The Black Magicks of Malware: Function Call Obfuscation

preview_player
Показать описание
Cthulhu fhtagn, current and future cultists!

In this video, we explore the "function call obfuscation" technique for hiding your Win32 API calls from antivirus and endpoint protection.

If you're interested in more like this, make sure to give my Twitch stream a look because I do a lot more content on there streaming 3 times per week!

  1. Alh4zr3d
  2. hacking
  3. programming
  4. cybersecurity
  5. red team
  6. blue team
Рекомендации по теме
The Black Magicks 0:11:12

The Black Magicks of Malware: Function Call Obfuscation

The Black Magicks 0:23:22

The Black Magicks of Malware: Early-Bird QueueUserAPC Injection

The Black Magick 0:51:44

The Black Magick of Malware: Process Injection with Win32 - 1

VIRUS 0:03:13

VIRUS

Quick Heal Total 0:04:08

Quick Heal Total Security vs Black Magic Ransomware 🔐

Magic ransomware removal 0:03:04

Magic ransomware removal [.Magic file virus].

I Explored Ransomware 0:22:11

I Explored Ransomware Cybercrime on the Dark Web

Clean ANY malware 0:11:54

Clean ANY malware or virus off ANY Windows computer with one FREE and SIMPLE program!

The Dark Arts 0:27:44

The Dark Arts of cyber. [Only Malware in the Building]

Zombie virus 🦠🧟‍♀️|| 0:00:37

Zombie virus 🦠🧟‍♀️|| part 1 || Anil Shorts || #shorts #viral #youtubeshorts #zombieshorts #zombie...

Bad Apple but 0:03:46

Bad Apple but it's a Windows virus

Eminem - GNAT 0:03:57

Eminem - GNAT (Official Music Video)

Windows 11 Systems 0:01:32

Windows 11 Systems at Risk: BlackLotus UEFI Bootkit Malware Bypasses Secure Boot

28 October 2021 0:00:15

28 October 2021 | Corona Virus Funny vfx video | Viral magic video | Double roll | Ayan mechanic

Virus Showdown | 1:39:52

Virus Showdown | Good Habits | Cartoons for Kids | Sheriff Labrador

The Discovery of 0:45:27

The Discovery of a Government Malware and an Unexpected Spy Scandal

Lektrique - VIRUS 0:03:13

Lektrique - VIRUS

Very Dangerous Malware 0:03:26

Very Dangerous Malware !!!! Destructive Malware BlackLotus bypasses Windows Secure Boot

Big Black virus🦠3D 0:00:10

Big Black virus🦠3D Special Effects | 3D Animation #shorts #vfxhd

Cursed Tapes and 0:11:33

Cursed Tapes and How to Avoid Them: The Black Magic Virus

[SK magic] Goodbye 0:00:30

[SK magic] Goodbye virus. Hello magic Full Video

Does Your Computer 0:05:47

Does Your Computer Have A VIRUS? | What Is A Computer Virus? | The Dr Binocs Show | Peekaboo Kidz

BSidesCharm 2022 - 0:34:05

BSidesCharm 2022 - Malware Wars: DarkSide Strikes Back as BlackMatter - Lindsay Kaye & James Niv...

Four Coins, Four 0:00:54

Four Coins, Four Cards, One Virus

Комментарии
Автор

Hey All, just wanted to drop by and say thank you for everything you do! I've been watching your streams, VODs, and videos for the past year, soaking in your advice and recommendations. As a result, I landed my first job offer and joined a great company! Wishing you all the best, and once again, thank you!

businkabasima
Автор

🎉🎉🎉 behold, he is back on yt!! Glad to see you again!

b.h.
Автор

I’ve only tested it for kernel mode imports but it should be possible either way. The only hard thing is finding the base address of the DLL you’re looking for (because of ASLR). Most should be automatically loaded so you should be able to get it by iterating the loaded modules list from the PEB. (gs:60 iirc)

nuxar
Автор

Awesome to see you back bud. Currently working through OSEP, so this is well timed.

DarkDonnieMarco
Автор

spectacular! I'm a little thin on coding experience so I appreciate the boilerplate code. Thank you Al!

theo
Автор

Doing WinAPI function calls in my reverse engineering class right now, this was super helpful!

peterclark
Автор

Awesome explanation I will definitely need to play around with this and see if I can find anything. Thanks for the content!

xyen
Автор

no, throwing a meterpreter instead of calc will not work as well, especially with C# and an EDR on board. it will probably get flagged before you get to launch it

lumikarhu