{"id":5152,"date":"2017-03-20T19:25:06","date_gmt":"2017-03-20T13:55:06","guid":{"rendered":"https:\/\/cysinfo.com\/?p=5152"},"modified":"2017-03-20T19:29:55","modified_gmt":"2017-03-20T13:59:55","slug":"episode-3-shellcode-analysis-apitracker","status":"publish","type":"post","link":"https:\/\/cysinfo.com\/episode-3-shellcode-analysis-apitracker\/","title":{"rendered":"Episode 3 &#8211; Shellcode Analysis with APITracker"},"content":{"rendered":"<p><iframe loading=\"lazy\" title=\"Episode 3 - Shellcode Analysis with APITracker\" width=\"640\" height=\"480\" src=\"https:\/\/www.youtube.com\/embed\/lqNlAqrh6Fg?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/p>\n<p>Text:<\/p>\n<p>Audience Level: Beginner to Medium.<\/p>\n<p>Few months back we released our new tool APITacker. The idea behind the tool is more mature than the tool itself. Using APITracker we can hook APIs on large scale from DLLs to track the execution of the sample.<\/p>\n<p>APITracker is based on pydbg python debugger. Before we move on to the shellcode analysis lets take a look at the config file of the APITracker.<\/p>\n<p>APITracker:\u00a0<a href=\"https:\/\/cysinfo.com\/apitracker-windows-api-tracing-tool\/\">https:\/\/cysinfo.com\/apitracker-windows-api-tracing-tool\/<\/a><\/p>\n<p>*Error Correction: In video, shellcode is not using any hash based API resolver. The values are basically the ascii values for API names.<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Text: Audience Level: Beginner to Medium. Few months back we released our new tool APITacker. The idea behind the tool is more mature than the tool itself. Using APITracker we can hook APIs on large scale from DLLs to track the execution of the sample. APITracker is based on pydbg python debugger. Before we move [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"footnotes":""},"categories":[56,55],"tags":[87,85,88,74,86,89],"class_list":["post-5152","post","type-post","status-publish","format-standard","hentry","category-articles","category-videos","tag-analysis","tag-apitracker","tag-episode","tag-malware","tag-shellcode","tag-training"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Episode 3 - Shellcode Analysis with APITracker - Cysinfo<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cysinfo.com\/episode-3-shellcode-analysis-apitracker\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Episode 3 - Shellcode Analysis with APITracker - Cysinfo\" \/>\n<meta property=\"og:description\" content=\"Text: Audience Level: Beginner to Medium. Few months back we released our new tool APITacker. The idea behind the tool is more mature than the tool itself. Using APITracker we can hook APIs on large scale from DLLs to track the execution of the sample. APITracker is based on pydbg python debugger. Before we move [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cysinfo.com\/episode-3-shellcode-analysis-apitracker\/\" \/>\n<meta property=\"og:site_name\" content=\"Cysinfo\" \/>\n<meta property=\"article:published_time\" content=\"2017-03-20T13:55:06+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2017-03-20T13:59:55+00:00\" \/>\n<meta name=\"author\" content=\"Amit Malik\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Amit Malik\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/cysinfo.com\\\/episode-3-shellcode-analysis-apitracker\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/cysinfo.com\\\/episode-3-shellcode-analysis-apitracker\\\/\"},\"author\":{\"name\":\"Amit Malik\",\"@id\":\"https:\\\/\\\/cysinfo.com\\\/#\\\/schema\\\/person\\\/8ebe2e835dc297fc90eb86555092faa9\"},\"headline\":\"Episode 3 &#8211; Shellcode Analysis with APITracker\",\"datePublished\":\"2017-03-20T13:55:06+00:00\",\"dateModified\":\"2017-03-20T13:59:55+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/cysinfo.com\\\/episode-3-shellcode-analysis-apitracker\\\/\"},\"wordCount\":121,\"commentCount\":0,\"keywords\":[\"analysis\",\"APITracker\",\"episode\",\"Malware\",\"Shellcode\",\"training\"],\"articleSection\":[\"Articles\",\"Videos\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/cysinfo.com\\\/episode-3-shellcode-analysis-apitracker\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/cysinfo.com\\\/episode-3-shellcode-analysis-apitracker\\\/\",\"url\":\"https:\\\/\\\/cysinfo.com\\\/episode-3-shellcode-analysis-apitracker\\\/\",\"name\":\"Episode 3 - Shellcode Analysis with APITracker - Cysinfo\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/cysinfo.com\\\/#website\"},\"datePublished\":\"2017-03-20T13:55:06+00:00\",\"dateModified\":\"2017-03-20T13:59:55+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/cysinfo.com\\\/#\\\/schema\\\/person\\\/8ebe2e835dc297fc90eb86555092faa9\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/cysinfo.com\\\/episode-3-shellcode-analysis-apitracker\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/cysinfo.com\\\/episode-3-shellcode-analysis-apitracker\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/cysinfo.com\\\/episode-3-shellcode-analysis-apitracker\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/cysinfo.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Episode 3 &#8211; Shellcode Analysis with APITracker\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/cysinfo.com\\\/#website\",\"url\":\"https:\\\/\\\/cysinfo.com\\\/\",\"name\":\"Cysinfo\",\"description\":\"Cyber Security Community\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/cysinfo.