Analyzing Runtime Linking | Strings & Imports | Lesson 6

In this final video of the series, we tie together everything we’ve learned about strings and imports by looking at what happens when they are intentionally removed. We are closing out this workshop with a look at runtime linking—the fundamental level of evasion. In this series finale, we cover: - Bypassing the Linker: How to manually resolve functions at runtime so they no longer appear in the program's Import Table. - The Role of LoadLibrary & GetProcAddress: Using these two core APIs to dynamically load DLLs like shell32 and urlmon only when needed. - Stacking Obfuscation: Combining XOR-encrypted strings with runtime linking to hide both the 'what' (strings) and the 'how' (capabilities). - Triage Impact: Using dumpbin and FLOSS to confirm that while the primary functionality appears missing, the 'decoded strings' section still reveals the author's hidden intent. - The Path Forward: Understanding that while this is a basic approach, it is the foundation for advanced protection seen in everything from malware to high-end gaming software. Join this channel to get access to perks: https://www.youtube.com/channel/UCI8zwug_Lv4_-KPT62oeDUA/join Cybersecurity, reverse engineering, malware analysis and ethical hacking content! 🎓 Courses on Pluralsight 👉🏻 https://www.pluralsight.com/authors/josh-stroschein 🌶️ YouTube 👉🏻 Like, Comment & Subscribe! 🙏🏻 Support my work 👉🏻 https://patreon.com/JoshStroschein 🌎 Follow me 👉🏻 https://twitter.com/jstrosch, https://www.linkedin.com/in/joshstroschein/ ⚙️ Tinker with me on Github 👉🏻 https://github.com/jstrosch 🤝 Join the Discord community and more 👉🏻 https://www.thecyberyeti.com