SecurityTrainings

Session 3 – Windows PE File Format Basics

This session is one of the most important session of the entire course. PE file format is the windows executable file format and a very good understanding of it will allow you to understand more advanced concepts of packers, loaders etc. Check the reference section for additional papers and books.

 

Similar posts
  • SX 4th Meetup – Defeating publi... In this awesome presentation, Raghav Pande explained the concept of public protections and showed how public exploit mitigation toolkits are not enough to protect from a targeted attack as well as how easy it is to evade all public protections.   Presentation:   [...]
  • SX 4th Meetup – Exposing the se... In this awesome presentation, Subrat Sarkar explained the concepts of Windows logon mechanism, Windows Logon architecture, Windows credential provider and showed how an attacker can take advantage of credential provider to steal Windows password in plain text and how to find and mitigate this issue.   Presentation:   [...]
  • SecurityXploded 3rd Quarterly Meetup ... Here is the quick update and presentations from our recently concluded Third ‘SecurityXploded Cyber Security Quarterly Meetup’.     In this meet, Sameer Patil delivered presentations on “Anatomy of Exploit Kits”, Satyam Saxena covered the topic on “Detecting the Malicious Url using Machine Learning” and Monnappa KA presented the topic on “Hunting the Gh0st RAT [...]
  • SX 3rd Meetup – Hunting Ghost R... In this awesome presentation, Monnappa KA explained the details of Ghost RAT malware used in various Cyber Espionage attacks. He showcased the sandbox analysis, traffic pattern and decrypting the communications of Ghost RAT from packet capture. He also demonstrated both manual and automated method of detecting and decrypting the communications of Ghost RAT using memory [...]
  • PE File Overview PE stand for Portable Executable that is native file format for Win32. Portable Executable file format is universal across all win32 platform. All Win32 executables like Control Panel Applets (.CPL ), 32bit DLLs, COM files, .NET executables and also NT’s kernel mode drivers. Note that VxDs(virtual device drivers)  and 16 bit DLLs not use PE [...]

Leave a Reply

Your email address will not be published. Required fields are marked *