MALDEV1 (Malware Development 1: The Basics)
Description
Many malware analysts perform reverse engineering on malware without knowing the why’s. They only know the how’s. To fill that knowledge gap, I have created this course.
You will learn first-hand from a Malware Developers’ perspective what windows API functions are commonly used in malware and finally understand why you need to trace them when reversing malware.
Learning Methodology:
Build programs that simulate Windows Trojans and Reverse Engineer them.
This will make you a better Reverse Engineer and Malware Analyst and also Penetration Tester.
The best way to understand malware is to be a Malware Developer.
Features:
Every topic will contain two parts: programming and reversing.
In the programming parts we will be writing programs that simulate trojan behavior by using API functions typically found in malware.
Then, in the reversing part, we take the programs that we wrote and perform reverse engineering on it
In this way, you will, for the first time, really understand why malware analyst do what they do when reversing a piece of malware
Q & A discussion forum with instructor
Entire course (including videos) can be downloaded
What you will learn:
How to compile and build executables and dynamic link libraries (DLL)
Windows API used in Malware
Creating shellcode using Metasploit on Kali Linux
Hiding shellcode payload in executable files
How to analyze and inspect memory of a running malware
Injecting Shellcode into running processes
Creating Remote Threads
Encryption of Payloads and Function Call String Parameters
Obfuscation of Function Calls
Malware Stealth Strategies
Encoding of Payloads
Trojan Development Life Cycle
How Anti Virus works under the hood
Using Yara to study malware signatures
Anti Virus Evasion Techniques
Dynamic Runtime API Loading
and more
We will be using free tools in this course, including Oracle Virtual Box and Flare-VM and the Community Edition of Microsoft Visual Studio 2019 C++. We will also install Kali Linux in the Virtual Box for learning how to use Metasploit to generate windows shellcode. Everything is highly practical. No boring theory or lectures. More like walk-throughs which you can replicate and follow along.
By the end of this course, you will have the basic skills to better understand how Malware works from the programmers’ point of view. This knowledge and skills are suitable for those aspiring to be Red Teamers.
Also, having practical knowledge of malware development will give you a better understanding of how to reverse engineer malware. For example, when reversing and analyzing a trojan, we usually put breakpoints of dangerous API functions calls – but don’t know why we do it. Now, in this course, I will show you the reasons for it. By the end of this course, you would have gained a solid foundation for understanding why and how malware reverse engineering works.
Suitable for:
Reverse Engineering and Malware Analysis Students
Programmers who want to know how Malware is created
Students planning on entering Malware Analysis and Reverse Engineering, or Penetration Testers as a Career Path
Penetration Testers and Ethical Hackers
Prerequisite:
Windows PC
Basic C Language
Basic Linux commands
Who this course is for:
Reverse Engineering and Malware Analysis Students
Programmers who want to know how Malware is created
Students planning on entering Malware Analysis and Reverse Engineering or Penetration Testers as a Career Path
Penetration Testers and Ethical Hackers
Requirements
Windows PC
Basic C Language
Basic Linux commands
MALDEV2 (Malware Development 2: Advanced Injection and API Hooking)
This course is about more advanced techniques in Malware Development. This course builds on what you have learned in Malware Development and Reverse Engineering 1: The Basics, by extending your development skills with:
- advanced function obfuscation by implementing customized API calls
- more advanced code injection techniques
- advanced DLL injection techniques
- understanding how reflective binaries work and building custom reflective DLLs
- hijacking and camouflaging trojan shellcodes inside legitimate running processes
- memory hooking to subvert the normal flow of a running process
- exploiting the vulnerability in 32- and 64-bit process migrations
- hooking the Import AddressTables (IAT) to replace it with your own functions
- using inter process communication to control execution of multiple trojan processes
- hooking API calls and replacing them with your own customized function
- implementing DLL injection and API hooking to sniff and capture disk encryption passwords
- advanced AV evasion and obfuscation techniques
- and more...
You will learn first-hand from a Malware Developers’ perspective what windows API functions are commonly used in malware and finally have a deeper understanding of malware so that you will have enhanced skills when doing malware analysis later.
Learning Methodology:
- Build programs that simulate Windows Trojans and Reverse Engineer them.
- This will make you a better Reverse Engineer and Malware Analyst and also Penetration Tester.
- The best way to understand malware is to be a Malware Developer.
Features:
- Some topics will contain two parts: programming and reversing.
- In the programming parts we will be writing programs that simulate trojan behavior by using API functions typically found in malware.
- In the final section, there will be a Lab Project, where you will combine all the knowledge you learn to create a trojan that can survive a reboot and sniff for a disk encryption password and capture it to a file.
- Q & A discussion forum with instructor
- Entire course (including videos) can be downloaded
Everything is highly practical. No boring theory or lectures. More like walk-throughs which you can replicate and follow along.
By the end of this course, you will have the basic skills to better understand how Malware works from the programmers' point of view. This knowledge and skills are suitable for those aspiring to be Red Teamers. Even if you have no intention of creating malware, the insider knowledge and skills you gain from this course will make you a better security professional.
Also, having practical knowledge of malware development will give you a better understanding of how to reverse engineer malware. By the end of this course, you would have gained a solid foundation for understanding how hackers can exploit windows API to inject malicious code into other processes.
Suitable for:
- Reverse Engineering and Malware Analysis Students
- Programmers who want to know how Malware is created
- Students planning on entering Malware Analysis and Reverse Engineering, or Penetration Testers as a Career Path
- Penetration Testers and Ethical Hackers
Prerequisite:
- Windows PC
- Basic C Language
- Preferably already Completed Malware Development and Reverse Engineering 1: The Basics