In this stream we looked at the new features from Binary Ninja Sidekick 2.0 and reverse engineered the DoNex ransomware with Binary Ninja.

Training: https://training.invokere.com/course/...
Notes: https://github.com/Invoke-RE/stream-n...
Twitch:   / invokereversing  
Twitter:   / invokereversing  
Mastodon: https://infosec.exchange/@invokerever...

0:00 Introduction
2:45 Reversing Donex and Sidekick Indexing with Workbench
16:13 AI Replacing Reverse Engineering Discussion
20:12 Exploring Sidekick Donex Crypto Functions Discovered
34:20 Answering Questions
40:34 Continuing Donex Reversing
43:17 Crypto Library Identification
45:17 Decrypting & Exploring Ransomware Configuration
56:22 Continuing Donex Reversing
1:00:36 Identifying Symmetric Encryption
1:05:32 Command Execution Functionality
1:07:32 Symmetric Key Generation
1:09:59 Icon for Encrypted Files & Base64 Identification
1:12:11 Multi-Threaded Encryption
1:18:21 Service Termination
1:20:09 Drive Enumeration
1:22:06 Network Share Enumeration
1:24:34 Anti-Forensics and Event Log Deletion
1:29:37 Process Termination and Restart Functionality
1:30:49 Wrap-Up