Advanced offensive security tool (OST) development topics for Windows user land only, including: hidden data storage, rootkit techniques, finding privileged objects in system memory, detecting new process creation, generating and handling exceptions, building COFFs and custom RPC-like instrumentation, and more.
Syllabus
Intro and Setup
Filesystem corners
Objects Enumeration in Memory
Global Hooks
Userland Rootkit Tech
Process Environment Block Manipulations
No-patch Hooking
Process Memory Hiding
Custom “RPC”
Common Object File Format
Custom Project
