riversongs Posted March 7 Report Share Posted March 7 Free Download Windows API HookingPublished 2/2024Created by Naga Sai NikhilMP4 | Video: h264, 1280x720 | Audio: AAC, 44.1 KHz, 2 ChGenre: eLearning | Language: English | Duration: 8 Lectures ( 2h 13m ) | Size: 1.7 GBLearn windows api hooking the maldev wayWhat you'll learn:What is API HookingDifferent types of hookinginline hookingiat hookingdll unhookingRequirements:No prior experience needed but basics of windows api is an added advantageDescription:We often hear the words in movies "he has hooks on you". this means he is controlling you.In same analogy, hooking here means controlling the function flow to examine the parameters that are being passed to the function.AV/EDR hooks some important functions in various dlls.NtVirtualAllocateMemory, ZwWriteVirtualMemory, NtCreateRemoteThread, etc are hooked5 BYTE INLINE HOOKINGIn this inline hooking, we replace first 5 bytes of legit function with a jump offset to our function.When the legit function is called, the control flow redirects to our address along with the original arguments.Now we restore those 5 bytes at legit function and then inspect the arguments for any malicious usage.we can then proceed to block or allow the functionIAT HOOKINGFirstthunk address in import descriptor table points to address of legit functions.We can overwrite this address to our malicious function.we receive arguments and then call legit functionHIDING PROCESSES FROM USER MODE PROCESSProcesses like task manager uses NtQuerySystemInformation with SYSTEM_PROCESS_INFORMATION to get all processes information.All of these processes are in linked list.We can hide our desired process by modifying the next link of previous process to the next process.DLL UNHOOKINGWe can unhook the hooked dlls by copying clean version of dll's .text section into our process.AV/EDR does not hook dlls on disk because it slows down the system heavily.We can acquire clean copy from disk or from a suspended processWho this course is for:Penetration testersMalware DevelopersRed TeamersHomepagehttps://www.udemy.com/course/windows-api-hooking/Download ( Rapidgator )https://rg.to/file/45381eabaf6177f7ca19cd3bcbc93450/qcsir.Windows.API.Hooking.part2.rar.htmlhttps://rg.to/file/53e71d486aa818ccdd724eea6a3e1066/qcsir.Windows.API.Hooking.part1.rar.htmlUploadgighttps://uploadgig.com/file/download/58a22b70b53C186f/qcsir.Windows.API.Hooking.part2.rarhttps://uploadgig.com/file/download/5fdb677790cd8e1C/qcsir.Windows.API.Hooking.part1.rarDownload ( NitroFlare )https://nitroflare.com/view/42ED2C9B5E61D0F/qcsir.Windows.API.Hooking.part1.rarhttps://nitroflare.com/view/620123259EEBDDE/qcsir.Windows.API.Hooking.part2.rarFikperhttps://fikper.com/GJsy4vH5b0/qcsir.Windows.API.Hooking.part1.rar.htmlhttps://fikper.com/fx0UuqeBe5/qcsir.Windows.API.Hooking.part2.rar.htmlNo Password - Links are Interchangeable Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now