برچسب: Malware

User mode malware on Windows is ubiquitous and custom user mode implants are used regularly in red-team engagements. Knowledge of the latest malware techniques helps red teamers improve their custom tooling, malware analysts in taking apart malware, and anti-malware solution developers in designing behavioral solutions to detect malicious activity. The common theme amongst all Windows malware and implants is that they abuse the facilities provided by the Windows platform to achieve their objectives. Knowledge of the rich set of Windows APIs, understanding their usage in various stages of an implant, and leveraging them to detect and bypass various defenses in the system is essential for red and blue teamers. This training course takes attendees through a practical journey with a hands-on approach to teach them about the post-exploitation techniques used by PE file-based implants at every stage of their execution. Beneficial to both the offensive and the defensive side of the camp, the knowledge and hands-on experience gained in this training will help attendees with real-world red teaming engagements and in defending against both custom advanced persistent threat (APT) tooling and common-off-the-shelf (COTS) malware. Attendees will learn about how malware and implants interact with the latest version of Windows and how the different stages of malware abuse and exploit various components of Windows OS to achieve their goals and evade defenses.

ادامه مطلب

Advanced offensive security tool (OST) development topics for Windows user land only, including: hidden data storage, rootkit techniques, finding privileged objects in system memory, detecting new process creation, generating and handling exceptions, building COFFs and custom RPC-like instrumentation, and more.

Syllabus

Intro and Setup

Filesystem corners

Objects Enumeration in Memory

Global Hooks

Userland Rootkit Tech

Process Environment Block Manipulations

No-patch Hooking

Process Memory Hiding

Custom “RPC”

Common Object File Format

Custom Project

RED TEAM Operator: Malware Development Advanced

ادامه مطلب

This course builds on what you have learned so far by extending your development capabilities with:
  • playing with Process Environment Blocks and implementing our own function address resolution
  • more advanced code injection techniques
  • understanding how reflective binaries work and building custom reflective DLLs, either with source or binary only
  • in-memory hooking, capturing execution flow to block, monitor or evade functions of interest
  • grasping 32- and 64-bit processing and performing migrations between x86 and x64 processes
  • discussing inter process communication and how to control execution of multiple payloads

The course ends with a combined project, where you will create a custom dropper implementing discussed techniques.

You will receive a virtual machine with complete environment for developing and testing your software, and a set of source code templates which will allow you to focus on understanding the essential mechanisms instead of less important technical aspects of implementation.

Syllabus

Intro and Setup

PE madness

Code Injection

Reflective DLLs

x86 vs x64

Hooking

Payload Control via IPC

Combined Project

RED TEAM Operator: Malware Development Intermediate Course

ادامه مطلب

Are you a pen tester having some experience with Metasploit or Empire frameworks? Or maybe you take your first steps as an ethical hacker and you want to know more about how all these offensive tools work? Or you are a blue teamer or threat hunter who needs to better understand the internal workings of malware? This course will provide you the answers you’re looking for. It will teach you how to develop your own custom offensive security tool (OST) for latest Microsoft Windows 10. And by custom OTA we mean building a dropper for any payload you want (Metasploit meterpreter, Empire or Cobalt Strike beacons, etc.), injecting your shellcodes into remote processes, creating trojan horses (backdooring existing software) and bypassing Windows Defender AV. You will receive a virtual machine with complete environment for developing and testing your software, and a set of source code templates which will allow you to focus on understanding the essential mechanisms instead of less important technical aspects of implementation.

Syllabus

Intro and Setup

Portable Executable

Droppers

Obfuscation and Hiding

Backdoors and Trojans

Code Injection

Extras

Combined Project

RED TEAM Operator: Malware Development Essentials Course

ادامه مطلب

Through OALABS we want to bring you the kind of reverse engineering tutorials that we wished we had when we were first learning to analyze malware. With Patreon we offer access to a wide variety of tutorials and workshops aimed at all skill levels. Our RE101 level tutorials cover important topics like how to setup a malware analysis lab, as well as reverse engineering fundaments like learning assembly, and how to use a debugger. Our RE201 level tutorials cover malware analysis specific topics like how to bypass anti-analysis checks in malware, and how to resolve dynamic imports. Our RE504 level tutorials cover advanced reverse engineering topics like how to bypass software protectors such as Themida, and VMProtect. Patreon also allows us to maintain a set of free publicly available malware analysis tutorials on YouTube as well as weekly malware analysis streams on Twitch.

ادامه مطلب

The Malware On Steroids is the first course which is dedicated to building your own C2 Infrastructure and Payload. There are a lot of courses which focus on exploitation, reversing and other offensive stuff, but none of them focus on how you can build your own Command & Control Infra. This course focuses on a brief introduction towards Windows Internals followed by a full hands-on course on building a Command & Control architecture with different types of Initial Access payloads.

During the course, you will learn the core fundamentals of a Malware Lifecycle such as initial access, in-memory evasions, different types of payload injections including but not limited to reflective DLLs, shellcode injection, COFF injections and more. You will learn to build different types of remote access tools running over different protocols which we will later convert to in-memory modules that can be injected to any process. We will also write dropper and stagers in x64 Assembly, C and different LOLbins which will connect back to our CnC to extract the second stage and load it into memory for execution.

Dark Vortex: Malware on Steroids

ادامه مطلب