For premium & lifetime users
Exploiting EDR for evasion | Thread enumeration via syscall | Custom WinAPI functions | Introduction to MASM assembly |
Binary metadata modification | More C fundamentals |
The main course syllabus is shown below
Introduction to the Windows OS | WinAPIs & PE File Format (x7) | AV Detection mechanisms | Brute forcing key decryption |
Payload placement (x3) | Payload encryption (x3) | Payload obfuscation (x4) | Custom-built tools demonstration |
Local payload execution | Remote payload execution | Payload staging | Utilizing NtCreateUserProcess |
Malware binary signing | Process enumeration (x2) | Thread hijacking (x4) | Block DLL policy |
Local APC injection | Remote APC injection | Payload execution via callbacks | Indirect syscalls |
Local mapping injection | Remote mapping injection | Local function stomping | Introduction to EDRs |
Remote function stomping | Controlling payload execution | PPID spoofing | Hell's Gate Update |
Command line argument spoofing (x2) | Remote payload execution | Payload staging | Hell's Gate |
Parsing PE headers | String hashing & obfuscation | IAT obfuscation (x4) | NTDLL unhooking (x5) |
API hooking (x5) | Syscalls (x4) | Reimplementing injection via syscalls (x3) | Building a loader |
Anti-debugging methods (x2) | Anti-virtualization methods (x3) | File entropy reduction | CRT library removal |
Malware compiling |