book

Malware Development for Ethical Hackers

by Zhassulan Zhussupov

June 2024

Beginner

402 pages

8h 34m

English

Packt Publishing

Read now

Unlock full access

ContributorsAbout the authorAbout the reviewersDisclaimer
Who this book is forWhat this book coversTo get the most out of this bookDownload the example code filesConventions usedGet in touchShare Your Thoughts
Getting the most out of this book – get to know your free benefits Interactive AI assistant (beta)DRM-free PDF or ePub version Technical requirementsWhat is malware development?A simple exampleUnpacking malware functionality and behaviorTypes of malwareReverse shellsPractical example: reverse shellPractical example: reverse shell for WindowsDemoLeveraging Windows internals for malware developmentPractical exampleExploring PE-file (EXE and DLL)Practical exampleThe art of deceiving a victim’s systemsSummary
Technical requirementsTraditional injection approaches – code and DLLA simple exampleCode injection exampleDLL injectionDLL injection exampleExploring hijacking techniquesDLL hijackingPractical exampleUnderstanding APC injectionA practical example of APC injectionA practical example of APC injection via NtTestAlertMastering API hooking techniquesWhat is API hooking?Practical exampleSummary
Technical requirementsClassic path: registry Run KeysA simple exampleLeveraging registry keys utilized by Winlogon processA practical exampleImplementing DLL search order hijacking for persistenceExploiting Windows services for persistenceA practical exampleHunting for persistence: exploring non-trivial loopholesA practical exampleHow to find new persistence tricksSummary
Technical requirementsManipulating access tokensWindows tokensLocal administratorSeDebugPrivilegeA simple exampleImpersonatePassword stealingPractical exampleLeveraging DLL search order hijacking and supply chain attacksPractical exampleCircumventing UACfodhelper.exePractical exampleSummary
Technical requirementsDetecting debugger presencePractical example 1Practical example 2Spotting breakpointsPractical exampleIdentifying flags and artifactsPractical exampleProcessDebugFlagsPractical exampleSummary
Technical requirementsFilesystem detection techniquesVirtualBox machine detectionA practical exampleDemoApproaches to hardware detectionChecking the HDDDemoTime-based sandbox evasion techniquesA simple exampleIdentifying VMs through the registryA practical exampleDemoSummary

Popular anti-disassembly techniquesPractical exampleExploring the function control problem and its benefitsPractical exampleObfuscation of the API and assembly codePractical exampleCrashing malware analysis toolsPractical exampleSummary
Technical requirementsUnderstanding the mechanics of antivirus enginesStatic detectionHeuristic detectionDynamic heuristic analysisBehavior analysisEvasion static detectionPractical exampleEvasion dynamic analysisPractical exampleCircumventing the Antimalware Scan Interface (AMSI)Practical exampleAdvanced evasion techniquesSyscallsSyscall IDPractical exampleUserland hookingDirect syscallsPractical exampleBypassing EDRPractical exampleSummary
Technical requirementsUnderstanding the role of hash algorithms in malwareCryptographic hash functionsApplying hashing in malware analysisA deep dive into common hash algorithmsMD5SHA-1BcryptPractical use of hash algorithms in malwareHashing WINAPI callsMurmurHashSummary
Technical requirementsIntroduction to simple ciphersCaesar cipherROT13 cipherROT47 cipherDecrypting malware – a practical implementation of simple ciphersCaesar cipherROT13ROT47The power of the Base64 algorithmBase64 in practiceSummary
Technical requirementsOverview of common cryptographic techniques in malwareEncryption resources such as configuration filesPractical exampleCryptography for secure communicationPractical examplePayload protection – cryptography for obfuscationPractical exampleSummary
Technical requirementsExploring advanced math algorithms in malwareTiny encryption algorithm (TEA)A5/1Madryga algorithmPractical exampleThe use of prime numbers and modular arithmetic in malwarePractical exampleImplementing custom encoding techniquesPractical exampleElliptic curve cryptography (ECC) and malwarePractical exampleSummary
Historical overview of classic malwareEarly malwareThe 1980s-2000s – the era of worms and mass propagationMalware of the 21st centuryModern banking TrojansThe evolution of ransomwareAnalysis of the techniques used by classic malwareEvolution and impact of classic malwareLessons learned from classic malwarePractical exampleSummary
Introduction to APTsThe birth of APTs – early 2000sOperation Aurora (2009)Stuxnet and the dawn of cyber-physical attacks (2010)The rise of nation-state APTs – mid-2010s onwardWhat about the current landscape and future challenges?Characteristics of APTsInfamous examples of APTsAPT28 (Fancy Bear) – the Russian cyber espionageAPT29 (Cozy Bear) – the persistent intruderLazarus Group – the multifaceted threatEquation Group – the cyber-espionage arm of the NSATailored Access Operations – the cyber arsenal of the NSATTPs used by APTsPersistence via AppInit_DLLsPersistence by accessibility featuresPersistence by alternate data streamsSummary
Understanding malware source code leaksThe Zeus banking TrojanCarberpCarbanakOther famous malware source code leaksThe impact of source code leaks on the malware development landscapeZeusCarberpCarbanakPractical exampleSignificant examples of malware source code leaksSummary
Introduction to ransomware and modern threatsAnalysis of ransomware techniquesContiHello KittyCase studies of notorious ransomware and modern threatsCase study one: WannaCry ransomware attackCase study two: NotPetya ransomware attackCase study three: GandCrab ransomwareCase study four: Ryuk ransomwareModern threatsPractical exampleMitigation and recovery strategiesSummary
How to unlock these benefits in three easy stepsStep 1
Other Books You May EnjoyPackt is searching for authors like youShare Your Thoughts

Content preview from Malware Development for Ethical Hackers

4 Mastering Privilege Escalation on Compromised Systems

Often, a malware’s initial compromise may not give it the level of access it needs to fully execute its malicious intent. This is where privilege escalation comes in. In this chapter, readers will learn about common privilege escalation methods used in Windows operating systems. From access token manipulation to dynamic-link library (DLL) search order hijacking and bypassing User Account Control (UAC), multiple techniques and methods are explored. Not only will the reader understand the mechanisms behind these methods, but they will also be able to see their practical applications in real-world scenarios. Through engaging examples and detailed explanations, this chapter provides an interesting ...