Sektor7 Malware Development Course, Notes and Thoughts in Progress

Thoughts

Overall it seems to be a very well put together, useful, and informative.

Currently my skills with C++ aren’t up to snuff to keep up with so I will be returning to this once I have more knowledge under my belt. Here are some rough notes taken while attempting to get though the intro to the course.

Notes

1-4 videos: Learned about PE-Bear, structure of PE programs. Difference between how DLL and EXE are executed and used and general housekeeping, setting up the environment

Videos 5-6: compiling CPP code through powershell script compiling CPP code with DLL main function to compile code into a DLL exploring output in process hacker DLLs cannot live in memory alone, rundll32 allows you to, also dumpbin important droppers, where to store payloads within PE files. Have shellcode that launches calc Text, data and resources sections in PE files are places to store shellcode/payload

Videos 7-8: 7: learned about storing payloads in the text section of executables by storing shellcode in local variables. stepped through the instructions with x64dbg to further cement understanding of allocating memory for shellcode, making it readable and executable and finally creating a thread to execute it

8: storing payloads in the data section of the executable by initializing them as global variables instead. otherwise the process of allocating memory and otherwise is unchanged (learn more cpp and interacting with windows api and understand virtualalloc in more depth)

Thanks for reading!

Twitter Facebook LinkedIn

tkyn

Sektor7 Malware Development Course, Notes and Thoughts in Progress

Thoughts

Notes

You May Also Enjoy

PLC Web Server Arbitrary File Download

Personal Course Compendium (PCC)

Vulnerable Web App Video Links

TCM PNPT Certification Review