English | Size: 18.55 GB
Genre: eLearning
Advanced malware development topics for Windows user land only, including: hidden data storage, rootkit techniques, finding privileged objects in system memory, detecting new process creation, generating and handling exceptions, building COFFs and custom RPC-like instrumentation, and more.
Welcome to Malware Development Advanced (Vol.1) course!
In the previous Intermediate course we covered some of the more advanced malware development topics.
This time we will be focusing on extending your payload with additional userland techniques to bury it in the depths of the system. That includes:
- ways to hide your payload inside NTFS and registry hive
- learning object enumeration alternatives in the system memory
- manipulating Process Environment Blocks to hide your module and confuse the potential defender
- finding .NET process with RWX memory ready to abuse
- detecting new process creation (from userland)
- setting up global hooks
- learning few userland rootkit techniques to hide your files, registry keys and processes
- abusing memory and hardware breakpoints for hooking
- hiding payload with Gargoyle and similar techniques
- creating custom “RPC” allowing to call any API function with any number of parameters in a remote process
- learning COFF objects, how to build, parse, load and execute them in the memory
The course ends with a custom project, employing some of the discussed techniques.
You will receive a virtual machine with complete environmentfor developing and testing your software, and aset of source code templateswhich will allow you to focus on understanding the essential mechanisms instead of less important technical aspects of implementation.
https://tut4sec.com/forum/topic/red-team-operator-malware-development-advanced-vol-1
If any links die or problem unrar, send request to
https://forms.gle/e557HbjJ5vatekDV9
Red-Team-Operator-Malware-Development-Advanced-Vol-1
Leave a Reply