filmov
tv
AutoIt process injection with shellcode and PE files
Показать описание
This video reverse engineers a trick often used by malware to execute shellcode and complete PE files inside other processes, using AutoIt.
Using CallWindowProcA allows a message to a window to be processed by a different window procedure !
The trick can be used not only to load shellcode but also to bootstrap loading of full PE files !!
References
~~~~~~~~
CallWindowProcA function
AutoIt - Function DllCall
The ‘AVE_MARIA’ Malware
Analysing Recent Evolutions in Malware Loaders
HackInTheBox 202 - Hiding In Plain Sight - Analysing Recent Evolutions in Malware Loaders
---------------------------------------------------------------------------------------------------
If you liked this video and you want to learn hands-on how to analyse malware, with real samples and practical exercises, find us on Udemy :
---------------------------------------------------------------------------------------------------
Want to support us continue to make great content? Buy us a coffee :
Thank you 🙏
Using CallWindowProcA allows a message to a window to be processed by a different window procedure !
The trick can be used not only to load shellcode but also to bootstrap loading of full PE files !!
References
~~~~~~~~
CallWindowProcA function
AutoIt - Function DllCall
The ‘AVE_MARIA’ Malware
Analysing Recent Evolutions in Malware Loaders
HackInTheBox 202 - Hiding In Plain Sight - Analysing Recent Evolutions in Malware Loaders
---------------------------------------------------------------------------------------------------
If you liked this video and you want to learn hands-on how to analyse malware, with real samples and practical exercises, find us on Udemy :
---------------------------------------------------------------------------------------------------
Want to support us continue to make great content? Buy us a coffee :
Thank you 🙏
AutoIt process injection with shellcode and PE files
Process hallowing with shellcode in C#
PoC Shellcode Injection
Malware Analysis - ROKRAT Unpacking from Injected Shellcode
PE Shellcode Injection
PE Shellcode Injection
[48] Malware Lab - Shellcode Injection Unpacking and Extraction
C# for Pentesters - Part II - Process Injection and XOR Shell Code Encryption / Decryption
RRE6 - Upgrading my Malware's Process Injection Capabilities!
Hunting with PE-sieve and invisible injection
Backdooring PE Files - Inject Shellcode in EXE files
Code injection trong AutoIt | Cheat Engine Step 7 | Cheat Eninge Step 7 By AutoIT
FSec2017: Hiding Malware Payloads With Autoit by Vanja Svajcer
Learn Malware Analysis with Process Hollowing - How to perform and detect
525 final demo -- buffer overflow shellcode injection
Malware Analysis - Unpacking AutoIt stub with large obfuscated script
PE Backdooring | Injecting stageless shellcode into an executable | Malware development
Static and Dynamic MALWARE ANALYSIS | Agent Tesla from an AutoIT EXE
Ethical Malware Development
Pe To Encrypted ShellCode By DzkiLLeR
New AutoIt Malware - Demo of sample
Hunting Process Injection
Windows Exploit Development - Shellcode
'Memhunter' vs 'Sysmon v13.01' & Process Hollowing Technique
Комментарии