OUR SPEAKERS

speaker_badge_banner_red.png
Share on:
Asset 14icon.png
Asset 39icon.png
Asset 12icon.png

Oryan De Paz is a low-level researcher & developer in Symantec’s Breach Prevention Group. In her daily job, she works on protecting Active Directory by manipulating various internal mechanisms in the operating system.
She is passionate about the internals of Windows, reverse engineering, and solving puzzles, which makes security research her dream job.
In her free time, she likes to bake, travel, spend time with her dog Alice, and is always up for learning new things.

Oryan De Paz

Low-Level Researcher & Developer, Symantec - A Division of Broadcom
Asset 12icon.png
Asset 1TWITTER.png
Asset 39icon.png
Asset 17icon.png
linkedin.png
twitter.png
facebook.png
github.png
Hebrew, English
Languages:
Location:
Rishon Lezion, Israel
Asset 7TWITTER.png
Can also give an online talk/webinar
Paid only. Contact speaker for pricing!

MY TALKS

Find Me if You Can! How to Locate a DLL’s Unexported Functions

Security / Privacy

Asset 12SLIDES.png
Asset 21talk.png
Asset 11SLIDES.png

In order to avoid detection by users, operating systems, or AVs, malware often uses unexported functions. Since these functions are internal, one can’t locate them using trivial ways, like WinAPI functions, and attackers are required to think outside of the box in order to find the hidden gems inside the box.
In this talk, I’ll share my journey searching for ways to locate these functions in memory, in runtime, using tools like IDA and IDAPython scripts. I’ll show what worked, what didn’t work, and how I overcame the challenge of compatibility between Windows versions.

Asset 1icon.png

Find Me if You Can! How to Locate a DLL’s Unexported Functions

Completed

true

Visible

true

Order

5

Go to lecture page