[LEAK] MalDevAcademy 5.7 - Full Malware Development Course
by randomuser - Thursday January 4, 2024 at 09:41 AM
thank you brother
Reply
Nice share Smile
Reply
Nice Share Good One!
Reply
(01-04-2024, 09:41 AM)randomuser Wrote: SOURCE
Quote:https://maldevacademy.com/

CONTENTS
Quote:MalDevAcademy.5.7 % tree
├── MALWARE 8b74ccffb7e64efea30e3da4d919418d
│   ├── 1 Welcome Module 50a6834777ae4e8fa6f48331845a779e.html
│   ├── 10 Detection Mechanisms 8ac0fec121da4288a3f820552bfc3af0
│   │   ├── api-hooking.png
│   │   └── dumpbin-imports.png
│   ├── 10 Detection Mechanisms 8ac0fec121da4288a3f820552bfc3af0.html
│   ├── 11 Windows Processes c1d189721d41469b89798a788d0ac581.html
│   ├── 12 Undocumented Structures a1b1542a827d4ff2a42d99a97ef9e01d
│   │   └── undocumented-structs-1224531910-413779d5-2e1d-4813-a545-c690892da2bd.png
│   ├── 12 Undocumented Structures a1b1542a827d4ff2a42d99a97ef9e01d.html
│   ├── 13 Payload Placement - data & rdata Sections d402fbf89962436285694d655c54d6c3
│   │   ├── data-section.png
│   │   ├── dumpbin-1.png
│   │   └── dumpbin-2.png
│   ├── 13 Payload Placement - data & rdata Sections d402fbf89962436285694d655c54d6c3.html
│   ├── 14 Payload Placement - text Section 7d566afd50194164979afb40c3c311f3
│   │   └── text-section.png
│   ├── 14 Payload Placement - text Section 7d566afd50194164979afb40c3c311f3.html
│   ├── 15 Payload Placement - rsrc Section c6369f39745844c8af17d37db5a75eac
│   │   ├── rsrc-1.png
│   │   ├── rsrc-2.png
│   │   ├── rsrc-3.png
│   │   ├── rsrc-4.png
│   │   ├── rsrc-5.png
│   │   ├── rsrc-6.png
│   │   ├── rsrc-7.png
│   │   ├── rsrc-8.png
│   │   ├── rsrc-payload.png
│   │   └── rsrc-tmpbuffer.png
│   ├── 15 Payload Placement - rsrc Section c6369f39745844c8af17d37db5a75eac.html
│   ├── 16 Introduction To Payload Encryption 090b0d4bea194239a37c73d3e3b9124f.html
│   ├── 17 Payload Encryption - XOR e07626c543ae4bc387b1936bee6fbc00.html
│   ├── 18 Payload Encryption - RC4 ff80fad2bcc74e798b270bb1fddd1be2.html
│   ├── 19 Payload Encryption - AES Encryption fa2ab3c6213d4a12a1394be735833ec7
│   │   ├── encryption-new-225952410-4a747a9a-ef94-479c-be3b-d6ae5e8de27f.png
│   │   ├── encryption-new-225953480-03161b1a-119f-4c97-9b9e-11745047a214.png
│   │   ├── iat-aes.png
│   │   └── iat-no-winapis.png
│   ├── 19 Payload Encryption - AES Encryption fa2ab3c6213d4a12a1394be735833ec7.html
│   ├── 2 Introduction To Malware Development 59fd7e6d7aee4b73ba2fbaf1fedc5f76.html
│   ├── 20 Evading Microsoft Defender Static Analysis ae933861119142d192c7c88c47e0c256
│   │   ├── aes-shellcode-defender.png
│   │   ├── raw-shellcode-defender.png
│   │   ├── rc4-shellcode-defender.png
│   │   └── xor-shellcode-defender.png
│   ├── 20 Evading Microsoft Defender Static Analysis ae933861119142d192c7c88c47e0c256.html
│   ├── 21 Payload Obfuscation - IPv4 IPv6Fuscation 9f7b77eecf01460d8d898195f70f4790
│   │   ├── ipv4fuscation.png
│   │   └── ipv6fuscation.png
│   ├── 21 Payload Obfuscation - IPv4 IPv6Fuscation 9f7b77eecf01460d8d898195f70f4790.html
│   ├── 22 Payload Obfuscation - MACFucscation 8acebc37c16548f2a0279babcac9f579
│   │   └── macfuscation.png
│   ├── 22 Payload Obfuscation - MACFucscation 8acebc37c16548f2a0279babcac9f579.html
│   ├── 23 Payload Obfuscation - UUIDFuscation 1c2f59cabc354005973cf3e7692586c7
│   │   ├── uuid.png
│   │   └── uuidfuscation.png
│   ├── 23 Payload Obfuscation - UUIDFuscation 1c2f59cabc354005973cf3e7692586c7.html
│   ├── 24 Maldev Academy Tool - HellShell 1c00f7dd2c7547de89956f25a050ea22
│   │   └── hellshell.png
│   ├── 24 Maldev Academy Tool - HellShell 1c00f7dd2c7547de89956f25a050ea22.html
│   ├── 25 Maldev Academy Tool - MiniShell 2e5e50eff60245dd81620925222710d4
│   │   └── minishell-updated.png
│   ├── 25 Maldev Academy Tool - MiniShell 2e5e50eff60245dd81620925222710d4.html
│   ├── 26 Local Payload Execution - DLL 047762d5d58a43308c08affcede128f9
│   │   ├── create-a-dll.png
│   │   ├── dll-injection-execution.png
│   │   └── task-manager-dll.png
│   ├── 26 Local Payload Execution - DLL 047762d5d58a43308c08affcede128f9.html
│   ├── 27 Local Payload Execution - Shellcode e1f075df7aa84bcd8b475e875c589a9b
│   │   ├── local-shellcode-injection-1.png
│   │   ├── local-shellcode-injection-2.png
│   │   ├── local-shellcode-injection-3.png
│   │   ├── local-shellcode-injection-4.png
│   │   ├── local-shellcode-injection-5.png
│   │   └── local-shellcode-injection-6.png
│   ├── 27 Local Payload Execution - Shellcode e1f075df7aa84bcd8b475e875c589a9b.html
│   ├── 28 Process Injection - DLL Injection 673245a70556420cb999c1f1cc2723a9
│   │   ├── remote-dll-injection-1.png
│   │   ├── remote-dll-injection-2.png
│   │   ├── remote-dll-injection-3.png
│   │   ├── remote-dll-injection-4.png
│   │   ├── remote-dll-injection-5.png
│   │   ├── remote-dll-injection-6.png
│   │   └── remote-dll-injection-7.png
│   ├── 28 Process Injection - DLL Injection 673245a70556420cb999c1f1cc2723a9.html
│   ├── 29 Process Injection - Shellcode Injection 462956fe40674d56baa665523f37bdf2
│   │   ├── remote-shellcode-injection-1.png
│   │   ├── remote-shellcode-injection-2.png
│   │   ├── remote-shellcode-injection-3.png
│   │   ├── remote-shellcode-injection-4.png