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/cysinfo.com\\\/#\\\/schema\\\/person\\\/8ebe2e835dc297fc90eb86555092faa9\",\"name\":\"Amit Malik\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/cysinfo.com\\\/wp-content\\\/litespeed\\\/avatar\\\/ae4f2d74d4bd83e7c248d192326cc397.jpg?ver=1776526712\",\"url\":\"https:\\\/\\\/cysinfo.com\\\/wp-content\\\/litespeed\\\/avatar\\\/ae4f2d74d4bd83e7c248d192326cc397.jpg?ver=1776526712\",\"contentUrl\":\"https:\\\/\\\/cysinfo.com\\\/wp-content\\\/litespeed\\\/avatar\\\/ae4f2d74d4bd83e7c248d192326cc397.jpg?ver=1776526712\",\"caption\":\"Amit Malik\"},\"url\":\"https:\\\/\\\/cysinfo.com\\\/author\\\/amit\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Episode 3 - Shellcode Analysis with APITracker - Cysinfo","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cysinfo.com\/episode-3-shellcode-analysis-apitracker\/","og_locale":"en_US","og_type":"article","og_title":"Episode 3 - Shellcode Analysis with APITracker - Cysinfo","og_description":"Text: Audience Level: Beginner to Medium. Few months back we released our new tool APITacker. The idea behind the tool is more mature than the tool itself. Using APITracker we can hook APIs on large scale from DLLs to track the execution of the sample. APITracker is based on pydbg python debugger. Before we move [&hellip;]","og_url":"https:\/\/cysinfo.com\/episode-3-shellcode-analysis-apitracker\/","og_site_name":"Cysinfo","article_published_time":"2017-03-20T13:55:06+00:00","article_modified_time":"2017-03-20T13:59:55+00:00","author":"Amit Malik","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Amit Malik","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/cysinfo.com\/episode-3-shellcode-analysis-apitracker\/#article","isPartOf":{"@id":"https:\/\/cysinfo.com\/episode-3-shellcode-analysis-apitracker\/"},"author":{"name":"Amit Malik","@id":"https:\/\/cysinfo.com\/#\/schema\/person\/8ebe2e835dc297fc90eb86555092faa9"},"headline":"Episode 3 &#8211; Shellcode Analysis with APITracker","datePublished":"2017-03-20T13:55:06+00:00","dateModified":"2017-03-20T13:59:55+00:00","mainEntityOfPage":{"@id":"https:\/\/cysinfo.com\/episode-3-shellcode-analysis-apitracker\/"},"wordCount":121,"commentCount":0,"keywords":["analysis","APITracker","episode","Malware","Shellcode","training"],"articleSection":["Articles","Videos"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/cysinfo.com\/episode-3-shellcode-analysis-apitracker\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/cysinfo.com\/episode-3-shellcode-analysis-apitracker\/","url":"https:\/\/cysinfo.com\/episode-3-shellcode-analysis-apitracker\/","name":"Episode 3 - Shellcode Analysis with APITracker - Cysinfo","isPartOf":{"@id":"https:\/\/cysinfo.com\/#website"},"datePublished":"2017-03-20T13:55:06+00:00","dateModified":"2017-03-20T13:59:55+00:00","author":{"@id":"https:\/\/cysinfo.com\/#\/schema\/person\/8ebe2e835dc297fc90eb86555092faa9"},"breadcrumb":{"@id":"https:\/\/cysinfo.com\/episode-3-shellcode-analysis-apitracker\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cysinfo.com\/episode-3-shellcode-analysis-apitracker\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/cysinfo.com\/episode-3-shellcode-analysis-apitracker\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cysinfo.com\/"},{"@type":"ListItem","position":2,"name":"Episode 3 &#8211; Shellcode Analysis with APITracker"}]},{"@type":"WebSite","@id":"https:\/\/cysinfo.com\/#website","url":"https:\/\/cysinfo.com\/","name":"Cysinfo","description":"Cyber Security Community","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cysinfo.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/cysinfo.com\/#\/schema\/person\/8ebe2e835dc297fc90eb86555092faa9","name":"Amit Malik","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cysinfo.com\/wp-content\/litespeed\/avatar\/ae4f2d74d4bd83e7c248d192326cc397.jpg?ver=1776526712","url":"https:\/\/cysinfo.com\/wp-content\/litespeed\/avatar\/ae4f2d74d4bd83e7c248d192326cc397.jpg?ver=1776526712","contentUrl":"https:\/\/cysinfo.com\/wp-content\/litespeed\/avatar\/ae4f2d74d4bd83e7c248d192326cc397.jpg?ver=1776526712","caption":"Amit Malik"},"url":"https:\/\/cysinfo.com\/author\/amit\/"}]}},"_links":{"self":[{"href":"https:\/\/cysinfo.com\/wp-json\/wp\/v2\/posts\/5152","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cysinfo.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cysinfo.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cysinfo.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/cysinfo.com\/wp-json\/wp\/v2\/comments?post=5152"}],"version-history":[{"count":3,"href":"https:\/\/cysinfo.com\/wp-json\/wp\/v2\/posts\/5152\/revisions"}],"predecessor-version":[{"id":5155,"href":"https:\/\/cysinfo.com\/wp-json\/wp\/v2\/posts\/5152\/revisions\/5155"}],"wp:attachment":[{"href":"https:\/\/cysinfo.com\/wp-json\/wp\/v2\/media?parent=5152"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cysinfo.com\/wp-json\/wp\/v2\/categories?post=5152"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cysinfo.com\/wp-json\/wp\/v2\/tags?post=5152"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}