Posts: 22
Threads: 0
Joined: Oct 2024
Posts: 14
Threads: 1
Joined: Aug 2024
Posts: 10
Threads: 0
Joined: Oct 2024
(Jun 01, 2024, 01:26 PM)0neSh0t Wrote: Malware On Steroids
A Malware Development Training Program for Windows
Table of Contents
Day 1
• Course Overview
• Development VM Setup
• Command and Control Architecture
• Malware Lifecycle
• Payload Handling and Stage Architecture
• Windows Internals
• Windows OS architecture
• Process & Thread Internals
• Debugging with Windbg
▪ Process Environment Block
▪ Thread Environment Block
▪ Windows Loader Structure
▪ Introduction and Crash Course to WinDbg
• Windows Memory Protections
• Windows System Programming
• Windows Access Security Tokens
▪ Enumerating Privileges from Tokens
▪ Special Token Privileges
• PE & DLL Structure
• COFF header
• Stephen Fewer’s Reflective DLL Limitations
• Building a Reflective DLL Loader from Scratch
• Building a Custom Injector for Reflective DLL injections from Scratch
• Modifying Reflective DLL’s PE Sections and Memory Allocations to avoid EDR Detections
• Hiding Memory Allocations with DLL/PE Image Spoofing
• Hiding Thread Creation with Instruction Pointer Spoofing
Day 2
• Windows Socket Programming
• Reverse Shells in C
• Bind Shells in C
• Buffer Redirection with Anonymous Pipes
• Named Pipe Lateral Movement
• SpyC2 – Building your own CnC in python3, C and x64 Shellcode
• Adding Features to your C2
• Building A Persistent Synchronous TCP C2
• Building an Asynchronous C2 with HTTP Callbacks
• Building Proxy-Aware Payloads
• Evading Network Detection & Response Tools for your CnC
• C2 Authentication
• Comm Encryption
• Sleep & Jitter
• C2 Round Robins
• URI Handling
• SMB Pivoting
• Payload Logging
• Spoofing Frontend for your CnC Server
• Writing Function Pointer Arrays for Dynamic Command Execution in your C2 Payload
• Malware Functions
• Enumerating Process
• Memory Dumping Techniques
▪ MiniDumpWriteDump
▪ PssCreateSnapshot
• Privilege Enumeration
• Host Enumeration
• Building Pluggable Modules for your Command & Control Server
• Building Reflective Staged Payloads
• Building Reflection Features Inside your Payloads to Load Existing Reflective DLLs as modules.
• Process Injections
• Reflective DLL Injection
• Shellcode Injection
• Remote Threads
• In-Memory File and Section mapping
• Asynchronous Procedure Calls
• Injection Evasion Tactics
• Hiding Memory Artefacts
Day 3
• X64 Shellcoding
• Introduction to x64 Intel Assembly
• Walking PEB and hunting kernel32.dll
• Position Independent Code in C
• Extracting Shellcode from PIC
• In-Memory Object File Execution
• Writing Stage Zero x64 Shellcode and HTTP Stage-Server for Serving Initial Access Payloads
• Writing Excel 4 Macros for Initial Foothold
• Droppers and Stagers
• Initial Access with LOLBins
• MS Build, MWC Executions
• Bit-flipping Signed Executables to Evade Generic EDR detections
• Unhooking and Patching EDR Instructions in Memory with Syscalls to avoid Detections
• Sandbox Evasion & Anti-debugging Techniques
• Code Obfuscation
• Dynamic Library Calls
• Obfuscation shellcode and DLL calls
• Encrypting Your Payloads with RC4 Encryption
• AMSI Evasion
• Named Pipe Executions
• Building your own PS Exec in C
• OPSEC Considerations
Download Link:
Thank you very much thank you. Thank you
Posts: 9
Threads: 0
Joined: Oct 2024
Posts: 8
Threads: 0
Joined: Oct 2024
Oct 17, 2024, 06:00 PM
(This post was last modified: Oct 17, 2024, 06:01 PM by GrainPom.)
ummm already fast posts?? thanks? i guess you learn something new everyday
Posts: 41
Threads: 2
Joined: Sep 2024
thanks for sharing brother
Posts: 9
Threads: 0
Joined: Oct 2024
Nice job! ?
