ＨｉｄｅＺｅｒｏＯｎｅ

To achieve maximum stealth and obtain unabated access to the system, rootkits execute in kernel mode. This course focuses on the kernel interfaces (APIs), data structures and mechanisms that are exploited by rootkits to achieve their goals at every stage of their execution. Kernel security enhancements that have been progressively added from Windows 7 to the latest version of Windows are discussed along with some circumvention techniques. This advanced course provides a comprehensive end-to-end view of the modus-operandi of rootkits by taking an in-depth look at behind the scenes working of the Windows kernel and how these mechanisms are exploited by malware through hands-on labs and real-world case studies. Kernel security enhancements that have been progressively added to Windows are discussed along with some circumvention techniques. Attendees will study key techniques used by rootkits to understand the real-world applicability of these concepts for offensive and defensive purposes. This training is beneficial to anyone responsible for developing, detecting, analyzing, and defending against rootkits and other Windows kernel post-exploitation techniques including EPP/EDR software developers, anti-malware engineers, security researchers, red/blue/purple teamers. A special version of this training is also available for malware, rootkit forensics analysts where the focus is not on implementing rootkit functionality but rather on investigating rootkits using tools such as WinDBG and Volatility. This analyst version does not require attendees to have a programming background and contains topics related to rootkit detection and case studies.

User mode malware on Windows is ubiquitous and custom user mode implants are used regularly in red-team engagements. Knowledge of the latest malware techniques helps red teamers improve their custom tooling, malware analysts in taking apart malware, and anti-malware solution developers in designing behavioral solutions to detect malicious activity. The common theme amongst all Windows malware and implants is that they abuse the facilities provided by the Windows platform to achieve their objectives. Knowledge of the rich set of Windows APIs, understanding their usage in various stages of an implant, and leveraging them to detect and bypass various defenses in the system is essential for red and blue teamers. This training course takes attendees through a practical journey with a hands-on approach to teach them about the post-exploitation techniques used by PE file-based implants at every stage of their execution. Beneficial to both the offensive and the defensive side of the camp, the knowledge and hands-on experience gained in this training will help attendees with real-world red teaming engagements and in defending against both custom advanced persistent threat (APT) tooling and common-off-the-shelf (COTS) malware. Attendees will learn about how malware and implants interact with the latest version of Windows and how the different stages of malware abuse and exploit various components of Windows OS to achieve their goals and evade defenses.

This intense course covers the skills required to conduct a simulation of a sophisticated adversary, including the latest tradecraft and offensive tactics. During the training you will gain insight in to planning and conducting a red team operation including all the steps required to perform efficient opensource intelligence, design and automate the deployment of operational infrastructure, gain initial access and perform post-exploitation and lateral movement. You will learn how to bypass defensive controls including anti-virus, EDR, AMSI and application whitelisting that will leave you equipped to target even the most mature environments.

Syllabus

Introduction to red team operations

Active and passive reconnaissance

Infrastructure design concepts

Cobalt Strike and malleable profiles

Initial access techniques

Defensive evasion

Process Injection

Custom Tooling

Host triage

Persistence

Privilege escalation

Pivoting and lateral movement

Exploiting Active Directory

MacOS and Linux

MDSec: Adversary Simulation and Red Team Tactics

Through OALABS we want to bring you the kind of reverse engineering tutorials that we wished we had when we were first learning to analyze malware. With Patreon we offer access to a wide variety of tutorials and workshops aimed at all skill levels. Our RE101 level tutorials cover important topics like how to setup a malware analysis lab, as well as reverse engineering fundaments like learning assembly, and how to use a debugger. Our RE201 level tutorials cover malware analysis specific topics like how to bypass anti-analysis checks in malware, and how to resolve dynamic imports. Our RE504 level tutorials cover advanced reverse engineering topics like how to bypass software protectors such as Themida, and VMProtect. Patreon also allows us to maintain a set of free publicly available malware analysis tutorials on YouTube as well as weekly malware analysis streams on Twitch.

Syllabus

RE101 – Reverse engineering fundaments
RE201- Malware analysis fundamentals
RE504 – Advanced reverse engineering topics

OALABS: Malware Reverse Engineering Training

You can find a comprehensive list of courses offered by Hackingloops on their website . They offer a wide range of courses on ethical hacking, penetration testing, cyber security, and web penetration testing techniques. You can also download a free guide that will show you step-by-step how to get started and set up your own lab today .

Here is a list of some of the courses offered by Hackingloops:

• Ethical Hacking Course: This course covers the basics of ethical hacking, including information gathering, scanning, enumeration, and vulnerability analysis. It also covers advanced topics such as web application hacking, wireless network hacking, and social engineering.
• Penetration Testing Course: This course covers the basics of penetration testing, including information gathering, scanning, enumeration, and vulnerability analysis. It also covers advanced topics such as web application penetration testing, wireless network penetration testing, and social engineering .
• Cyber Security Course: This course covers the basics of cyber security, including network security, operating system security, and application security. It also covers advanced topics such as cloud security, mobile security, and IoT security .
• Web Penetration Testing Course: This course covers the basics of web penetration testing, including information gathering, scanning, enumeration, and vulnerability analysis. It also covers advanced topics such as web application hacking, web application penetration testing, and web application security .

Hacking Loops