PE Injection Study
Offered By: Malware Unicorn via Independent
Course Description
Overview
The intent of this workshop is to reverse engineer existing malware to extract the portable executable (PE) injection technique to be replicated for use for red team operation tooling. The content of this workshop will begin by reverse engineering the malware Cryptowall and then go over the injection technique. The injection sequence consists of writing code into a newly created executable section in the target process, then using NtQueueApcThread to execute the target code.
Syllabus
Introduction
Background
Environment Setup
PE Injection
Manual Unpacking: Extracting the First Routine
Unpacking: Control Flow Obfuscation
Unpacking: Setting up Imports and Final Unpacking
Unpacking: Cryptowall Unpacked Code
Unpacking: Import Table Restoration
Injection Into Explorer: New Section Creation
Injection Into Explorer: Spawning a New Thread
Appendix
Related Courses
FinTech for Finance and Business LeadersACCA via edX Access Controls
(ISC)² via Coursera Advanced Cyber Security Training
EC-Council via FutureLearn Python для кибербезопасности. Финальный проект
E-Learning Development Fund via Coursera Advanced System Security Design
University of Colorado System via Coursera