│   │   ├── remote-shellcode-injection-5.png
│   │   ├── remote-shellcode-injection-6.png
│   │   ├── remote-shellcode-injection-7.png
│   │   └── remote-shellcode-injection-8.png
│   ├── 29 Process Injection - Shellcode Injection 462956fe40674d56baa665523f37bdf2.html
│   ├── 3 Required Tools 4fe7ff0b0d174fa5a6d1ce0fd98d3197
│   │   ├── Untitled 1.png
│   │   ├── Untitled 2.png
│   │   ├── Untitled 3.png
│   │   ├── Untitled 4.png
│   │   └── Untitled.png
│   ├── 3 Required Tools 4fe7ff0b0d174fa5a6d1ce0fd98d3197.html
│   ├── 30 Payload Staging - Web Server eda456e5264144a5896120955cee9540
│   │   ├── python-http-server-2.png
│   │   ├── python-http-server.png
│   │   ├── staging-demo-1.png
│   │   ├── staging-demo-2.png
│   │   └── staging-github.png
│   ├── 30 Payload Staging - Web Server eda456e5264144a5896120955cee9540.html
│   ├── 31 Payload Staging - Windows Registry e777de605e884adf970e64206c5d249f
│   │   ├── registry-demo-1.png
│   │   ├── registry-demo-2.png
│   │   ├── registry-demo-3.png
│   │   ├── registry-img.png
│   │   ├── registry-new-string-value.png
│   │   ├── registry-read-demo-1.png
│   │   ├── registry-read-demo-2.png
│   │   └── registry-read-demo-3.png
│   ├── 31 Payload Staging - Windows Registry e777de605e884adf970e64206c5d249f.html
│   ├── 32 Malware Binary Signing fe21c309a829423fa32229958b372dac
│   │   ├── maldev-properties.png
│   │   ├── pfx-creation.png
│   │   ├── sign.png
│   │   ├── vt-1.png
│   │   └── vt-2.png
│   ├── 32 Malware Binary Signing fe21c309a829423fa32229958b372dac.html
│   ├── 33 Process Enumeration - EnumProcesses 68c6d61e1bea4011b331a89d300322f9
│   │   ├── enumprocesses-108501303-c0dfa0d8-5e73-431e-9f5f-3cea0bb217be.png
│   │   └── enumprocesses-208500959-341d233b-4852-463e-8108-6d6e4c109416.png
│   ├── 33 Process Enumeration - EnumProcesses 68c6d61e1bea4011b331a89d300322f9.html
│   ├── 34 Process Enumeration - NtQuerySystemInformation 70484231965b41108520d9f766477b6f
│   │   ├── nt-108508463-27e8a0b8-4d4e-4391-bf1d-8d75ad2567d3.png
│   │   ├── nt-208666134-5c070d23-50f4-4e1d-978f-11122892a9c3.png
│   │   └── nt-308665154-9c8bdf73-bfb4-40b5-a39f-3b6ee2044076.png
│   ├── 34 Process Enumeration - NtQuerySystemInformation 70484231965b41108520d9f766477b6f.html
│   ├── 35 Thread Hijacking - Local Thread Creation dfbe368a13a84ee793d9772723c40623
│   │   ├── threadhijack-208833406-0c1bb9f4-9a41-46e0-a2d5-b05f71c6c287.png
│   │   ├── threadhijack-308833564-0000d447-c970-40d8-8be3-8da70b63f30f.png
│   │   └── threadhijack-408833616-43a64b68-f30e-466c-a4c6-4d48289c0158.png
│   ├── 35 Thread Hijacking - Local Thread Creation dfbe368a13a84ee793d9772723c40623.html
│   ├── 36 Thread Hijacking - Remote Thread Creation 8810a50599cc4cb7a0915dadf5cabe29
│   │   └── rthread-hijack-108970868-ca84b0fe-ce83-447e-b7a1-4116559bc414.png
│   ├── 36 Thread Hijacking - Remote Thread Creation 8810a50599cc4cb7a0915dadf5cabe29.html
│   ├── 37 Thread Hijacking - Local Thread Enumeration 0e5417dc3f844a68aa319deb6a376ce9
│   │   ├── tenum-0209185998-74b97dca-e541-401d-b700-b45852e7564a.png
│   │   ├── tenum-109188468-94e7741b-8953-4079-8a7c-8ab3cc449779.png
│   │   └── tenum-209188936-9a4de3fe-fd13-4a25-b343-153a59ea894b.png
│   ├── 37 Thread Hijacking - Local Thread Enumeration 0e5417dc3f844a68aa319deb6a376ce9.html
│   ├── 38 Thread Hijacking - Remote Thread Enumeration 0856586d8db7435fadc7ae2b918da7b2
│   │   ├── renum-109196659-5f5a1b94-3074-4774-8271-03a07b5f2c04.png
│   │   ├── renum-209196664-c43d380c-79ab-48c1-97c9-396c3c2b7c4d.png
│   │   └── renum-309196669-ebbdc23d-e0c2-436c-ac73-70f18c971c3b.png
│   ├── 38 Thread Hijacking - Remote Thread Enumeration 0856586d8db7435fadc7ae2b918da7b2.html
│   ├── 39 APC Injection 86545b9163834568b0a197adc696666e
│   │   ├── apc-demo-1-109284381-1875d55b-1574-4421-b4e9-6f6948a5a316.png
│   │   ├── apc-demo-1-209284381-1875d55b-1574-4421-b4e9-6f6948a5a316.png
│   │   ├── apc-demo-2-109284381-1875d55b-1574-4421-b4e9-6f6948a5a316.png
│   │   └── apc-demo-2-209284381-1875d55b-1574-4421-b4e9-6f6948a5a316.png
│   ├── 39 APC Injection 86545b9163834568b0a197adc696666e.html
│   ├── 4 Coding Basics 2ff6d449157546238ba8c316b981337f.html
│   ├── 40 Early Bird APC Injection a9fb0ac0fc464b7c8a61de3fba4d7c8c
│   │   ├── demo-109330271-93c3e529-dfea-4868-ad56-48ce90efe172.png
│   │   ├── demo-209330277-04b3a674-e5f7-41b1-95a3-423e34d2f5aa.png
│   │   └── demo-309330284-92aec1dc-b899-49a8-a170-f9845cbe5246.png
│   ├── 40 Early Bird APC Injection a9fb0ac0fc464b7c8a61de3fba4d7c8c.html
│   ├── 41 Callback Code Execution da849912e27f4bde9f88caaf4847aeb0.html
│   ├── 42 Local Mapping Injection a18ce0d426434c27b585cf1ddd825b70
│   │   ├── local-map-inject-109424404-c8e38d0c-cf1a-401a-b881-e1d50f0fb1dd.png
│   │   ├── local-map-inject-209424404-c8e38d0c-cf1a-401a-b881-e1d50f0fb1dd.png
│   │   ├── local-map-inject-309427185-a71d9b01-a6f8-4fd8-be13-25e331ad96d8.png
│   │   └── local-map-inject-409427186-264e5199-4331-4578-84bc-c9c9cba45046.png
│   ├── 42 Local Mapping Injection a18ce0d426434c27b585cf1ddd825b70.html
│   ├── 43 Remote Mapping Injection 268ba3a4ebcd42e8a6a99cf2c8eb88c2
│   │   ├── remote-map-109431584-4f2ef9e2-3d8e-49ce-9998-b9070c566647.png
