PE Injection Study
Offered By: Malware Unicorn via Independent
Course Description
Overview
The intent of this workshop is to reverse engineer existing malware to extract the portable executable (PE) injection technique to be replicated for use for red team operation tooling. The content of this workshop will begin by reverse engineering the malware Cryptowall and then go over the injection technique. The injection sequence consists of writing code into a newly created executable section in the target process, then using NtQueueApcThread to execute the target code.
Syllabus
Introduction
Background
Environment Setup
PE Injection
Manual Unpacking: Extracting the First Routine
Unpacking: Control Flow Obfuscation
Unpacking: Setting up Imports and Final Unpacking
Unpacking: Cryptowall Unpacked Code
Unpacking: Import Table Restoration
Injection Into Explorer: New Section Creation
Injection Into Explorer: Spawning a New Thread
Appendix
Related Courses
Dal Reverse engineering alla stampa 3DUniversity of Naples Federico II via Federica Rapid Manufacturing
Indian Institute of Technology Kanpur via Swayam Generative Design for Industrial Applications
Autodesk via Coursera Fundamentos de Ciberseguridad: un enfoque práctico
Inter-American Development Bank via edX Functional And Conceptual Design
Indian Institute of Technology Madras via Swayam