This course builds on what you have learned so far by extending your development capabilities with:
- playing with Process Environment Blocks and implementing our own function address resolution
- more advanced code injection techniques
- understanding how reflective binaries work and building custom reflective DLLs, either with source or binary only
- in-memory hooking, capturing execution flow to block, monitor or evade functions of interest
- grasping 32- and 64-bit processing and performing migrations between x86 and x64 processes
- discussing inter process communication and how to control execution of multiple payloads
The course ends with a combined project, where you will create a custom dropper implementing discussed techniques.
You will receive a virtual machine with complete environment for developing and testing your software, and a set of source code templates which will allow you to focus on understanding the essential mechanisms instead of less important technical aspects of implementation.
Syllabus
Intro and Setup
PE madness
Code Injection
Reflective DLLs
x86 vs x64
Hooking
Payload Control via IPC
Combined Project
نظرات کاربران
Comments: 0