│   │   ├── remote-map-209431586-0863ea8b-fa83-486b-aeac-ff718f759de7.png
│   │   ├── remote-map-309431587-6d988463-f0aa-4cc2-8252-1b0d1426af2d.png
│   │   └── remote-map-409431570-6cd31d0b-0dee-4930-97d3-5124112c3e77.png
│   ├── 43 Remote Mapping Injection 268ba3a4ebcd42e8a6a99cf2c8eb88c2.html
│   ├── 44 Local Function Stomping Injection c935dd1a71c845059628b12d6c3cdcb8
│   │   ├── stomp-109438900-53f68143-4143-4be4-978c-4c38e9b4f0d4.png
│   │   ├── stomp-209438901-b436065b-17a9-43b2-86a9-da708329b4c7.png
│   │   ├── stomp-309438902-a96c9c50-7ac1-42f9-918f-992a2ef749d6.png
│   │   └── stomp-409438904-bfacfa89-e6cb-4903-9cd1-7a55c9b66697.png
│   ├── 44 Local Function Stomping Injection c935dd1a71c845059628b12d6c3cdcb8.html
│   ├── 45 Remote Function Stomping Injection d7942e1bc9af45968f6b7eea69b6559e
│   │   ├── remote-stomp-109445015-30dbf6a1-2ece-4d4c-a304-a9fc12f8f231.png
│   │   ├── remote-stomp-209445031-a0b9b825-93f8-429c-a6eb-5dc4e276e2df.png
│   │   ├── remote-stomp-309445021-d9ccc1af-1eb5-4e9e-ba62-8f67b3442c90.png
│   │   ├── remote-stomp-409445036-d03ad29c-8eb0-4b5a-b166-bd30458dbe1a.png
│   │   └── remote-stomp-509445038-6bb55397-dbac-4546-b1d7-2a7be0744c8a.png
│   ├── 45 Remote Function Stomping Injection d7942e1bc9af45968f6b7eea69b6559e.html
│   ├── 46 Payload Execution Control 169c1c943aed40e096a42d7b9761c466
│   │   ├── control-109459156-0c97cf3a-c176-46da-bd31-afb2d2161b9f.png
│   │   ├── control-209459157-cda5268b-bd34-47ed-874b-a799e0680fb8.png
│   │   └── control-309459160-66750edb-600a-4fef-a1f2-ef2deec92d5e.png
│   ├── 46 Payload Execution Control 169c1c943aed40e096a42d7b9761c466.html
│   ├── 47 Spoofing PPID 5f6b664165244f6284dd737c7e5d823c
│   │   ├── demo-109330271-93c3e529-dfea-4868-ad56-48ce90efe172.png
│   │   ├── ppid-spoofing-1209528890-4c267ff2-a7b9-4036-8279-a5af58f067c7.png
│   │   ├── ppid-spoofing-209529234-c72226c9-0cf1-401f-b46d-6b32cb1bac25.png
│   │   ├── ppid-spoofing-309529480-978dfe1a-ba61-4881-a33d-9614bd7ee3bb.png
│   │   └── ppid-spoofing-409530891-f8b81cc4-8cec-4ffe-b413-debf5f051ae8.png
│   ├── 47 Spoofing PPID 5f6b664165244f6284dd737c7e5d823c.html
│   ├── 48 Process Argument Spoofing (1) b427dcafb59043239840f40c0ab8dc81
│   │   ├── arg-spoof-109550005-441b53e8-9f32-48c3-96a5-56b5b7eb427a.png
│   │   ├── arg-spoof-209553208-efe6e1fb-2e03-4840-a1ff-821217ddf731.png
│   │   └── arg-spoof-309567835-eed3b698-80d0-4a39-ae98-7d2f4120a9a3.png
│   ├── 48 Process Argument Spoofing (1) b427dcafb59043239840f40c0ab8dc81.html
│   ├── 49 Process Argument Spoofing (2) 0f4d524b53fa4b2b9d2b2a52376a158a
│   │   ├── 51 String Hashing 67af0332497148fa85a9f95864996ede.html
│   │   ├── spoofing-109614220-d9136e16-4a7e-4ce2-a309-db47577d6f88.png
│   │   ├── spoofing-209614417-27d1960a-a101-4d6d-8247-e49c9a387556.png
│   │   ├── spoofing-309614553-c8f18edc-301f-4bca-92e6-bf65ae03bddf.png
│   │   ├── spoofing-409618296-d64a33d8-0d25-400f-9a2d-47d9483ec70f.png
│   │   ├── spoofing-509622098-ebfd8016-9d4d-413f-929f-53e8465666dd.png
│   │   └── spoofing-609622288-7f9400eb-100e-490a-a5a6-adbfa2b61f42.png
│   ├── 49 Process Argument Spoofing (2) 0f4d524b53fa4b2b9d2b2a52376a158a.html
│   ├── 5 Windows Architecture 012cf6ad24cc4d18897cd9414c274997
│   │   ├── Untitled 1.png
│   │   ├── Untitled 2.png
│   │   └── Untitled.png
│   ├── 5 Windows Architecture 012cf6ad24cc4d18897cd9414c274997.html
│   ├── 50 Parsing PE Headers 7d60ebf31c744655b0a36dbbfcb8e9c1
│   │   ├── pe-parser-109789281-55662de8-c252-427c-b4d0-8245e238ce10.png
│   │   ├── pe-parser-209789466-71cb09b6-7e8f-4694-b9b6-f5064aecfb9c.png
│   │   └── pe-structure.png
│   ├── 50 Parsing PE Headers 7d60ebf31c744655b0a36dbbfcb8e9c1.html
│   ├── 51 String Hashing bda15d26efa8495790b4467721838661
│   │   ├── string-hashing-020876979-d3fbb005-d0d5-4624-a302-9f0f0469d86a.png
│   │   └── string-hashing-109826350-7f0ae4f9-76c6-4293-990a-16ff72de7e0b.png
│   ├── 51 String Hashing bda15d26efa8495790b4467721838661.html
│   ├── 52 IAT Hiding & Obfuscation - Introduction 92083157ed3949938746858848e5ef9d
│   │   └── iat-intro-209847024-7ba7fa01-913d-405a-94c1-6cd28adcee51.png
│   ├── 52 IAT Hiding & Obfuscation - Introduction 92083157ed3949938746858848e5ef9d.html
│   ├── 53 IAT Hiding & Obfuscation - Custom GetProcAddres aa735dbf7a4e4c188c8b6e8f8549cfea
│   │   ├── custom-getproc-109913387-f0fdcc3d-e9aa-48f3-bb97-615758130bad.png
│   │   ├── custom-getproc-209914072-4c8104f3-6208-42c4-8822-479c44d291ce.png
│   │   ├── custom-getproc-309915517-9f411b29-61c3-4104-9d05-7fa8977ddeca.png
│   │   └── ordinals-getproc.png
│   ├── 53 IAT Hiding & Obfuscation - Custom GetProcAddres aa735dbf7a4e4c188c8b6e8f8549cfea.html
│   ├── 54 IAT Hiding & Obfuscation - Custom GetModuleHand 031d95fe35cc41edac2064756d73a043
│   │   ├── custom-getmodule-new-221769848-48118974-d4b7-4a63-b2ce-8802bdec4573.png
│   │   ├── custom-getmodulehandle-021764060-4bc54cbd-29ea-470a-9402-ac2fbd0bb4db.png
│   │   ├── custom-getmodulehandle-110036660-4488defa-47aa-4993-902d-0c97cb1673c0.png
│   │   ├── custom-getmodulehandle-210036220-10ef0096-9099-4066-b6a6-5c5f06cbb4df.png
│   │   ├── custom-getmodulehandle-310037888-cfab12a2-d9ff-4174-9c6e-2cc335d6809e.png
