Reversing WannaCry Part 1 - Finding the killswitch and unpacking the malware in #Ghidra

Part 2 is out! https://www.youtube.com/watch?v=Q90uZS3taG0 In this first video of the "Reversing WannaCry" series we will look at the infamous killswitch and the installation and unpacking procedure of WannaCry. Twitter: https://twitter.com/ghidraninja Links: - Interview with MalwareTech: https://soundcloud.com/arrow-bandwidth/s3-episode-11-wannacry-interview-with-malware-tech-at-infosec-europe-2017 - MalwareTech's blogpost about the killswitch: https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html Further reading - Wikipedia: https://en.wikipedia.org/wiki/WannaCry_ransomware_attack - LogRhythm Analysis: https://logrhythm.com/blog/a-technical-analysis-of-wannacry-ransomware/ - Secureworks Analysis: https://www.secureworks.com/research/wcry-ransomware-analysis