More advanced malware development techniques in Windows, including: API hooking, 32-/64-bit migrations, reflective binaries and more.
Contents
Intro and Setup
Course Introduction
Development VM Setup
RTO-MalDev2.ova
RTO-MDI.zip
PE madness
Revisiting PE file format
Walking through Export Address Table
Dancing with IAT
GetProcAddress/GetModuleHandle implementations
PE with no imports
Assignment
Code Injection
Classic Injection Variations
Thread Context
Sections & Views
Asynchronous Procedure Calls
EarlyBird
Assignment
Reflective DLLs
Reflective Injection Explained
ReflectiveLoader source review
Implanting RDI in source code
Shellcode RDI
Assignment
x86 vs x64
WoW64 and Heaven's Gate
Migrating between 32-bit & 64-bit processes
Hooking
API Hooking intro
Hooking with Detours
IAT hooks
In-line patching
Assignment
Payload Control via IPC
MultiPayload Control
Combined Project
Project Design
VCsniff
VCmigrate
VCpersist
Assignment #1
Assignment #2
Assignment #3
Summary
Closing words
Watch Online Or Download:-
[Hidden content]