│   │   ├── custom-getmodulehandle-410036660-4488defa-47aa-4993-902d-0c97cb1673c0.png
│   │   ├── custom-getmodulehandle-510041809-92e59481-49dc-4f6c-bc6d-74133ba5fa3b.png
│   │   ├── custom-getmodulehandle-610043506-5d864abe-3528-4e13-bf28-faeba07c12e2.png
│   │   └── msdn-593029583.png
│   ├── 54 IAT Hiding & Obfuscation - Custom GetModuleHand 031d95fe35cc41edac2064756d73a043.html
│   ├── 55 IAT Hiding & Obfuscation - API Hashing 3fe6fb0cde7d41fdb7357575d7685be3
│   │   ├── api-hashing-110060375-e0d6069b-7538-4b31-add1-92f72003f85c.png
│   │   └── api-hashing-210060409-a932736a-ec54-4946-939f-750f44affa19.png
│   ├── 55 IAT Hiding & Obfuscation - API Hashing 3fe6fb0cde7d41fdb7357575d7685be3.html
│   ├── 56 IAT Hiding & Obfuscation - Custom Pseudo Handle b9c801a007204fdfa5e888dc127c744a
│   │   ├── pseudo-handle-124505341-1cca443b-e5d2-4d90-8a75-5f77b08bfe56.png
│   │   ├── pseudo-handle-224505515-1079792a-5685-4051-a364-6a7424d95646.png
│   │   ├── pseudo-handle-324505523-586c63fa-8f52-4564-b01f-a52c3a34524f.png
│   │   ├── pseudo-handle-424505527-99a803e2-eaff-49a3-9ac2-470bc1fb8c69.png
│   │   └── pseudo-handle-524524030-94c0a3e8-71c0-4df6-b4b5-e95b2e76edca.png
│   ├── 56 IAT Hiding & Obfuscation - Custom Pseudo Handle b9c801a007204fdfa5e888dc127c744a.html
│   ├── 57 IAT Hiding & Obfuscation - Compile Time API Has af3ce62d28bb4e0a824b7e3a42315d80
│   │   ├── compile-time-hashing-110127028-dfa23b5b-cc3a-430a-b792-23792ce51c5d.png
│   │   ├── compile-time-hashing-210127200-98154fdf-2810-472c-b3f8-6fa46605955b.png
│   │   ├── compile-time-hashing-310127229-b041b0ac-e48e-4c12-88b5-cc39ce6e0d8e.png
│   │   ├── compile-time-hashing-410127235-cfc37903-ef42-4ab6-8401-d1a20282a479.png
│   │   ├── compile-time-hashing-510127264-113b5309-cdbb-4d86-9c74-7e7a0b0c3918.png
│   │   ├── compile-time-hashing-610127288-887779b6-b023-4a31-8bc7-e76018642b94.png
│   │   ├── compile-time-hashing-710127301-b4ad2456-74a9-4030-893a-d330d35dc25a.png
│   │   └── compile-time-hashing-810127330-fd9124e2-361c-463b-bc4e-7e5ea2dc65a7.png
│   ├── 57 IAT Hiding & Obfuscation - Compile Time API Has af3ce62d28bb4e0a824b7e3a42315d80.html
│   ├── 58 API Hooking - Introduction b43ef4c2f27a4891a09b1ca65a4522fe
│   │   ├── hooking-intro-115247938-09b2e089-3a64-443f-86b1-e147acfe8cdc.png
│   │   └── hooking-intro-215247209-ce8c97aa-3d6f-488e-893c-aea9230f6afa.png
│   ├── 58 API Hooking - Introduction b43ef4c2f27a4891a09b1ca65a4522fe.html
│   ├── 59 API Hooking - Detours Library b06d3c8c1d6040d886472493a5084f2c
│   │   ├── detours-113692112-13168cc0-dd84-4b71-9c9a-c639b6bcd3e8.png
│   │   ├── detours-213692174-164b9d16-059a-4587-a4d2-3e264f3ac539.png
│   │   └── detours-313692221-be94d5d0-34a4-42a9-9545-a4934e5878ef.png
│   ├── 59 API Hooking - Detours Library b06d3c8c1d6040d886472493a5084f2c.html
│   ├── 6 Windows Memory Management 3de16d4bafa34eb19106dd2c5f0ff634
│   │   ├── memory-mgmt-105290746-d5fa58f7-b3d7-4064-98b8-6f7ee5dcc12d.png
│   │   ├── memory-mgmt-205290946-31ab4c35-b0e6-4727-9d45-8e439453207d.png
│   │   ├── memory-mgmt-305293097-6334290e-3d79-4254-9a79-cd7011ca4bbc.png
│   │   ├── memory-mgmt-424394866-a0dead3a-b72b-4600-8003-b8ecc2a27449.png
│   │   ├── memory-mgmt-524394895-7c747075-d866-4ca8-a15f-09cb4fec7e6d.png
│   │   └── virtual-memory.png
│   ├── 6 Windows Memory Management 3de16d4bafa34eb19106dd2c5f0ff634.html
│   ├── 60 API Hooking - Minhook Library c42628518a7f494495b8c3af9e5203f3
│   │   ├── minhook-113692839-29b30634-f82b-49a1-9bbc-9a27277431b2.png
│   │   ├── minhook-213692909-51d8413a-eb9a-44a3-b59c-a43fc6fa5113.png
│   │   └── minhook-313692968-0b322f31-7913-48b2-95bf-15e5088aa0af.png
│   ├── 60 API Hooking - Minhook Library c42628518a7f494495b8c3af9e5203f3.html
│   ├── 61 API Hooking - Custom Code 7e6302f71fe94f6786760d6f2b619236
│   │   ├── custom-trampoline-113731211-c0c71ee9-93b5-4e56-811e-b9595193062f.png
│   │   ├── custom-trampoline-213732622-0d251a96-90b6-43fa-ae02-6bc14b0b6c3e.png
│   │   ├── custom-trampoline-313731997-b35bff75-14b3-4b32-96d7-913132055062.png
│   │   ├── custom-trampoline-413732637-5e2985c7-2bda-4e75-98c4-9ea6e8c1798b.png
│   │   └── custom-trampoline-513732042-e95b475c-72ed-4797-b8e5-4d7cb545f209.png
│   ├── 61 API Hooking - Custom Code 7e6302f71fe94f6786760d6f2b619236.html
│   ├── 62 API Hooking - Using Windows APIs f8ded5cdb10a45bfbadda982993d6bcf
│   │   └── windows-hooks-1223195943-e2c26fe0-45e5-4ef2-b10c-fcadf1933528.png
│   ├── 62 API Hooking - Using Windows APIs f8ded5cdb10a45bfbadda982993d6bcf.html
│   ├── 63 Syscalls - Introduction b8f710a9d1a64edeac1abd028752da3c
│   │   ├── syscall-intro-221095509-588e2694-4323-4de4-a929-01a0fc209ff0.png
│   │   ├── syscall-intro-321109035-b09edb7e-5ecb-4c6f-96d5-de081603d047.png
│   │   ├── syscalls-intro-213904491-110e794d-616f-4239-8a0a-96c2d2be77df.png
│   │   ├── syscalls-intro-313903469-08ed9596-55bd-4c09-b39b-dc1f8e169d49.png
│   │   └── syscalls-intro-413903414-69957a37-e317-4913-aa29-d9720b6f9eb4.png
│   ├── 63 Syscalls - Introduction b8f710a9d1a64edeac1abd028752da3c.html
│   ├── 64 Syscalls - Userland Hooking 874286351a4a4dc0a89d688487b2f698
│   │   ├── syscalls-userland-hooks-113914292-072b98f1-dd82-4ccc-b111-2a2ae6475fee.png
