An overview to unpacking methods, when to apply them and what generic approach to use for unpacking malware. Malware analysis courses: Follow me on Twitter: infographics: %20Environments/Infographics/ Additional resources: - Packer identification: - Virtualization based obfuscation: - Skim for obvious XOR encryption: - Run and Dump with PE-Sieve: - Debugging and Breakpoints - Agniane Stealer: - Memory Mapping: - Dumpulator: - Self-Extracting Patch: Tools: mal_unpack: binary refinery: CyberChef: 00:00 Intro 01:00 Five unpacking methods 03:50 Generic unpacking approach 04:17 Identification 06:10 Skim for obvious encryption 08:03 Run and Dump 08:27 Debugger and Breakpoints 11:30 Emulation and Self-Extracting Patch #packers #unpacking #reverseengineering #injection