022006/5ac236a77f8b9a1c768db241/html5/thumbnails/27.jpg)
WITH DEBUGGER
WITHOUT DEBUGGER
![Page 28: CATCH ME IF YOU CAN - SSTIC YOU! Marion Marschalek marion@0x1338.at 0x1338.blogspot.co.at @pinkflawd Title PowerPoint Presentation Author Marion M Created Date 6/5/2014 11:50:19 AM](https://reader031.fdocuments.net/reader031/viewer/2022022006/5ac236a77f8b9a1c768db241/html5/thumbnails/28.jpg)
CVE-2014-1776
.html vshow.swf
cmmon.js
Heap Preparation
Timer Registration
Eval ( something)
Prepare ROP Chain
Corrupt Memory
Fill SoundObject with Shellcode
Invoke SoundObject.toString()
![Page 29: CATCH ME IF YOU CAN - SSTIC YOU! Marion Marschalek marion@0x1338.at 0x1338.blogspot.co.at @pinkflawd Title PowerPoint Presentation Author Marion M Created Date 6/5/2014 11:50:19 AM](https://reader031.fdocuments.net/reader031/viewer/2022022006/5ac236a77f8b9a1c768db241/html5/thumbnails/29.jpg)
SNEAKY EXPLOITBEING SNEAKY
![Page 30: CATCH ME IF YOU CAN - SSTIC YOU! Marion Marschalek marion@0x1338.at 0x1338.blogspot.co.at @pinkflawd Title PowerPoint Presentation Author Marion M Created Date 6/5/2014 11:50:19 AM](https://reader031.fdocuments.net/reader031/viewer/2022022006/5ac236a77f8b9a1c768db241/html5/thumbnails/30.jpg)
...DECODING OF THE ACTUAL EXPLOIT
![Page 31: CATCH ME IF YOU CAN - SSTIC YOU! Marion Marschalek marion@0x1338.at 0x1338.blogspot.co.at @pinkflawd Title PowerPoint Presentation Author Marion M Created Date 6/5/2014 11:50:19 AM](https://reader031.fdocuments.net/reader031/viewer/2022022006/5ac236a77f8b9a1c768db241/html5/thumbnails/31.jpg)
ALMOST WONDERFUL wonderfl
![Page 32: CATCH ME IF YOU CAN - SSTIC YOU! Marion Marschalek marion@0x1338.at 0x1338.blogspot.co.at @pinkflawd Title PowerPoint Presentation Author Marion M Created Date 6/5/2014 11:50:19 AM](https://reader031.fdocuments.net/reader031/viewer/2022022006/5ac236a77f8b9a1c768db241/html5/thumbnails/32.jpg)
![Page 33: CATCH ME IF YOU CAN - SSTIC YOU! Marion Marschalek marion@0x1338.at 0x1338.blogspot.co.at @pinkflawd Title PowerPoint Presentation Author Marion M Created Date 6/5/2014 11:50:19 AM](https://reader031.fdocuments.net/reader031/viewer/2022022006/5ac236a77f8b9a1c768db241/html5/thumbnails/33.jpg)
MIUREF
Once upon a time ...
and it‘s packer
![Page 34: CATCH ME IF YOU CAN - SSTIC YOU! Marion Marschalek marion@0x1338.at 0x1338.blogspot.co.at @pinkflawd Title PowerPoint Presentation Author Marion M Created Date 6/5/2014 11:50:19 AM](https://reader031.fdocuments.net/reader031/viewer/2022022006/5ac236a77f8b9a1c768db241/html5/thumbnails/34.jpg)
Visual Basic 6.0Microsoft, 1998
Object-based / event-driven
Rapid Application Development
Replaced by VB .NET in 2002
End of support in 2008
VB6
![Page 35: CATCH ME IF YOU CAN - SSTIC YOU! Marion Marschalek marion@0x1338.at 0x1338.blogspot.co.at @pinkflawd Title PowerPoint Presentation Author Marion M Created Date 6/5/2014 11:50:19 AM](https://reader031.fdocuments.net/reader031/viewer/2022022006/5ac236a77f8b9a1c768db241/html5/thumbnails/35.jpg)
VB6 IS NOT DEAD
![Page 36: CATCH ME IF YOU CAN - SSTIC YOU! Marion Marschalek marion@0x1338.at 0x1338.blogspot.co.at @pinkflawd Title PowerPoint Presentation Author Marion M Created Date 6/5/2014 11:50:19 AM](https://reader031.fdocuments.net/reader031/viewer/2022022006/5ac236a77f8b9a1c768db241/html5/thumbnails/36.jpg)
NATIVE CODE
![Page 37: CATCH ME IF YOU CAN - SSTIC YOU! Marion Marschalek marion@0x1338.at 0x1338.blogspot.co.at @pinkflawd Title PowerPoint Presentation Author Marion M Created Date 6/5/2014 11:50:19 AM](https://reader031.fdocuments.net/reader031/viewer/2022022006/5ac236a77f8b9a1c768db241/html5/thumbnails/37.jpg)
PSEUDO CODE
![Page 38: CATCH ME IF YOU CAN - SSTIC YOU! Marion Marschalek marion@0x1338.at 0x1338.blogspot.co.at @pinkflawd Title PowerPoint Presentation Author Marion M Created Date 6/5/2014 11:50:19 AM](https://reader031.fdocuments.net/reader031/viewer/2022022006/5ac236a77f8b9a1c768db241/html5/thumbnails/38.jpg)
P-CODETRANSLATION
P-code mnemonics
interpreted
by msvbvm60.dll
handler13:ExitProcHresult...
handler14:ExitProc...
handler15:ExitProcI2...