│   │   ├── syscalls-userland-hooks-213914403-878e7988-5106-49dd-95fd-11c10c1ef47b.png
│   │   ├── syscalls-userland-hooks-313917466-28dfea35-3e7d-489f-9575-9232fc742b47.png
│   │   ├── syscalls-userland-hooks-413917672-f8a15753-f95d-4236-98e0-d5e4bceec18e.png
│   │   ├── syscalls-userland-hooks-516898739-a3e3c7e6-68d7-4e8f-a424-15137d79eda1.png
│   │   └── syscalls-userland-hooks-616902643-50621da8-9220-413d-9a46-ffcb980caf4f.png
│   ├── 64 Syscalls - Userland Hooking 874286351a4a4dc0a89d688487b2f698.html
│   ├── 65 Syscalls - SysWhispers b0330e613e8f4441bb581226cf7412ea
│   │   ├── syswhipsers2-syscall-search.png
│   │   └── syswhispers-314041015-7c969ae9-8b74-46a5-bf36-2c6bbedad332.png
│   ├── 65 Syscalls - SysWhispers b0330e613e8f4441bb581226cf7412ea.html
│   ├── 66 Syscalls - Hell's Gate d6268c1cdf0f4709ae05a196f475974b
│   │   ├── hellsgate-114089998-966e34f8-c59b-4b3a-8c84-8d6014001a19.png
│   │   ├── hellsgate-214097117-16ca9e20-17b3-427c-b0b0-b0e7ec78191c.png
│   │   ├── hellsgate-314099314-0029aee9-f8c2-4436-a740-4c2964a952be.png
│   │   └── hellsgate-414099901-48434135-7e83-4cd5-aea6-94d1ef75f652.png
│   ├── 66 Syscalls - Hell's Gate d6268c1cdf0f4709ae05a196f475974b.html
│   ├── 67 Syscalls - Reimplementing Classic Injection a51528df7b4045359976f170fab7b5ef
│   │   ├── syscalls-classic-114349632-de44115a-3e9f-450f-bb37-f0bff7776d5f.png
│   │   ├── syscalls-classic-214351708-4ba6253b-4713-4fed-8711-e8cb0766938e.png
│   │   ├── syscalls-classic-314352187-6786f4d7-1ae2-4e6b-94ce-8f8087d223df.png
│   │   ├── syscalls-classic-414353258-3fbf4ead-ce9c-4083-805a-ae5ced08213e.png
│   │   ├── syscalls-classic-514353606-1e3d5862-fc03-4247-b03e-493b07f3a1ce.png
│   │   ├── syscalls-classic-618293274-8d259f06-efa2-4254-886c-ce14500fb65d.png
│   │   ├── syscalls-classic-714361294-3e6b766a-57cc-4a05-b788-fe53e9cdc3c2.png
│   │   ├── syscalls-classic-814362613-395c4f9f-05c5-4a0a-9325-4f2deedaf1b7.png
│   │   ├── syscalls-classic-914361542-8212a53a-8c06-4a9f-ba93-4bf8add3ab35.png
│   │   └── syscalls-classic-9214363039-c409bb06-27a1-433e-a06b-3617828b68d4.png
│   ├── 67 Syscalls - Reimplementing Classic Injection a51528df7b4045359976f170fab7b5ef.html
│   ├── 68 Syscalls - Reimplementing Mapping Injection 2f2302d29c4b4300bc09befcc91e503c
│   │   ├── syscall-mapping-114492060-65bb4d32-e61b-4489-b768-f4ef6629282c.png
│   │   ├── syscall-mapping-214533288-cc53802f-345d-4eb3-896a-fb4d7dc61b27.png
│   │   ├── syscall-mapping-314533763-efe02370-e08e-4d13-9c4c-884931855bdc.png
│   │   ├── syscall-mapping-414534077-da2c3b3e-fcac-4691-9e1e-261b6380e7cb.png
│   │   └── syscall-mapping-514534407-34d19c71-70d1-4669-99c0-6b3ce6a64d9e.png
│   ├── 68 Syscalls - Reimplementing Mapping Injection 2f2302d29c4b4300bc09befcc91e503c.html
│   ├── 69 Syscalls - Reimplementing APC Injection 4134d6cae4f8487384888ad519adc700
│   │   ├── syscall-apc-114387928-a6054f8c-8590-49cb-a97e-6eb4d7e2870e.png
│   │   └── syscall-apc-214388088-5de280c3-8fd2-4546-9127-c058c373757b.png
│   ├── 69 Syscalls - Reimplementing APC Injection 4134d6cae4f8487384888ad519adc700.html
│   ├── 7 Introduction To The Windows API fe26cafbdf464e039dabea74013cf65d.html
│   ├── 70 Anti-Analysis - Introduction f00a576434474763babcbad9fb8b988c.html
│   ├── 71 Anti-Debugging - Multiple Techniques 6e238e4d6c414f8f93da7cc5af419566
│   │   ├── anti-debugging-115282576-1557ca5f-2841-4a0f-ad73-63c30e03c843.png
│   │   ├── anti-debugging-215283166-37faff36-628c-43e4-aaf1-e41ad6310dd9.png
│   │   ├── anti-debugging-315282633-6d0bf541-7327-42b9-af79-0b9f9489cd68.png
│   │   └── anti-debugging-415305654-6593a2cd-5fc1-4f8c-b4dc-9f4eb55c47b6.png
│   ├── 71 Anti-Debugging - Multiple Techniques 6e238e4d6c414f8f93da7cc5af419566.html
│   ├── 72 Anti-Debugging - Self-Deletion 97e7cad56b8d474b97988fb7c91703d5
│   │   ├── self-deletion-115320077-5c34dcbb-2e0e-461d-b8e5-a1b34d72b139.png
│   │   ├── self-deletion-215320748-1964cf44-c332-443a-9f52-465aa7ffe9be.png
│   │   ├── self-deletion-315324185-4157dabc-fe41-4a40-b1ce-caf4c3a19c1f.png
│   │   ├── self-deletion-415326977-a40ef9d4-4c54-4c0b-b02c-c3396e24a221.png
│   │   └── self-deletion-6222060992-0b642d05-e871-4ed1-b2f0-a634796ea284.png
│   ├── 72 Anti-Debugging - Self-Deletion 97e7cad56b8d474b97988fb7c91703d5.html
│   ├── 73 Anti-Virtual Environments - Multiple Techniques d3a43bd340604f059172e28fd60e8dd3.html
│   ├── 74 Anti-Virtual Environments - Multiple Delay Exec 1a52c1ea94be40948ad1a4b786256621
│   │   └── delays-115710473-e0af0c25-7535-41ad-80a9-ac2be198e68f.png
│   ├── 74 Anti-Virtual Environments - Multiple Delay Exec 1a52c1ea94be40948ad1a4b786256621.html
│   ├── 75 Anti-Virtual Environments - API Hammering 65a79f843fa44243b4b53e9890141f43
│   │   ├── api-hammering-115849002-8f48543a-45d1-46bf-b740-5362f2ae7dc2.png
│   │   └── api-hammering-215850112-05e21d3e-12a5-45c8-8d0f-31e466a2eae7.png
│   ├── 75 Anti-Virtual Environments - API Hammering 65a79f843fa44243b4b53e9890141f43.html
│   ├── 76 Binary Entropy Reduction e582eb6f4c64486f9a656a5b9e9d993b
│   │   ├── entropy-reduction-123023359-a3cbf186-3de6-4628-b920-1d7a8efdb169.png
│   │   ├── entropy-reduction-223028955-48be70b5-ea5e-43ab-97fa-904c32dd00ea.png
