1
00:00:00,780 --> 00:00:02,010
Hello, welcome back.

2
00:00:02,550 --> 00:00:12,900
This is the video on shellcode reflective the injection, also known as the high use technique used

3
00:00:12,900 --> 00:00:18,090
to lure the binaries reflectively and passing parameters to each.

4
00:00:22,960 --> 00:00:30,850
Comparison between reflective loading, also known as Harlow versus Shark Effect FTA injection, also

5
00:00:30,850 --> 00:00:39,400
known as the eye in stiffen viewers are l o effective loading.

6
00:00:39,910 --> 00:00:46,970
You have access to the source code of their DNA and you want to convert to become the reflective gear.

7
00:00:49,030 --> 00:00:56,530
But what if you don't have to source goods like if you only have two binary only the idea of a binary?

8
00:00:56,710 --> 00:00:57,850
We thought this was good.

9
00:00:58,750 --> 00:00:59,650
Why do you do that?

10
00:01:00,610 --> 00:01:02,710
How would you make this into a deal?

11
00:01:03,100 --> 00:01:03,840
A reflective.

12
00:01:07,430 --> 00:01:16,100
Solution use ASADA, also known as shellcode refractive the injection by lenders.

13
00:01:19,280 --> 00:01:24,140
He created an idea to set to build as our guy Trojans.

14
00:01:25,820 --> 00:01:28,880
And his work can be read from this link here.

15
00:01:31,340 --> 00:01:40,280
Anatomy of an SRT intrusion, if you only have a dear binary, Vitaly, at school, you can still create

16
00:01:40,700 --> 00:01:44,030
a reflective loading Trojan.

17
00:01:45,300 --> 00:01:55,050
So what you do is you take the gear binary, you add a reflective loader on top and then put in a bootstrap

18
00:01:55,850 --> 00:01:57,050
Hebrew who?

19
00:01:58,540 --> 00:02:07,210
Look, the correct modules during runtime vary and the user data, and it would be used by the Trojan.

20
00:02:09,490 --> 00:02:14,590
So the first step is it would strengthen the current location in memory.

21
00:02:16,690 --> 00:02:19,840
And then the booster will calculate and set up their registers.

22
00:02:21,780 --> 00:02:25,680
The mousetrap will then pass execution to the refractive loader.

23
00:02:27,780 --> 00:02:34,770
The reflective lord over again and back the D.A. distil binary and rematch decisions.

24
00:02:38,070 --> 00:02:43,620
The reflective load would then call the Dhlamini function within the fact, even though.

25
00:02:46,450 --> 00:02:51,580
Makes the reflective lodger who then called the export function.

26
00:02:52,420 --> 00:02:57,760
So this export functions are additional functions, which I spotted by the refracting logo.

27
00:02:58,880 --> 00:03:05,290
So this is the difference between Saudi and different view was reflective.

28
00:03:05,300 --> 00:03:05,720
Loading.

29
00:03:09,040 --> 00:03:15,930
You can also bus your user data to the experts the functions and is also done by the refractive loader,

30
00:03:16,570 --> 00:03:21,970
said user data is found here and it will be passed after the game.

31
00:03:22,240 --> 00:03:25,300
Main function in this body functions executed.

32
00:03:27,790 --> 00:03:35,820
So that is the anatomy and explanation of the I reflect, including Drugeon.

33
00:03:36,340 --> 00:03:37,570
Thank you for watching.