ＨｉｄｅＺｅｒｏＯｎｅ

• playing with Process Environment Blocks and implementing our own function address resolution
• more advanced code injection techniques
• understanding how reflective binaries work and building custom reflective DLLs, either with source or binary only
• in-memory hooking, capturing execution flow to block, monitor or evade functions of interest
• grasping 32- and 64-bit processing and performing migrations between x86 and x64 processes
• discussing inter process communication and how to control execution of multiple payloads

Syllabus

RED TEAM Operator: Malware Development Intermediate Course

Are you a pen tester having some experience with Metasploit or Empire frameworks? Or maybe you take your first steps as an ethical hacker and you want to know more about how all these offensive tools work? Or you are a blue teamer or threat hunter who needs to better understand the internal workings of malware? This course will provide you the answers you’re looking for. It will teach you how to develop your own custom offensive security tool (OST) for latest Microsoft Windows 10. And by custom OTA we mean building a dropper for any payload you want (Metasploit meterpreter, Empire or Cobalt Strike beacons, etc.), injecting your shellcodes into remote processes, creating trojan horses (backdooring existing software) and bypassing Windows Defender AV. You will receive a virtual machine with complete environment for developing and testing your software, and a set of source code templates which will allow you to focus on understanding the essential mechanisms instead of less important technical aspects of implementation.

Syllabus

Intro and Setup

Portable Executable

Droppers

RED TEAM Operator: Malware Development Essentials Course

Through OALABS we want to bring you the kind of reverse engineering tutorials that we wished we had when we were first learning to analyze malware. With Patreon we offer access to a wide variety of tutorials and workshops aimed at all skill levels. Our RE101 level tutorials cover important topics like how to setup a malware analysis lab, as well as reverse engineering fundaments like learning assembly, and how to use a debugger. Our RE201 level tutorials cover malware analysis specific topics like how to bypass anti-analysis checks in malware, and how to resolve dynamic imports. Our RE504 level tutorials cover advanced reverse engineering topics like how to bypass software protectors such as Themida, and VMProtect. Patreon also allows us to maintain a set of free publicly available malware analysis tutorials on YouTube as well as weekly malware analysis streams on Twitch.

You can find a comprehensive list of courses offered by Hackingloops on their website . They offer a wide range of courses on ethical hacking, penetration testing, cyber security, and web penetration testing techniques. You can also download a free guide that will show you step-by-step how to get started and set up your own lab today .

Here is a list of some of the courses offered by Hackingloops:

• Ethical Hacking Course: This course covers the basics of ethical hacking, including information gathering, scanning, enumeration, and vulnerability analysis. It also covers advanced topics such as web application hacking, wireless network hacking, and social engineering.
• Penetration Testing Course: This course covers the basics of penetration testing, including information gathering, scanning, enumeration, and vulnerability analysis. It also covers advanced topics such as web application penetration testing, wireless network penetration testing, and social engineering .
• Cyber Security Course: This course covers the basics of cyber security, including network security, operating system security, and application security. It also covers advanced topics such as cloud security, mobile security, and IoT security .
• Web Penetration Testing Course: This course covers the basics of web penetration testing, including information gathering, scanning, enumeration, and vulnerability analysis. It also covers advanced topics such as web application hacking, web application penetration testing, and web application security .

Hacking Loops

If you are an application security enthusiast, we are sure that you must have wondered what it takes to find security issues in android apps. These android apps handles a huge amount of sensitive user data, perform critical functions and are a big part of day to day life. The security of these apps should be of utmost importance.

This course is designed to teach the skills required for testing android apps for security issues like insecure data storage, insecure communication, deep link exploitation and a lot more. The training apps are provided in the course to practice the learned skills. All the attendees will also be given access to a private slack channel to discuss about any issues, topics etc.

Syllabus

Introduction

Enciphers – Android Application Security

The Red Team & Operational Security course is designed to help the candidates build the capabilities to simulate a modern adversary. This course will take you through the different stages of an Attacker killchain. You will initially learn to build your own Attack Infrastructure Setup in AWS, Azure or GCP using various Open Source and Commercial Command & Control Systems. After configuring the C2, you will learn to hide your C2 with Domain fronting and Redirectors and modifying the C2 Artefacts such as hiding your stage artefacts and identifying Cloud based Sandboxes and learn to build different types of initial access implants in Word, Excel, HTA and MSI using Open Source Tools and building some part of the code in-house in order to avoid EDR and Network-based Detections.

After gaining the initial access, you will be given access to Active Directory Domain Enviornment Lab on the cloud where you will first execute your initial access implant and gain access to a host. From thereon, you will perform different types of local and Active Directory enumeration to further escalate your privileges to an Enterprise Administrator. These attacks will use but not limited to understanding the Active Directory environment, Kerberos, domain enumeration with open source tools, Brute Ratel post exploitation toolkit and LDAP Queries, exploiting domain service misconfigurations such as unconstrained and constrainged delegations, certificate abuse and more.

Dark Vortex: Red Team & Operational Security