RRE 4: Malware Process Injection for a Wealth of Stealth!

Channel:
Mitch Edwards (@valhalla_dev)
Subscribers:
8,490
Published on ● Video Link: https://www.youtube.com/watch?v=2tgVEmgGjFo


Duration: 35:06
983 views
39

The first, real step in our journey to write real malware: process injection! Process injection is the act of taking code from one place, whether it be a DLL or code in another executable, and injecting it into another running process. Malware uses this for stealth, privilege escalation and lots more. We're going to talk about process memory, process memory rebasing and reallocation and creating remote threads in this one, so buckle up for a long and complicated video!

RRE is a series where I write malware so I can better learn how to fight it. If you liked this video or the series, be sure to leave me a like, subscribe to see more and follow me on Twitter for more updates!

-- Twitter --
https://twitter.com/viking_sec

-- Patreon --
https://www.patreon.com/Viking_Sec

-- Video Notes and Resources --

iredteam article that explains a lot of this and helped me learn a ton:
https://www.ired.team/offensive-security/code-injection-process-injection/pe-injection-executing-pes-inside-remote-processes#code

MSDN article on process handles
https://docs.microsoft.com/en-us/windows/win32/procthread/process-handles-and-identifiers

MSDN article on GetModuleHandle
https://docs.microsoft.com/en-us/previous-versions/ms908443(v=msdn.10)

PE Header Explanation
https://blog.kowalczyk.info/articles/pefileformat.html

MSDN article on VirtualAlloc()
https://docs.microsoft.com/en-us/windows/win32/api/memoryapi/nf-memoryapi-virtualalloc

MSDN article on OpenProcess()
https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-openprocess

iredteam article on memory rebasing
https://www.ired.team/offensive-security/code-injection-process-injection/process-hollowing-and-pe-image-relocations#relocation

-- Table of Contents --


0:00 intro
0:30 demo, intro to process injection
6:00 GetModuleHandle
7:55 DOS Headers and NT Headers
11:20 Process Memory and Base Addresses
13:40 VirtualAlloc and Allocating Memory
17:30 OpenProcess to Access Target Process Memory
21:15 Memory Reallocation
32:07 CreateRemoteThread
33:40 Wrap-up

--
#malwaredevelopment #hacking #malware



Other Videos By Mitch Edwards (@valhalla_dev)


2022-01-13[Scrape the Planet Course] 4.3 - The Kevin Bacon Spider: Design and Skeleton Code
2022-01-12[Scrape the Planet Course] 4.2 - The Kevin Bacon Problem: Introducing our IMDB Spider
2022-01-11[Scrape the Planet Course] 4.1 - Concepts of Spidering: What is a Web Spider?
2022-01-05RRE6 - Upgrading my Malware's Process Injection Capabilities!
2021-12-31Valhalla Malware Development and Exploit Research Discord!
2021-12-31Find Out What’s Running on YOUR Machine with the Windows API!
2021-12-27What Is the Windows API?
2021-12-22What is an Operating System, and/or Existential Dread?
2021-12-18RRE5 - Losing Sanity while Developing Malware in C++ Hell
2021-12-14How Much My First Udemy Course Made in 1 Month!
2021-12-10RRE 4: Malware Process Injection for a Wealth of Stealth!
2021-12-08Python for Absolute Beginners Episode 3: Fun with Functions!
2021-12-06Python Tips 03: Returning Multiple Items from a Function!
2021-12-03RRE 3: Re-Learning C/C++ for Malware Development
2021-12-01Using Flask Templates to Build Simple API Dashboards
2021-12-01Python Tips 02: Filtering Arrays with Lambdas!
2021-11-18Python Tips 01: Slice and Dice Arrays!
2021-11-18Use the Shodan API to Find Hidden Databases and Other Internet Secrets!
2021-11-16Python for Absolute Beginners Episode 2: All Things Arrays!
2021-11-11Python for Absolute Beginners Episode 1: Installation and Variables!
2021-11-10[Free Web Scraping Class] Scrape the Planet 4.7 - Building a Spider to Crawl Wikipedia using Python!


Tags:
malware development
c/c++
c++
malware
reverse engineering
offsec
malware analysis
hacking
offensive security
developing malware
cyber security
coding
software development
dev log
system programming
windows api
process injection
dll injection
process injection techniques
cyber
ransomware
spyware
writing malware
malware dev
blackhat
white hat
gray hat
c programming
windows malware
virus development
creating a virus