FRS401_LAB11_IA1262_LongNN_SE63194.docx - [FRS401_LAB11_IA1262_LongNN_SE63194 LAB 11A CODE FORENSICS AND RANSOMWARE A Microsoft.NET Obfuscation

FRS401_LAB11_IA1262_LongNN_SE63194.docx -...

This preview shows page 1 - 16 out of 16 pages.

[FRS401_LAB11_IA1262_LongNN_SE63194] LAB 11A: CODE FORENSICS AND RANSOMWARE A. Microsoft .NET Obfuscation: - Microsoft .NET does not have inherent protection against the reverse engineering of the code. To prove this, first, create a C# program named simple.cs, with the contents of: - Compile the program, and program and make sure that that it works. From the command prompt you can compile it with:
Image of page 1
- Next, download the reverse engineering package from and prove that you can reverse the code using:
Image of page 2
- Next, run the obfuscator (from 9Rays) with:
Image of page 3
- Create the following C# file and compile it to an EXE:
Image of page 4
- Now obfuscated your EXE with the following options and observe the changes in ILSPY: - ob.exe NT /src=simple.exe
Image of page 5
Image of page 6
Image of page 7
Image of page 8
Image of page 9
Image of page 10
Image of page 11
Image of page 12
Image of page 13
Image of page 14
Image of page 15
Image of page 16

You've reached the end of your free preview.

Want to read all 16 pages?

Unformatted text preview: -ob.exe 9 /src=simple.exe-ob.exe 8 /src=simple.exe B. Ransomware Analysis:-Now, using your Python program, see if you can match the magic number, and then change the file extension, and see if you can view them. LAB 11B: TUNNELLING-Go to your Kali Linux instance on the DMZ. Run Wireshark and capture traffic from your network connection. Start a Web browser, and go to .-Go to your Kali Linux instance, and make a connection to the Web site: openssl s_client -connect the following file, and examine the trace with Wireshark: the following file, and examine the trace with Wireshark: ~H T~ Ế...
View Full Document

  • Fall '15

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern

Stuck? We have tutors online 24/7 who can help you get unstuck.
A+ icon
Ask Expert Tutors You can ask You can ask ( soon) You can ask (will expire )
Answers in as fast as 15 minutes
A+ icon
Ask Expert Tutors