│   │   ├── entropy-reduction-323049334-8251f557-fc19-4eb4-92e8-f2bfb45edfae.png
│   │   └── entropy-reduction-423140943-cb067a49-080a-465d-ba8a-d44941e56b60.png
│   ├── 76 Binary Entropy Reduction e582eb6f4c64486f9a656a5b9e9d993b.html
│   ├── 77 Brute Force Decryption c467f2224963495388bded186d572805
│   │   ├── bruteforce-decryption-115958551-66287afd-396c-4beb-8255-0c330764cde5.png
│   │   ├── bruteforce-decryption-215972490-3457c0b5-833b-477d-a95d-ead9522e32be.png
│   │   └── bruteforce-decryption-315973990-7836fe71-fbb0-49a1-82e0-dbca3bccedbd.png
│   ├── 77 Brute Force Decryption c467f2224963495388bded186d572805.html
│   ├── 78 MalDev Academy Tool - KeyGuard 9ed61e52dac94108a2301370dbefb62a
│   │   ├── keyguard-116004022-69d0f001-ad32-4fd2-aec8-669c50c3d93d.png
│   │   ├── keyguard-216006045-84544960-079a-4c5c-9ac0-c4e31ba80dbc.png
│   │   └── keyguard-316007780-4cc95a19-5f8c-48db-99e6-defa90b83820.png
│   ├── 78 MalDev Academy Tool - KeyGuard 9ed61e52dac94108a2301370dbefb62a.html
│   ├── 79 CRT Library Removal & Malware Compiling b216a9e9d29b4590896568ead8916d65
│   │   ├── crt-11.png
│   │   ├── crt-116939162-63627c0c-8e3c-4a1f-a7f3-0b2450c9e7dc.png
│   │   ├── crt-12.png
│   │   ├── crt-13.png
│   │   ├── crt-14.png
│   │   ├── crt-15.png
│   │   ├── crt-16.png
│   │   ├── crt-17.png
│   │   ├── crt-18.png
│   │   ├── crt-19.png
│   │   ├── crt-20.png
│   │   ├── crt-21.png
│   │   ├── crt-216062571-e46c5ade-4aa5-4d7f-8d8a-5562af6a5229.png
│   │   ├── crt-22.png
│   │   ├── crt-23.png
│   │   ├── crt-24.png
│   │   ├── crt-25.png
│   │   ├── crt-26.png
│   │   ├── crt-27.png
│   │   ├── crt-28.png
│   │   ├── crt-29.png
│   │   ├── crt-30.png
│   │   ├── crt-416058406-95d621d1-1329-47b2-8750-ebbcef912dc8.png
│   │   ├── crt-716065105-1ba22df8-af64-483a-8a38-803b75bb4ae4.png
│   │   ├── crt-816073627-98d49140-e86d-4622-88c8-a40f9a9db79c.png
│   │   └── crt-916075724-73b3ba91-3a72-4f93-9dd8-0ee03cd3fe2d.png
│   ├── 79 CRT Library Removal & Malware Compiling b216a9e9d29b4590896568ead8916d65.html
│   ├── 8 Portable Executable Format a919d24f6aa94a2698766ef3f0bf5f21
│   │   └── pe-structure.png
│   ├── 8 Portable Executable Format a919d24f6aa94a2698766ef3f0bf5f21.html
│   ├── 80 IAT Camouflage b3a2763284464e8f92ccbb50130694b4
│   │   ├── iat-camo-0222202369-4ec0c257-3f73-4563-8611-6a367e668455.png
│   │   ├── iat-camo-116296566-e54ef1c8-582f-4114-8f76-7992d4c69358.png
│   │   ├── iat-camo-216316282-a383829c-9589-4081-a581-9bedc4f4f3f8.png
│   │   └── iat-camo-316322305-990ecd45-33a8-45d7-8f93-826ef0d18ad3.png
│   ├── 80 IAT Camouflage b3a2763284464e8f92ccbb50130694b4.html
│   ├── 81 Bypassing AVs c8b98ed828814f89b8db2d5ac5a9c230
│   │   ├── av-bypass-10.png
│   │   ├── av-bypass-11.png
│   │   ├── av-bypass-116769871-25449179-cdfb-412b-899f-1744ac77246b.png
│   │   ├── av-bypass-12.png
│   │   ├── av-bypass-13.png
│   │   ├── av-bypass-14.png
│   │   ├── av-bypass-15.png
│   │   ├── av-bypass-16.png
│   │   ├── av-bypass-17.png
│   │   ├── av-bypass-18.png
│   │   ├── av-bypass-216782299-f2e9c796-2d79-42e9-b69d-6e4277f531f4.png
│   │   ├── av-bypass-416782441-c87f902c-af70-4657-ad39-93d2f977673b.png
│   │   ├── av-bypass-616804411-39794aab-14d5-439c-9f30-2ed26efe8dce.png
│   │   ├── av-bypass-716812124-de717043-aa23-40c9-8058-f0ae0c06f407.png
│   │   ├── av-bypass-816812885-3a8e28cd-22cb-42f0-9673-9d58ea2471da.png
│   │   └── av-bypass-916815114-a9254939-9382-4dfe-8c32-54f871d9fc47.png
│   ├── 81 Bypassing AVs c8b98ed828814f89b8db2d5ac5a9c230.html
│   ├── 82 Introduction To EDRs f4827eb5fb1d4d198d575a5ad670624c
│   │   ├── amsi-functions.png
│   │   ├── edr-dashboard.png
│   │   ├── intro-edr-120017985-26bd0e42-0d73-4b1f-81da-b14b76e9efef.png
│   │   ├── intro-edr-219966477-a29ed0b1-e7af-4e89-8461-98d570ab8e1b.png
│   │   ├── intro-edr-320010420-0de272ee-4b02-4394-b79f-6bd29770d8da.png
│   │   └── intro-edr-419941044-badc629b-fa34-4dfc-95e4-db9f22c94612.png
│   ├── 82 Introduction To EDRs f4827eb5fb1d4d198d575a5ad670624c.html
│   ├── 83 NTDLL Unhooking - Introduction e62fdd6d30884ac798da2ab3901442cc
│   │   ├── ntdll-unhooking-intro-118247087-fa554dbf-e85f-4d02-b855-2dce40f2e352.png
│   │   └── ntdll-unhooking-intro-218247984-f05b2000-b273-433a-8a71-740554180e3f.png
│   ├── 83 NTDLL Unhooking - Introduction e62fdd6d30884ac798da2ab3901442cc.html
│   ├── 84 NTDLL Unhooking - From Disk 8aeadeff47ae40f2bf190a32b0678f0a
│   │   ├── ntdll-unhooking-disk-10.png
│   │   ├── ntdll-unhooking-disk-118295799-85ce595b-6772-44bf-b764-0ba034284c2e.png
│   │   ├── ntdll-unhooking-disk-218424594-28bea557-3659-4d92-84e2-fc56907510dd.png
│   │   ├── ntdll-unhooking-disk-318424215-3ec0d749-437d-42cb-b138-c925ad1be481.png
│   │   ├── ntdll-unhooking-disk-418457505-d1001776-7d96-4177-9320-4fa80908827f.png
│   │   ├── ntdll-unhooking-disk-518457513-3ccc44f1-e96f-489c-a4fb-a4f455b4093d.png
│   │   ├── ntdll-unhooking-disk-618457520-f7c9130c-70bb-48a1-ab62-7c875e3d9daa.png
│   │   ├── ntdll-unhooking-disk-718459846-589d3a07-a934-4d32-bbdb-45bb2c91d748.png
│   │   ├── ntdll-unhooking-disk-818459854-9d1de617-884f-441b-85c1-173868f4aad3.png
