- Apr 9, 2020
- 667
Ghidra makes scripting very easy. I show how to deobfuscate strings in a NightHawk malware sample.
00:00 Intro
01:11 Finding the decryption function
06:17 Creating a proper C++ string type
12:20 Understanding the decryption function
17:14 Writing the script
24:58 Running the script & cleaning mistakes
00:00 Intro
01:11 Finding the decryption function
06:17 Creating a proper C++ string type
12:20 Understanding the decryption function
17:14 Writing the script
24:58 Running the script & cleaning mistakes