filmov
tv
AutoIt process injection with shellcode and PE files
Показать описание
This video reverse engineers a trick often used by malware to execute shellcode and complete PE files inside other processes, using AutoIt.
Using CallWindowProcA allows a message to a window to be processed by a different window procedure !
The trick can be used not only to load shellcode but also to bootstrap loading of full PE files !!
References
~~~~~~~~
CallWindowProcA function
AutoIt - Function DllCall
The ‘AVE_MARIA’ Malware
Analysing Recent Evolutions in Malware Loaders
HackInTheBox 202 - Hiding In Plain Sight - Analysing Recent Evolutions in Malware Loaders
---------------------------------------------------------------------------------------------------
If you liked this video and you want to learn hands-on how to analyse malware, with real samples and practical exercises, find us on Udemy :
---------------------------------------------------------------------------------------------------
Want to support us continue to make great content? Buy us a coffee :
Thank you 🙏
Using CallWindowProcA allows a message to a window to be processed by a different window procedure !
The trick can be used not only to load shellcode but also to bootstrap loading of full PE files !!
References
~~~~~~~~
CallWindowProcA function
AutoIt - Function DllCall
The ‘AVE_MARIA’ Malware
Analysing Recent Evolutions in Malware Loaders
HackInTheBox 202 - Hiding In Plain Sight - Analysing Recent Evolutions in Malware Loaders
---------------------------------------------------------------------------------------------------
If you liked this video and you want to learn hands-on how to analyse malware, with real samples and practical exercises, find us on Udemy :
---------------------------------------------------------------------------------------------------
Want to support us continue to make great content? Buy us a coffee :
Thank you 🙏
0:07:19
AutoIt process injection with shellcode and PE files
0:11:19
Process hallowing with shellcode in C#
0:05:00
PoC Shellcode Injection
0:14:46
Malware Analysis - ROKRAT Unpacking from Injected Shellcode
0:19:34
PE Shellcode Injection
0:09:37
PE Shellcode Injection
![[48] Malware Lab](https://i.ytimg.com/vi/07D0GbbPSi4/hqdefault.jpg)
0:11:44
[48] Malware Lab - Shellcode Injection Unpacking and Extraction
0:20:45
C# for Pentesters - Part II - Process Injection and XOR Shell Code Encryption / Decryption
0:09:55
RRE6 - Upgrading my Malware's Process Injection Capabilities!
0:11:28
Hunting with PE-sieve and invisible injection
0:21:51
Backdooring PE Files - Inject Shellcode in EXE files
0:14:17
Code injection trong AutoIt | Cheat Engine Step 7 | Cheat Eninge Step 7 By AutoIT
0:30:53
FSec2017: Hiding Malware Payloads With Autoit by Vanja Svajcer
0:07:32
Learn Malware Analysis with Process Hollowing - How to perform and detect
0:06:04
525 final demo -- buffer overflow shellcode injection
0:40:05
Malware Analysis - Unpacking AutoIt stub with large obfuscated script
0:10:40
PE Backdooring | Injecting stageless shellcode into an executable | Malware development
0:14:24
Static and Dynamic MALWARE ANALYSIS | Agent Tesla from an AutoIT EXE
0:01:49
Ethical Malware Development
0:07:17
Pe To Encrypted ShellCode By DzkiLLeR
0:01:54
New AutoIt Malware - Demo of sample
0:36:14
Hunting Process Injection
0:11:22
Windows Exploit Development - Shellcode
0:07:11
'Memhunter' vs 'Sysmon v13.01' & Process Hollowing Technique
Комментарии