Sektor7 Malware Development Course, Notes and Thoughts in Progress
Thoughts
Overall it seems to be a very well put together, useful, and informative.
Currently my skills with C++ aren’t up to snuff to keep up with so I will be returning to this once I have more knowledge under my belt.
Here are some rough notes taken while attempting to get though the intro to the course.
Notes
1-4 videos:
Learned about PE-Bear, structure of PE programs.
Difference between how DLL and EXE are executed and used
and general housekeeping, setting up the environment
Videos 5-6:
compiling CPP code through powershell script
compiling CPP code with DLL main function to compile code into a DLL
exploring output in process hacker
DLLs cannot live in memory alone, rundll32 allows you to, also dumpbin important
droppers, where to store payloads within PE files. Have shellcode that launches calc
Text, data and resources sections in PE files are places to store shellcode/payload
Videos 7-8:
7: learned about storing payloads in the text section of executables by storing shellcode in local variables. stepped through the instructions with x64dbg to further cement understanding of allocating memory for shellcode, making it readable and executable and finally creating a thread to execute it
8: storing payloads in the data section of the executable by initializing them as global variables instead. otherwise the process of allocating memory and otherwise is unchanged
(learn more cpp and interacting with windows api and understand virtualalloc in more depth)
Thanks for reading!