Alexei Bulazel — Inside MpEngine.dll: Reverse Engineering Windows Defender's JavaScript Engine from binary function in java Watch Video
Preview(s):
Gallery
Play Video: (Note: The default playback of the video is HD VERSION. If your browser is buffering the video slowly, please play the REGULAR MP4 VERSION or Open The Video below for better experience. Thank you!)
⏲ Duration: 39 min 14 sec ✓ Published: 08-Jun-2018
Description: Windows Defender’s MpEngine.dll implements the core of Defender’s functionality in an enormous ~11 MB, 45,000+ function DLL. In this presentation, we’ll look at the ~1,200 functions that comprise Defender’s proprietary JavaScript engine, which is used for analyzing potentially malicious JS code. Defender implements a full JS engine, though it is significantly simpler than the engines found in modern web browsers, so it is a tractable target for reverse engineering from binary.nnWe’ll c
Play Video: (Note: The default playback of the video is HD VERSION. If your browser is buffering the video slowly, please play the REGULAR MP4 VERSION or Open The Video below for better experience. Thank you!)