Syllabus

  1. Update 9

    Coming Soon

    For premium & lifetime users

    Ghost process injection Herpaderping process injection Transacted hollowing Ghostly hollowing
    Herpaderply hollowing

  2. Update 8

    Coming Soon

    For premium & lifetime users

    Threadless injection Module stomping Module overloading Process hollowing

  3. Update 7

    Latest

    For premium & lifetime users

    TLS callbacks for anti-debugging Utilizing fibers for payload execution Malware directory placement

  4. Update 6

    For premium & lifetime users

    Local PE Execution Reflective DLL Injection PeFluctuation Building a PE Packer

  5. Update 5

    For premium & lifetime users

    Introduction to Havoc C&C Building an evasive DLL payload loader Introduction to DLL sideloading Practical DLL sideloading example
    DLL sideloading for EDR evasion Bring your own vulnerable driver (BYOVD)

  6. Update 4

    For premium & lifetime users

    Introduction to AMSI AMSI Bypass - Byte patching Patchless AMSI bypass via hardware breakpoints Building a DRM-equipped malware

  7. Update 3

    For premium & lifetime users

    Introduction to ETW ETW - Discovering ETW tools ETW Bypass - Byte patching ETW Bypass - Improved patching
    Patchless ETW bypass via hardware breakpoints ETW provider session hijacking

  8. Update 2

    For premium & lifetime users

    Utilizing hardware breakpoints for hooking (1) Utilizing hardware breakpoints for hooking (2) Utilizing hardware breakpoints for credential dumping Evasion with file bloating
    Bring your own protocol handler Bring your own file extension

  9. Update 1

    For premium & lifetime users

    Exploiting EDR for evasion Thread enumeration via syscall Custom WinAPI functions Introduction to MASM assembly
    Binary metadata modification More C fundamentals

  10. Maldev Academy Launch

    The main course syllabus is shown below

    Introduction to the Windows OS WinAPIs & PE File Format (x7) AV Detection mechanisms Brute forcing key decryption
    Payload placement (x3) Payload encryption (x3) Payload obfuscation (x4) Custom-built tools demonstration
    Local payload execution Remote payload execution Payload staging Utilizing NtCreateUserProcess
    Malware binary signing Process enumeration (x2) Thread hijacking (x4) Block DLL policy
    Local APC injection Remote APC injection Payload execution via callbacks Indirect syscalls
    Local mapping injection Remote mapping injection Local function stomping Introduction to EDRs
    Remote function stomping Controlling payload execution PPID spoofing Hell's Gate Update
    Command line argument spoofing (x2) Remote payload execution Payload staging Hell's Gate
    Parsing PE headers String hashing & obfuscation IAT obfuscation (x4) NTDLL unhooking (x5)
    API hooking (x5) Syscalls (x4) Reimplementing injection via syscalls (x3) Building a loader
    Anti-debugging methods (x2) Anti-virtualization methods (x3) File entropy reduction CRT library removal
    Malware compiling