YoVDO

PE Injection Study

Offered By: Malware Unicorn via Independent

Tags

Reverse Engineering Courses Cybersecurity Courses Malware Analysis Courses

Course Description

Overview

The intent of this workshop is to reverse engineer existing malware to extract the portable executable (PE) injection technique to be replicated for use for red team operation tooling. The content of this workshop will begin by reverse engineering the malware Cryptowall and then go over the injection technique. The injection sequence consists of writing code into a newly created executable section in the target process, then using NtQueueApcThread to execute the target code.


Syllabus

Introduction
Background
Environment Setup
PE Injection
Manual Unpacking: Extracting the First Routine
Unpacking: Control Flow Obfuscation
Unpacking: Setting up Imports and Final Unpacking
Unpacking: Cryptowall Unpacked Code
Unpacking: Import Table Restoration
Injection Into Explorer: New Section Creation
Injection Into Explorer: Spawning a New Thread
Appendix


Related Courses

Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Palo Alto Networks Cybersecurity Essentials II
Palo Alto Networks via Coursera Introducción al Análisis del Malware en Windows
National Technological University – Buenos Aires Regional Faculty via Miríadax Android Malware Analysis - From Zero to Hero
Udemy How to Create and Embed Malware (2-in-1 Course)
Udemy