For premium & lifetime users
| Exploiting EDR for evasion | Thread enumeration via syscall | Custom WinAPI functions | Introduction to MASM assembly |
| Binary metadata modification | More C fundamentals |
The main course syllabus is shown below
| Introduction to the Windows OS | WinAPIs & PE File Format (x7) | AV Detection mechanisms | Brute forcing key decryption |
| Payload placement (x3) | Payload encryption (x3) | Payload obfuscation (x4) | Custom-built tools demonstration |
| Local payload execution | Remote payload execution | Payload staging | Utilizing NtCreateUserProcess |
| Malware binary signing | Process enumeration (x2) | Thread hijacking (x4) | Block DLL policy |
| Local APC injection | Remote APC injection | Payload execution via callbacks | Indirect syscalls |
| Local mapping injection | Remote mapping injection | Local function stomping | Introduction to EDRs |
| Remote function stomping | Controlling payload execution | PPID spoofing | Hell's Gate Update |
| Command line argument spoofing (x2) | Remote payload execution | Payload staging | Hell's Gate |
| Parsing PE headers | String hashing & obfuscation | IAT obfuscation (x4) | NTDLL unhooking (x5) |
| API hooking (x5) | Syscalls (x4) | Reimplementing injection via syscalls (x3) | Building a loader |
| Anti-debugging methods (x2) | Anti-virtualization methods (x3) | File entropy reduction | CRT library removal |
| Malware compiling |