Welcome to Malware Development Advanced (Vol.1) course!
In the previous Intermediate course we covered some of the more advanced offensive security tools (OST) development topics.
This time we will be focusing on extending your payload with additional userland techniques to bury it in the depths of the system. That includes:
ways to hide your payload inside NTFS and registry hive
learning object enumeration alternatives in the system memory
manipulating Process Environment Blocks to hide your module and confuse the potential defender
finding .NET process with RWX memory ready to abuse
detecting new process creation (from userland)
setting up global hooks
learning few userland rootkit techniques to hide your files, registry keys and processes
abusing memory and hardware breakpoints for hooking
hiding payload with Gargoyle and similar techniques
creating custom "RPC" allowing to call any API function with any number of parameters in a remote process
learning COFF objects, how to build, parse, load and execute them in the memory
The course ends with a custom project, employing some of the discussed techniques.
You will receive a virtual machine with complete environment for developing and testing your software, and a set of source code templates which will allow you to focus on understanding the essential mechanisms instead of less important technical aspects of implementation.
COURSE IN A NUTSHELL
You Will Learn How To
Hide payloads in the corners of NTFS and registry
Enumerate processes, modules and handles with alternatives
Find a perfect process for injection
Set up global hooks
Use few userland rootkit techniques
Abuse exception handlers
Hide a payload in a memory
Call any API (with any number of params) in a remote process
Build custom COFF objects
What Will You Get?
Full-blown videos explaining all techniques in detail
Transcription with English subtitles
Text supplements with additional information (code snipets, structure definitions, technology description and context, etc.)
Source code with code templates for rapid development
VM image with ready-to-use development environment
Requirements
Recommended: taking Malware Development Intermediate course
Solid understanding of operating system architecture
Good experience with Windows OS
Computer with min. 4 GB of RAM + 30 GB of free disk space
VirtualBox 7.0+ installed
Strong will to learn and having fun
Target Audience
Ethical Hackers
Penetration Testers
Blue Teamers
Threat Hunters
All security engineers/professionals wanting to learn advanced offensive tactics
