PE Injection Study
Offered By: Malware Unicorn via Independent
Course Description
Overview
The intent of this workshop is to reverse engineer existing malware to extract the portable executable (PE) injection technique to be replicated for use for red team operation tooling. The content of this workshop will begin by reverse engineering the malware Cryptowall and then go over the injection technique. The injection sequence consists of writing code into a newly created executable section in the target process, then using NtQueueApcThread to execute the target code.
Syllabus
Introduction
Background
Environment Setup
PE Injection
Manual Unpacking: Extracting the First Routine
Unpacking: Control Flow Obfuscation
Unpacking: Setting up Imports and Final Unpacking
Unpacking: Cryptowall Unpacked Code
Unpacking: Import Table Restoration
Injection Into Explorer: New Section Creation
Injection Into Explorer: Spawning a New Thread
Appendix
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network