│   │   ├── ntdll-unhooking-disk-918459862-619987f0-38ee-48c7-90f3-45b506f7342f.png
│   │   ├── ntdll-unhooking-disk-new-1.png
│   │   ├── ntdll-unhooking-disk-new-2.png
│   │   ├── ntdll-unhooking-disk-new-3.png
│   │   ├── ntdll-unhooking-disk-new-4.png
│   │   ├── ntdll-unhooking-disk-new-5.png
│   │   └── ntdll-unhooking-disk-new-6.png
│   ├── 84 NTDLL Unhooking - From Disk 8aeadeff47ae40f2bf190a32b0678f0a.html
│   ├── 85 NTDLL Unhooking - From KnownDlls Directory db89a0c0abe54a799e9816e7a2237546
│   │   ├── ntdll-unhooking-knowndlls-118473010-cd9df141-2f08-47f7-a57e-fdd53ee6ab30.png
│   │   ├── ntdll-unhooking-knowndlls-218529831-d561ae0a-5e2b-4da9-9eb6-a4301c970693.png
│   │   ├── ntdll-unhooking-knowndlls-318529838-7c90c7e7-efd9-4dcb-965f-0b562e1e32d5.png
│   │   ├── ntdll-unhooking-knowndlls-418529851-010d8412-8dce-4855-bfb8-fb083f7a15ee.png
│   │   └── ntdll-unhooking-knowndlls-518529888-b486838f-b284-46e5-83d4-54cfe050fed0.png
│   ├── 85 NTDLL Unhooking - From KnownDlls Directory db89a0c0abe54a799e9816e7a2237546.html
│   ├── 86 NTDLL Unhooking - From a Suspended Process b586e5f76b064f63a867c116853ff11a
│   │   ├── ntdll-suspended-process-118639361-38c2053c-1ce0-4432-996e-539a04a34786.png
│   │   ├── ntdll-suspended-process-218648672-32764e8b-364c-43a0-8dd7-b3e94c7f2420.png
│   │   ├── ntdll-suspended-process-318679682-0ba9b734-e1e7-4896-90d6-d05ada1ee9f7.png
│   │   ├── ntdll-suspended-process-418679690-a8faac4b-bb48-4d37-939d-70ca1a9711a2.png
│   │   ├── ntdll-suspended-process-518679693-f19b0159-5abb-4c98-88c0-091ea2cdfa31.png
│   │   └── ntdll-suspended-process-618679699-59d3f22d-e8a0-4d1d-9a61-85a48845db8b.png
│   ├── 86 NTDLL Unhooking - From a Suspended Process b586e5f76b064f63a867c116853ff11a.html
│   ├── 87 NTDLL Unhooking - From a Web Server d1bcc5c3167c43088e31dd211efded76
│   │   ├── ntdll-unhooking-server-10.png
│   │   ├── ntdll-unhooking-server-11.png
│   │   ├── ntdll-unhooking-server-118739986-88f6cb96-f2b6-4b20-8b93-7d32de908cb8.png
│   │   ├── ntdll-unhooking-server-218741853-fb112eb2-6058-4c09-bf31-6361daeb1dad.png
│   │   ├── ntdll-unhooking-server-318747866-fb9bb405-fce4-46b1-9797-a0787569d065.png
│   │   ├── ntdll-unhooking-server-418747883-88d09ac7-5a26-4428-858a-5e38577d3ed5.png
│   │   ├── ntdll-unhooking-server-518748318-85fde875-9b04-4087-99d7-99135d1fe75d.png
│   │   ├── ntdll-unhooking-server-618750624-b5511b03-9f66-42c6-ae0c-8262c7f9c7fb.png
│   │   ├── ntdll-unhooking-server-718816620-fdcedd74-65d6-49a9-b7b8-b83eb8d59b68.png
│   │   ├── ntdll-unhooking-server-818817840-42eb37ed-c3fb-4bfc-a990-a79ea05fc69a.png
│   │   └── ntdll-unhooking-server-918817843-e8ec2cca-a951-40e3-af75-14129cab4db5.png
│   ├── 87 NTDLL Unhooking - From a Web Server d1bcc5c3167c43088e31dd211efded76.html
│   ├── 88 Updating Hell's Gate fe07144871284371a5c31d710c3c2a4f
│   │   ├── hellsgate-update-10.png
│   │   ├── hellsgate-update-11.png
│   │   ├── hellsgate-update-118970171-6a388cdf-2e50-4441-8013-d4fb0afcd03a.png
│   │   ├── hellsgate-update-12.png
│   │   ├── hellsgate-update-13.png
│   │   ├── hellsgate-update-14.png
│   │   ├── hellsgate-update-15.png
│   │   ├── hellsgate-update-16.png
│   │   ├── hellsgate-update-17.png
│   │   ├── hellsgate-update-218996854-1d20335d-ebc6-4c6c-b2a2-e8f584ac85b3.png
│   │   ├── hellsgate-update-318996340-a18adfb0-0cbe-4ac2-a5cd-b504f8f60525.png
│   │   ├── hellsgate-update-418994573-eaf74f3a-647c-44a2-9ce2-ac97916a9b12.png
│   │   ├── hellsgate-update-518995420-b4dc7adb-c5f2-4a38-99a1-cfb1e845f300.png
│   │   ├── hellsgate-update-619273167-9a251b35-1cb2-477a-80ba-b5ac9c0093a5.png
│   │   ├── hellsgate-update-719008069-88be2bdc-b34e-4a9b-a338-91df90cd51a2.png
│   │   ├── hellsgate-update-819042962-afbc121a-d298-419a-b1e5-89eef05d8fa9.png
│   │   └── hellsgate-update-919042983-21be24a2-1648-4a06-afe5-d08ededb7b0e.png
│   ├── 88 Updating Hell's Gate fe07144871284371a5c31d710c3c2a4f.html
│   ├── 89 Indirect Syscalls - HellsHall 94f45eeb837f4eb6829f55eb1d6c20dc
│   │   ├── indirect-syscalls-119305197-c35a0c2c-fc29-4153-ada5-aa88d131996d.png
│   │   ├── indirect-syscalls-219308096-e7b35871-ecc6-4b5a-9bf4-b7c3336002f0.png
│   │   ├── indirect-syscalls-319330695-e31df2e8-be16-4b00-a1b7-81fd36bfc967.png
│   │   ├── indirect-syscalls-419334075-bc9f1b1c-0c8c-49e4-988d-153d35a71ebd.png
│   │   ├── indirect-syscalls-519334085-48c45634-cf64-478d-9091-932eb275f419.png
│   │   ├── indirect-syscalls-619334089-413a5cbd-32fb-457b-8546-6f5f2036c320.png
│   │   ├── indirect-syscalls-719334094-24709fd0-3009-44af-bef7-acf53e0c7872.png
│   │   └── indirect-syscalls-819334105-80f7d3a7-1de2-45bd-81e3-e2703efd8b2e.png
│   ├── 89 Indirect Syscalls - HellsHall 94f45eeb837f4eb6829f55eb1d6c20dc.html
│   ├── 9 Dynamic-Link Library 81450f1651f74297aa2208e1dc397a4b
│   │   ├── create-dll-1.png
│   │   ├── create-dll-2.png
│   │   ├── create-dll-3-1.png
│   │   ├── create-dll-3.png
│   │   ├── create-dll-4.png
│   │   ├── create-dll-5.png
│   │   ├── create-dll-6.png
│   │   ├── dll-new-221233432-97a38697-bd82-45f8-ad5f-90d674de8b17.png
│   │   └── loaded-libraries.png
│   ├── 9 Dynamic-Link Library 81450f1651f74297aa2208e1dc397a4b.html
│   ├── 90 Block DLL Policy cf46e560a7fc47bcbb2c0ad81f874be6
