Dr Josh Stroschein - The Cyber Yeti

malware analysis

reverse engineering

threat hunting

network traffic analysis

software security

cyber security

how to

cyber security

free cyber security tutorials

ida pro

cybersecurity news

cybersecurity 101

cyber security day in the life of

cybersecurity for beginners

malware virus

educational videos

cyber security career

cyber security analyst

career change

malware reversing

You've found the Cyber Yeti! Here I host free cybersecurity educational content focused on malware analysis, reverse engineering and ethical hacking.

Ways to connect:
Twitter: https://twitter.com/jstrosch
LinkedIn: https://www.linkedin.com/in/joshstroschein/

Linking Object Files from C and NASM in Windows

Linking Object Files from C and NASM in Windows
Where in the world is PRINTF? Using the legacy library file to link with NASM

Where in the world is PRINTF? Using the legacy library file to link with NASM
08 - Reverse the Shell and Series Wrap-up

08 - Reverse the Shell and Series Wrap-up
07 - Populating SOCKADDR_IN and Calling Connect to Connect to The Attacker System

07 - Populating SOCKADDR_IN and Calling Connect to Connect to The Attacker System
06 - Starting to Call Windows API Functions, Getting a Socket Handle

06 - Starting to Call Windows API Functions, Getting a Socket Handle
05 - Figuring out Stack Layout for Local Variables and Structures

05 - Figuring out Stack Layout for Local Variables and Structures
04 - Loading WS2_32 with LoadLibrary and Wrapping Up Runtime Linking

04 - Loading WS2_32 with LoadLibrary and Wrapping Up Runtime Linking
03 - Runtime Linking for Kernel32 and Preparing to Load WS2_32 for Socket Communication

03 - Runtime Linking for Kernel32 and Preparing to Load WS2_32 for Socket Communication
01 - Building a Reverse Shell Game Plan with a Simple C Program

01 - Building a Reverse Shell Game Plan with a Simple C Program
02 - Exploring the Reverse Shell Source Code and API Breakdown

02 - Exploring the Reverse Shell Source Code and API Breakdown
10 - Cleaning Up our IDA Database using Offsets

10 - Cleaning Up our IDA Database using Offsets
09 - Using AddressOfNames, AddressOfOrdinals & AddressOfFunctions arrays to find function pointers!

09 - Using AddressOfNames, AddressOfOrdinals & AddressOfFunctions arrays to find function pointers!
08 - Understanding the Export Directory Structure

08 - Understanding the Export Directory Structure
07 - Parsing PE Headers to Locate the Export Directory

07 - Parsing PE Headers to Locate the Export Directory
03 - C++ Name Mangling - Identifying Operator New in IDA Pro

03 - C++ Name Mangling - Identifying Operator New in IDA Pro
01 - C++ Name Mangling - Investigating Overloaded Functions

01 - C++ Name Mangling - Investigating Overloaded Functions
02 - C++ Name Mangling - Creating Multiple Object Files

02 - C++ Name Mangling - Creating Multiple Object Files
What Are Relocations? Exploring the Relocation Table

What Are Relocations? Exploring the Relocation Table
06 - Adjusting Structure Bases for Better Reverse Engineering

06 - Adjusting Structure Bases for Better Reverse Engineering
05 - Computing Pre-Computed Hashes Instead of Using Strings

05 - Computing Pre-Computed Hashes Instead of Using Strings
04 - Using the LDR_DATA_TABLE_ENTRY Structure to Find Module Names

04 - Using the LDR_DATA_TABLE_ENTRY Structure to Find Module Names
03 - Capturing a Time-Travel Debug Trace and Identifying Usage of the PEB

03 - Capturing a Time-Travel Debug Trace and Identifying Usage of the PEB
02 - Identifying Signs of Runtime-Linking using CAPA and IDA Pro

02 - Identifying Signs of Runtime-Linking using CAPA and IDA Pro
01 - Basic Analysis of the Sample

01 - Basic Analysis of the Sample
04 - Uncovering the Final Stage Payload and Identifying the Malware Family (it's AgentTesla)

04 - Uncovering the Final Stage Payload and Identifying the Malware Family (it's AgentTesla)
03 - Identifying Use of Auto-IT Scripts, More Shellcode and Some Encryption

03 - Identifying Use of Auto-IT Scripts, More Shellcode and Some Encryption
00 - Following the Trail from an RTF Doc to AgentTesla - Analysis Objectives and the Sample

00 - Following the Trail from an RTF Doc to AgentTesla - Analysis Objectives and the Sample
01 - Initial File Triage and Shellcode Identification

01 - Initial File Triage and Shellcode Identification
02 - Identifying Shellcode Entry Point and Analyzing Common Shellcode Techniques

02 - Identifying Shellcode Entry Point and Analyzing Common Shellcode Techniques
13 - Creating an XOR Unpacking Stub

13 - Creating an XOR Unpacking Stub