MALWARE

1. Модуль приветствия

2. Введение в разработку вредоносных программ

3. Необходимые инструменты

4. Основы кодирования

5. Архитектура Windows

6. Управление памятью в Windows

7. Введение в Windows API

8. Переносимый исполняемый формат

9. Динамические библиотеки

10. Механизмы обнаружения

11. Процессы Windows

12. Недокументированные структуры

13. Размещение полезной нагрузки - секции .data & .rdata

14. Размещение полезной нагрузки - секция .text

15. Размещение полезной нагрузки - секция .rsrc

16. Введение в шифрование полезной нагрузки

17. Payload Encryption - XOR

18. Payload Encryption - RC4

19. Payload Encryption - AES Encryption

20. Evading Microsoft Defender Static Analysis

21. Payload Obfuscation - IPv4/IPv6Fuscation

22. Payload Obfuscation - MACFucscation

23. Payload Obfuscation - UUIDFuscation

24. Maldev Academy Tool - HellShell

25. Maldev Academy Tool - MiniShell

26. Local Payload Execution - DLL

27. Local Payload Execution - Shellcode

28. Process Injection - DLL Injection

29. Process Injection - Shellcode Injection

30. Payload Staging - Web Server

31. Payload Staging - Windows Registry

32. Malware Binary Signing

33. Process Enumeration - EnumProcesses

34. Process Enumeration - NtQuerySystemInformation

35. Thread Hijacking - Local Thread Creation

36. Thread Hijacking - Remote Thread Creation

37. Thread Hijacking - Local Thread Enumeration

38. Thread Hijacking - Remote Thread Enumeration

39. APC Injection

40. Early Bird APC Injection

41. Callback Code Execution

42. Local Mapping Injection

43. Remote Mapping Injection

44. Local Function Stomping Injection

45. Remote Function Stomping Injection

46. Payload Execution Control

47. Spoofing PPID

48. Process Argument Spoofing (1)

49. Process Argument Spoofing (2)

50. Parsing PE Headers

51. String Hashing

52. IAT Hiding & Obfuscation - Introduction

53. IAT Hiding & Obfuscation - Custom GetProcAddress

54. IAT Hiding & Obfuscation - Custom GetModuleHandle

55. IAT Hiding & Obfuscation - API Hashing

56. IAT Hiding & Obfuscation - Custom Pseudo Handles

57. IAT Hiding & Obfuscation - Compile Time API Hashing

58. API Hooking - Introduction

59. API Hooking - Detours Library

60. API Hooking - Minhook Library

61. API Hooking - Custom Code

62. API Hooking - Using Windows APIs

63. Syscalls - Introduction

64. Syscalls - Userland Hooking

65. Syscalls - SysWhispers

66. Syscalls - Hell's Gate

67. Syscalls - Reimplementing Classic Injection

68. Syscalls - Reimplementing Mapping Injection

69. Syscalls - Reimplementing APC Injection

70. Anti-Analysis - Introduction

71. Anti-Debugging - Multiple Techniques

72. Anti-Debugging - Self-Deletion

73. Anti-Virtual Environments - Multiple Techniques

74. Anti-Virtual Environments - Multiple Delay Execution Techniques

75. Anti-Virtual Environments - API Hammering

76. Binary Entropy Reduction

77. Brute Force Decryption

78. MalDev Academy Tool - KeyGuard

79. CRT Library Removal & Malware Compiling

80. IAT Camouflage

81. Bypassing AVs

82. Introduction To EDRs

83. NTDLL Unhooking - Introduction

84. NTDLL Unhooking - From Disk

85. NTDLL Unhooking - From KnownDlls Directory

86. NTDLL Unhooking - From a Suspended Process

87. NTDLL Unhooking - From a Web Server

88. Updating Hell's Gate

89. Indirect Syscalls - HellsHall

90. Block DLL Policy

91. Diving Into NtCreateUserProcess