RED TEAM Operator: Malware Development Intermediate Course
Buy now
Learn more
Intro and Setup
Course Introduction
Development VM Setup
RTO-MalDev2.ova
RTO-MDI.zip
RTO-MDI-encrypted.zip
Shellcodes
PE madness
Revisiting PE file format
Walking through Export Address Table
Dancing with IAT
GetProcAddress/GetModuleHandle implementations
PE with no imports
Assignment
Code Injection
Classic Injection Variations
Thread Context
Sections & Views
Asynchronous Procedure Calls
EarlyBird
Assignment
Reflective DLLs
Reflective Injection Explained
ReflectiveLoader source review
Implanting RDI in source code
Shellcode RDI
Assignment
x86 vs x64
WoW64 and Heaven's Gate
Migrating between 32-bit & 64-bit processes
Hooking
API Hooking intro
Hooking with Detours
IAT hooks
In-line patching
Assignment
Payload Control via IPC
MultiPayload Control
Combined Project
Project Design
VCsniff
VCmigrate
VCpersist
Assignment #1
Assignment #2
Assignment #3
Summary
Closing words
Products
Course
Section
Code Injection
Code Injection
RED TEAM Operator: Malware Development Intermediate Course
Buy now
Learn more
Intro and Setup
Course Introduction
Development VM Setup
RTO-MalDev2.ova
RTO-MDI.zip
RTO-MDI-encrypted.zip
Shellcodes
PE madness
Revisiting PE file format
Walking through Export Address Table
Dancing with IAT
GetProcAddress/GetModuleHandle implementations
PE with no imports
Assignment
Code Injection
Classic Injection Variations
Thread Context
Sections & Views
Asynchronous Procedure Calls
EarlyBird
Assignment
Reflective DLLs
Reflective Injection Explained
ReflectiveLoader source review
Implanting RDI in source code
Shellcode RDI
Assignment
x86 vs x64
WoW64 and Heaven's Gate
Migrating between 32-bit & 64-bit processes
Hooking
API Hooking intro
Hooking with Detours
IAT hooks
In-line patching
Assignment
Payload Control via IPC
MultiPayload Control
Combined Project
Project Design
VCsniff
VCmigrate
VCpersist
Assignment #1
Assignment #2
Assignment #3
Summary
Closing words
6 Lessons
Classic Injection Variations
Thread Context
Sections & Views
Asynchronous Procedure Calls
EarlyBird
Assignment