Sektor7 - RED TEAM Operator: Malware Development Advanced - Vol.1

• ways to hide your payload inside NTFS and registry hive
  
• learning object enumeration alternatives in the system memory
  
• manipulating Process Environment Blocks to hide your module and confuse the potential defender
  
• finding .NET process with RWX memory ready to abuse
  
• detecting new process creation (from userland)
  
• setting up global hooks
  
• learning few userland rootkit techniques to hide your files, registry keys and processes
  
• abusing memory and hardware breakpoints for hooking
  
• hiding payload with Gargoyle and similar techniques
  
• creating custom "RPC" allowing to call any API function with any number of parameters in a remote process
  
• learning COFF objects, how to build, parse, load and execute them in the memory
  

• Hide payloads in the corners of NTFS and registry
  
• Enumerate processes, modules and handles with alternatives
  
• Find a perfect process for injection
  
• Set up global hooks
  
• Use few userland rootkit techniques
  
• Abuse exception handlers
  
• Hide a payload in a memory
  
• Call any API (with any number of params) in a remote process
  
• Build custom COFF objects
  

• Full-blown videos explaining all techniques in detail
  
• Transcription with English subtitles
  
• Text supplements with additional information (code snipets, structure definitions, technology description and context, etc.)
  
• Source code with code templates for rapid development
  
• VM image with ready-to-use development environment
  

• Recommended: taking Malware Development Intermediate course
• Solid understanding of operating system architecture
• Good experience with Windows OS
• Computer with min. 4 GB of RAM + 30 GB of free disk space
• VirtualBox 7.0+ installed
• Strong will to learn and having fun

• Ethical Hackers
  
• Penetration Testers
  
• Blue Teamers
  
• Threat Hunters
  
• All security engineers/professionals wanting to learn advanced offensive tactics
  

(4 months ago)Sauron Wrote:

Welcome to Malware Development Advanced (Vol.1) course!

In the previous Intermediate course we covered some of the more advanced offensive security tools (OST) development topics.

This time we will be focusing on extending your payload with additional userland techniques to bury it in the depths of the system. That includes:

• ways to hide your payload inside NTFS and registry hive
  
• learning object enumeration alternatives in the system memory
  
• manipulating Process Environment Blocks to hide your module and confuse the potential defender
  
• finding .NET process with RWX memory ready to abuse
  
• detecting new process creation (from userland)
  
• setting up global hooks
  
• learning few userland rootkit techniques to hide your files, registry keys and processes
  
• abusing memory and hardware breakpoints for hooking
  
• hiding payload with Gargoyle and similar techniques
  
• creating custom "RPC" allowing to call any API function with any number of parameters in a remote process
  
• learning COFF objects, how to build, parse, load and execute them in the memory
  

The course ends with a custom project, employing some of the discussed techniques.

You will receive a virtual machine with complete environment for developing and testing your software, and a set of source code templates which will allow you to focus on understanding the essential mechanisms instead of less important technical aspects of implementation.

COURSE IN A NUTSHELLYou Will Learn How To

• Hide payloads in the corners of NTFS and registry
  
• Enumerate processes, modules and handles with alternatives
  
• Find a perfect process for injection
  
• Set up global hooks
  
• Use few userland rootkit techniques
  
• Abuse exception handlers
  
• Hide a payload in a memory
  
• Call any API (with any number of params) in a remote process
  
• Build custom COFF objects
  

What Will You Get?

• Full-blown videos explaining all techniques in detail
  
• Transcription with English subtitles
  
• Text supplements with additional information (code snipets, structure definitions, technology description and context, etc.)
  
• Source code with code templates for rapid development
  
• VM image with ready-to-use development environment
  

Requirements

• Recommended: taking Malware Development Intermediate course
• Solid understanding of operating system architecture
• Good experience with Windows OS
• Computer with min. 4 GB of RAM + 30 GB of free disk space
• VirtualBox 7.0+ installed
• Strong will to learn and having fun

 

Target Audience

• Ethical Hackers
  
• Penetration Testers
  
• Blue Teamers
  
• Threat Hunters
  
• All security engineers/professionals wanting to learn advanced offensive tactics
  

 

(4 months ago)Sauron Wrote:

Welcome to Malware Development Advanced (Vol.1) course!

In the previous Intermediate course we covered some of the more advanced offensive security tools (OST) development topics.

This time we will be focusing on extending your payload with additional userland techniques to bury it in the depths of the system. That includes:

• ways to hide your payload inside NTFS and registry hive
  
• learning object enumeration alternatives in the system memory
  
• manipulating Process Environment Blocks to hide your module and confuse the potential defender
  
• finding .NET process with RWX memory ready to abuse
  
• detecting new process creation (from userland)
  
• setting up global hooks
  
• learning few userland rootkit techniques to hide your files, registry keys and processes
  
• abusing memory and hardware breakpoints for hooking
  
• hiding payload with Gargoyle and similar techniques
  
• creating custom "RPC" allowing to call any API function with any number of parameters in a remote process
  
• learning COFF objects, how to build, parse, load and execute them in the memory
  

The course ends with a custom project, employing some of the discussed techniques.

You will receive a virtual machine with complete environment for developing and testing your software, and a set of source code templates which will allow you to focus on understanding the essential mechanisms instead of less important technical aspects of implementation.

COURSE IN A NUTSHELLYou Will Learn How To

• Hide payloads in the corners of NTFS and registry
  
• Enumerate processes, modules and handles with alternatives
  
• Find a perfect process for injection
  
• Set up global hooks
  
• Use few userland rootkit techniques
  
• Abuse exception handlers
  
• Hide a payload in a memory
  
• Call any API (with any number of params) in a remote process
  
• Build custom COFF objects
  

What Will You Get?

• Full-blown videos explaining all techniques in detail
  
• Transcription with English subtitles
  
• Text supplements with additional information (code snipets, structure definitions, technology description and context, etc.)
  
• Source code with code templates for rapid development
  
• VM image with ready-to-use development environment
  

Requirements

• Recommended: taking Malware Development Intermediate course
• Solid understanding of operating system architecture
• Good experience with Windows OS
• Computer with min. 4 GB of RAM + 30 GB of free disk space
• VirtualBox 7.0+ installed
• Strong will to learn and having fun

 

Target Audience

• Ethical Hackers
  
• Penetration Testers
  
• Blue Teamers
  
• Threat Hunters
  
• All security engineers/professionals wanting to learn advanced offensive tactics