ＨｉｄｅＺｅｒｏＯｎｅ

The RED TEAM Operator: Malware Development Advanced – Vol. 2 is an in-depth, hands-on course focused on advanced Windows kernel malware development techniques, expanding on the concepts from Vol. 1. Over 42 video lessons, learners explore topics such as direct kernel object manipulation (DKOM), privilege escalation via token manipulation, kernel-level process protection, ETW tampering, and removing kernel callbacks, as well as identifying and bypassing vulnerable driver blocklists. The program includes a ready-to-use VM image, complete source code templates, transcripts, and supplementary materials, all accessible for 365 days. Designed for skilled C/C++ programmers with solid Windows and OS architecture knowledge, this course is ideal for ethical hackers, red and blue team professionals, and security researchers aiming to master advanced offensive techniques at the kernel level.

Let’s make it short. You’re interested in Windows security, right? Otherwise you wouldn’t be here. You are either led by natural curiosity of security researcher or doing penetration testing professionally, or both. And maybe you need to get better understanding of how privilege escalation works in Microsoft environments. So here’s what’s in the course. It is indeed about escalating privileges in Windows. But it’s not only about getting SYSTEM, as there are other shades of that tactic. From the course you’ll learn about becoming another user, breaking out from Medium to High Integrity Level, or from High to System, and abusing privileges assigned to your access token to get more powers on the box. You will get access to a complete testing environment with many misconfigurations and vulnerable services plus code templates with full building toolchain. As we usually do in SEKTOR7 it’s a ready-to-use package prepared for any student who’s willing to take some time and experiment and learn new things. So if you’re still interested, get on board, relax and take a great journey through the world of Windows security.

Real threat actors utilize various Tactics, Techniques and Procedures (aka TTPs). One of the tactic is Persistence – a way to survive a breached machine restart and preserve access to a target environment. There is a lot of focus on what methods adversaries use to exploit a particular vulnerability or how their C2 channels and infrastructure look like. Less often you find discussions about persistence. This course is aiming to change that. You will learn almost 30 different persistence techniques working on Windows 10. Most of them were used by nation-state threat actors, like EquationGroup, Turla, APT29, ProjectSauron or malware, including Flame or Stuxnet. As usual you will get not only full explanation of each technique with examples, but also a working code templates (written in C) and a complete development environment you can experiment with.

In the modern enterprise Windows  environment we often encounter lots of obstacles, which try to detect and stop our sneaky tools and techniques. Endpoint protection agents (AV, IDS/IPS, EDR, etc.) are getting better and better at this, so this requires an extended effort in finding a way into the system and staying undetected during post-exploitation activities. This course will guide you though modern detection technology and teach how you can try to avoid it. This means understanding how the technology works and developing certain capabilities to stay under the radar. You will receive a virtual machine with complete environment for developing and testing your software, and a set of source code templates which will allow you to focus on understanding the essential mechanisms instead of less important technical aspects of implementation.

Advanced offensive security tool (OST) development topics for Windows user land only, including: hidden data storage, rootkit techniques, finding privileged objects in system memory, detecting new process creation, generating and handling exceptions, building COFFs and custom RPC-like instrumentation, and more.

• playing with Process Environment Blocks and implementing our own function address resolution
• more advanced code injection techniques
• understanding how reflective binaries work and building custom reflective DLLs, either with source or binary only
• in-memory hooking, capturing execution flow to block, monitor or evade functions of interest
• grasping 32- and 64-bit processing and performing migrations between x86 and x64 processes
• discussing inter process communication and how to control execution of multiple payloads