1
00:00:00,840 --> 00:00:02,040
Reflective loading.

2
00:00:04,830 --> 00:00:08,730
Achieving stealth by creating processes without any trace.

3
00:00:10,050 --> 00:00:17,530
What is reflective loading reflective loading is where we try to obfuscate executable file by building

4
00:00:17,530 --> 00:00:22,440
it piece by piece dynamically on the fly using a special video call.

5
00:00:22,490 --> 00:00:23,700
In fact, if you have.

6
00:00:24,900 --> 00:00:31,860
So the existence of the file is completely unknown by engines since it is non-existent at the beginning

7
00:00:32,190 --> 00:00:39,780
and only brought in existence dynamically stiffen fuel created, especially because the reflective the

8
00:00:39,780 --> 00:00:43,950
library to turn a normal detail into a reflective gear.

9
00:00:44,550 --> 00:00:52,200
All we need to do is to include different theories like even the library when compiling it, basic concepts

10
00:00:53,280 --> 00:00:55,570
creating processes directly from memory.

11
00:00:55,590 --> 00:01:03,710
We thought that using fonts at AP library directly from memory without using any files on disk, Pato

12
00:01:03,800 --> 00:01:09,720
does not have to resign on disk and can be loaded and live only in memory.

13
00:01:10,950 --> 00:01:14,850
As such, it bypasses any AV engines and scanning files.

14
00:01:16,270 --> 00:01:18,220
Reflected, and that's not registered.

15
00:01:18,270 --> 00:01:26,250
So the operating system and also does not exist in your PB of the target process, steps to create an

16
00:01:26,250 --> 00:01:28,890
effective loader to vision and the one.

17
00:01:29,160 --> 00:01:35,940
You will need to put whatever you want to do into a you have fun and to do, then it's different.

18
00:01:36,090 --> 00:01:42,540
Was library to it and the three combined you have it will be effective.

19
00:01:42,570 --> 00:01:48,390
Yeah, I'm a fall and then year out as a chako into any Trojan.

20
00:01:49,140 --> 00:01:52,830
You may and could be first if you want to add another layer obfuscation.

21
00:01:53,920 --> 00:02:00,130
You know, five a Trojan and the six that were genuine allocate memory and run the refractive dial,

22
00:02:00,640 --> 00:02:06,640
which we then call these reflective refractive loader function to dynamically construct schoolbook fi

23
00:02:07,060 --> 00:02:10,000
executable on the fly and execute.

24
00:02:11,230 --> 00:02:16,630
So basically, these are the six steps you need to go through in order to create in order to create

25
00:02:16,630 --> 00:02:17,500
a reflective glow.

26
00:02:17,510 --> 00:02:19,930
Detroit Thank you for watching.