I really do appreciate this.
Posts: 104
Threads: 4
Joined: Oct 2023
Interesting course, thanks a lot
Posts: 36
Threads: 1
Joined: Jun 2023
(Jun 01, 2024, 01:26 PM)0neSh0t Wrote: Malware On Steroids
A Malware Development Training Program for Windows
Table of Contents
Day 1
• Course Overview
• Development VM Setup
• Command and Control Architecture
• Malware Lifecycle
• Payload Handling and Stage Architecture
• Windows Internals
• Windows OS architecture
• Process & Thread Internals
• Debugging with Windbg
▪ Process Environment Block
▪ Thread Environment Block
▪ Windows Loader Structure
▪ Introduction and Crash Course to WinDbg
• Windows Memory Protections
• Windows System Programming
• Windows Access Security Tokens
▪ Enumerating Privileges from Tokens
▪ Special Token Privileges
• PE & DLL Structure
• COFF header
• Stephen Fewer’s Reflective DLL Limitations
• Building a Reflective DLL Loader from Scratch
• Building a Custom Injector for Reflective DLL injections from Scratch
• Modifying Reflective DLL’s PE Sections and Memory Allocations to avoid EDR Detections
• Hiding Memory Allocations with DLL/PE Image Spoofing
• Hiding Thread Creation with Instruction Pointer Spoofing
Day 2
• Windows Socket Programming
• Reverse Shells in C
• Bind Shells in C
• Buffer Redirection with Anonymous Pipes
• Named Pipe Lateral Movement
• SpyC2 – Building your own CnC in python3, C and x64 Shellcode
• Adding Features to your C2
• Building A Persistent Synchronous TCP C2
• Building an Asynchronous C2 with HTTP Callbacks
• Building Proxy-Aware Payloads
• Evading Network Detection & Response Tools for your CnC
• C2 Authentication
• Comm Encryption
• Sleep & Jitter
• C2 Round Robins
• URI Handling
• SMB Pivoting
• Payload Logging
• Spoofing Frontend for your CnC Server
• Writing Function Pointer Arrays for Dynamic Command Execution in your C2 Payload
• Malware Functions
• Enumerating Process
• Memory Dumping Techniques
▪ MiniDumpWriteDump
▪ PssCreateSnapshot
• Privilege Enumeration
• Host Enumeration
• Building Pluggable Modules for your Command & Control Server
• Building Reflective Staged Payloads
• Building Reflection Features Inside your Payloads to Load Existing Reflective DLLs as modules.
• Process Injections
• Reflective DLL Injection
• Shellcode Injection
• Remote Threads
• In-Memory File and Section mapping
• Asynchronous Procedure Calls
• Injection Evasion Tactics
• Hiding Memory Artefacts
Day 3
• X64 Shellcoding
• Introduction to x64 Intel Assembly
• Walking PEB and hunting kernel32.dll
• Position Independent Code in C
• Extracting Shellcode from PIC
• In-Memory Object File Execution
• Writing Stage Zero x64 Shellcode and HTTP Stage-Server for Serving Initial Access Payloads
• Writing Excel 4 Macros for Initial Foothold
• Droppers and Stagers
• Initial Access with LOLBins
• MS Build, MWC Executions
• Bit-flipping Signed Executables to Evade Generic EDR detections
• Unhooking and Patching EDR Instructions in Memory with Syscalls to avoid Detections
• Sandbox Evasion & Anti-debugging Techniques
• Code Obfuscation
• Dynamic Library Calls
• Obfuscation shellcode and DLL calls
• Encrypting Your Payloads with RC4 Encryption
• AMSI Evasion
• Named Pipe Executions
• Building your own PS Exec in C
• OPSEC Considerations
Download Link:
Thanks dude well try
[url=https://breachforums.bf/private.php?action=send&uid=187811][/url]
Posts: 5
Threads: 0
Joined: Oct 2024
crazyt bump like I neeeed to learn this
|
