I recently completed an essesntial Mal Dev course. This course covered a comprehensive range of topics designed to enhance skills in malware development, payload obfuscation, and evading antivirus solutions.
- Introduction
- Development VM Setup
- RTO-Win10.ova
- RTO-maldev.zip
- PE Files - Format and Structure
- PE Bear - Looking Inside
- Generating EXE vs DLL
- PE Compilation
- Where to Store Payloads?
- Storing Payloads in Code Section
- Data Section as a Container
- Payloads in Resource Section
- Encoding and Encryption
- Payload Encoding
- Encrypting Payloads - XOR
- Encrypting Payloads - AES
- Antivirus vs Call Obfuscation
- Implementing Function Call Obfuscation
- Backdooring PE Theory
- Making Putty a Trojan
- What is Code Injection?
- Injecting Code into Remote Process
- Implementing Code Injection
- Loading DLLs into Remote Process
- DLL Generator and Injector
- Making Program Invisible
- Combined Project
- Dropper Implementation
- Bypassing Windows Defender
The final assignment involved turning a custom dropper into a stealthy version with the following enhancements:
- Encrypt All Strings
- Obfuscate All Function Calls
- Change XOR to AES (I used XOR btw)
- Think about how you could hide your encrypted payload behind an image.
- Build a dropper, which hosts its payload in a separate encrypted file (on disk or on a file share). Hint: Use
CreateFile()andReadFile(); example code.