... FC C8 13 76 ...
![Page 39: CATCH ME IF YOU CAN - SSTIC YOU! Marion Marschalek marion@0x1338.at 0x1338.blogspot.co.at @pinkflawd Title PowerPoint Presentation Author Marion M Created Date 6/5/2014 11:50:19 AM](https://reader031.fdocuments.net/reader031/viewer/2022022006/5ac236a77f8b9a1c768db241/html5/thumbnails/39.jpg)
DY
NA
MIC
A
NA
LYSIS
![Page 40: CATCH ME IF YOU CAN - SSTIC YOU! Marion Marschalek marion@0x1338.at 0x1338.blogspot.co.at @pinkflawd Title PowerPoint Presentation Author Marion M Created Date 6/5/2014 11:50:19 AM](https://reader031.fdocuments.net/reader031/viewer/2022022006/5ac236a77f8b9a1c768db241/html5/thumbnails/40.jpg)
DECOMPILATION
![Page 41: CATCH ME IF YOU CAN - SSTIC YOU! Marion Marschalek marion@0x1338.at 0x1338.blogspot.co.at @pinkflawd Title PowerPoint Presentation Author Marion M Created Date 6/5/2014 11:50:19 AM](https://reader031.fdocuments.net/reader031/viewer/2022022006/5ac236a77f8b9a1c768db241/html5/thumbnails/41.jpg)
ADVANCEDSTATIC
ANALYSIS
![Page 42: CATCH ME IF YOU CAN - SSTIC YOU! Marion Marschalek marion@0x1338.at 0x1338.blogspot.co.at @pinkflawd Title PowerPoint Presentation Author Marion M Created Date 6/5/2014 11:50:19 AM](https://reader031.fdocuments.net/reader031/viewer/2022022006/5ac236a77f8b9a1c768db241/html5/thumbnails/42.jpg)
DEBUGGING
![Page 43: CATCH ME IF YOU CAN - SSTIC YOU! Marion Marschalek marion@0x1338.at 0x1338.blogspot.co.at @pinkflawd Title PowerPoint Presentation Author Marion M Created Date 6/5/2014 11:50:19 AM](https://reader031.fdocuments.net/reader031/viewer/2022022006/5ac236a77f8b9a1c768db241/html5/thumbnails/43.jpg)
DEBUGGING
![Page 44: CATCH ME IF YOU CAN - SSTIC YOU! Marion Marschalek marion@0x1338.at 0x1338.blogspot.co.at @pinkflawd Title PowerPoint Presentation Author Marion M Created Date 6/5/2014 11:50:19 AM](https://reader031.fdocuments.net/reader031/viewer/2022022006/5ac236a77f8b9a1c768db241/html5/thumbnails/44.jpg)
![Page 45: CATCH ME IF YOU CAN - SSTIC YOU! Marion Marschalek marion@0x1338.at 0x1338.blogspot.co.at @pinkflawd Title PowerPoint Presentation Author Marion M Created Date 6/5/2014 11:50:19 AM](https://reader031.fdocuments.net/reader031/viewer/2022022006/5ac236a77f8b9a1c768db241/html5/thumbnails/45.jpg)
EVER HEARD OF.. kernel33.dll ?
![Page 46: CATCH ME IF YOU CAN - SSTIC YOU! Marion Marschalek marion@0x1338.at 0x1338.blogspot.co.at @pinkflawd Title PowerPoint Presentation Author Marion M Created Date 6/5/2014 11:50:19 AM](https://reader031.fdocuments.net/reader031/viewer/2022022006/5ac236a77f8b9a1c768db241/html5/thumbnails/46.jpg)
Dynamic API Loading
... Crap.
![Page 47: CATCH ME IF YOU CAN - SSTIC YOU! Marion Marschalek marion@0x1338.at 0x1338.blogspot.co.at @pinkflawd Title PowerPoint Presentation Author Marion M Created Date 6/5/2014 11:50:19 AM](https://reader031.fdocuments.net/reader031/viewer/2022022006/5ac236a77f8b9a1c768db241/html5/thumbnails/47.jpg)
BACK TO STEALTH MODE
![Page 48: CATCH ME IF YOU CAN - SSTIC YOU! Marion Marschalek marion@0x1338.at 0x1338.blogspot.co.at @pinkflawd Title PowerPoint Presentation Author Marion M Created Date 6/5/2014 11:50:19 AM](https://reader031.fdocuments.net/reader031/viewer/2022022006/5ac236a77f8b9a1c768db241/html5/thumbnails/48.jpg)
Ou lá lá... x86 !
POST VB6 PACKER POST C++ PACKER
![Page 49: CATCH ME IF YOU CAN - SSTIC YOU! Marion Marschalek marion@0x1338.at 0x1338.blogspot.co.at @pinkflawd Title PowerPoint Presentation Author Marion M Created Date 6/5/2014 11:50:19 AM](https://reader031.fdocuments.net/reader031/viewer/2022022006/5ac236a77f8b9a1c768db241/html5/thumbnails/49.jpg)
C++ PACKER VB6 PACKER