Advanced offensive security tool (OST) development topics for Windows user land only, including: hidden data storage, rootkit techniques, finding privileged objects in system memory, detecting new process creation, generating and handling exceptions, building COFFs and custom RPC-like instrumentation, and more.
Syllabus
- Intro and Setup
- Filesystem corners
- Objects Enumeration in Memory
- Global Hooks
- Userland Rootkit Tech
- Process Environment Block Manipulations
- No-patch Hooking
- Process Memory Hiding
- Custom RPC
- Common Object File Format
- Custom Project