│   │   ├── block-dll-119432594-98c5ac96-6827-4bd5-b1bd-8101251cf1ef.png
│   │   ├── block-dll-219450935-66de904e-890a-40f4-87ef-d521b44ab53d.png
│   │   └── block-dll-319450939-a6401c36-a633-4068-871e-6e3ea6768da4.png
│   ├── 90 Block DLL Policy cf46e560a7fc47bcbb2c0ad81f874be6.html
│   ├── 91 Diving Into NtCreateUserProcess 9128d84d1c2f49939aeffccbc228565b
│   │   ├── ntcreateuserprocess-119551140-8b599665-05e6-44b7-829c-fc1d43d6437d.jpg
│   │   ├── ntcreateuserprocess-219843832-69179def-33c9-4145-a2cc-5b876df3d410.png
│   │   ├── ntcreateuserprocess-319843814-83b44231-2b26-4236-8764-c0aab559838d.png
│   │   ├── ntcreateuserprocess-419843782-b85fa358-4019-49dd-856f-605170af0661.png
│   │   ├── ntcreateuserprocess-526114852-0ea90178-69cb-4383-98c2-796ffb348451.png
│   │   ├── ntcreateuserprocess-626114907-67b9501b-6e77-42b2-98a1-f7eac8e3021c.png
│   │   ├── ntcreateuserprocess-719850092-b93a1079-dfe7-4a3c-9db5-bc00c30df0b6.png
│   │   ├── ntcreateuserprocess-819850671-388c86f6-beb3-4009-b03d-2854ea61312e.png
│   │   └── ntcreateuserprocess-919850979-2cf51837-c6e8-448b-a038-ab24fb7007a0.png
│   ├── 91 Diving Into NtCreateUserProcess 9128d84d1c2f49939aeffccbc228565b.html
│   ├── darkside.txt
│   ├── michael-black-a5.jpg
│   └── trick-or-treat-6474735-5349184.png
├── MALWARE 8b74ccffb7e64efea30e3da4d919418d.html
├── Tut4Biz-LatestInternetMarketingForU.url
├── Tut4Sec-LatestSecurityTraining.url
├── UsefulWebsites.url
└── darkside.txt

82 directories, 487 files

DOWNLOAD


CONTACT FOR UPDATES
XMPP: [email protected]
PM: @randomuser

Thanks for the link !
Reply
I'm very interested. Thank you very much.
Reply
(01-04-2024, 09:41 AM)randomuser Wrote: SOURCE
Quote:https://maldevacademy.com/

CONTENTS
Quote:MalDevAcademy.5.7 % tree
├── MALWARE 8b74ccffb7e64efea30e3da4d919418d
│   ├── 1 Welcome Module 50a6834777ae4e8fa6f48331845a779e.html
│   ├── 10 Detection Mechanisms 8ac0fec121da4288a3f820552bfc3af0
│   │   ├── api-hooking.png
│   │   └── dumpbin-imports.png
│   ├── 10 Detection Mechanisms 8ac0fec121da4288a3f820552bfc3af0.html
│   ├── 11 Windows Processes c1d189721d41469b89798a788d0ac581.html
│   ├── 12 Undocumented Structures a1b1542a827d4ff2a42d99a97ef9e01d
│   │   └── undocumented-structs-1224531910-413779d5-2e1d-4813-a545-c690892da2bd.png
│   ├── 12 Undocumented Structures a1b1542a827d4ff2a42d99a97ef9e01d.html
│   ├── 13 Payload Placement - data & rdata Sections d402fbf89962436285694d655c54d6c3
│   │   ├── data-section.png
│   │   ├── dumpbin-1.png
│   │   └── dumpbin-2.png
│   ├── 13 Payload Placement - data & rdata Sections d402fbf89962436285694d655c54d6c3.html
│   ├── 14 Payload Placement - text Section 7d566afd50194164979afb40c3c311f3
│   │   └── text-section.png
│   ├── 14 Payload Placement - text Section 7d566afd50194164979afb40c3c311f3.html
│   ├── 15 Payload Placement - rsrc Section c6369f39745844c8af17d37db5a75eac
│   │   ├── rsrc-1.png
│   │   ├── rsrc-2.png
│   │   ├── rsrc-3.png
│   │   ├── rsrc-4.png
│   │   ├── rsrc-5.png
│   │   ├── rsrc-6.png
│   │   ├── rsrc-7.png
│   │   ├── rsrc-8.png
│   │   ├── rsrc-payload.png
│   │   └── rsrc-tmpbuffer.png
│   ├── 15 Payload Placement - rsrc Section c6369f39745844c8af17d37db5a75eac.html
│   ├── 16 Introduction To Payload Encryption 090b0d4bea194239a37c73d3e3b9124f.html
│   ├── 17 Payload Encryption - XOR e07626c543ae4bc387b1936bee6fbc00.html
│   ├── 18 Payload Encryption - RC4 ff80fad2bcc74e798b270bb1fddd1be2.html
│   ├── 19 Payload Encryption - AES Encryption fa2ab3c6213d4a12a1394be735833ec7
│   │   ├── encryption-new-225952410-4a747a9a-ef94-479c-be3b-d6ae5e8de27f.png
│   │   ├── encryption-new-225953480-03161b1a-119f-4c97-9b9e-11745047a214.png
│   │   ├── iat-aes.png
│   │   └── iat-no-winapis.png
│   ├── 19 Payload Encryption - AES Encryption fa2ab3c6213d4a12a1394be735833ec7.html
│   ├── 2 Introduction To Malware Development 59fd7e6d7aee4b73ba2fbaf1fedc5f76.html
│   ├── 20 Evading Microsoft Defender Static Analysis ae933861119142d192c7c88c47e0c256
│   │   ├── aes-shellcode-defender.png
│   │   ├── raw-shellcode-defender.png
│   │   ├── rc4-shellcode-defender.png
│   │   └── xor-shellcode-defender.png
│   ├── 20 Evading Microsoft Defender Static Analysis ae933861119142d192c7c88c47e0c256.html
│   ├── 21 Payload Obfuscation - IPv4 IPv6Fuscation 9f7b77eecf01460d8d898195f70f4790
│   │   ├── ipv4fuscation.png
│   │   └── ipv6fuscation.png
│   ├── 21 Payload Obfuscation - IPv4 IPv6Fuscation 9f7b77eecf01460d8d898195f70f4790.html
│   ├── 22 Payload Obfuscation - MACFucscation 8acebc37c16548f2a0279babcac9f579
│   │   └── macfuscation.png
│   ├── 22 Payload Obfuscation - MACFucscation 8acebc37c16548f2a0279babcac9f579.html
│   ├── 23 Payload Obfuscation - UUIDFuscation 1c2f59cabc354005973cf3e7692586c7
│   │   ├── uuid.png
│   │   └── uuidfuscation.png
│   ├── 23 Payload Obfuscation - UUIDFuscation 1c2f59cabc354005973cf3e7692586c7.html
│   ├── 24 Maldev Academy Tool - HellShell 1c00f7dd2c7547de89956f25a050ea22
│   │   └── hellshell.png
│   ├── 24 Maldev Academy Tool - HellShell 1c00f7dd2c7547de89956f25a050ea22.html
│   ├── 25 Maldev Academy Tool - MiniShell 2e5e50eff60245dd81620925222710d4
│   │   └── minishell-updated.png
│   ├── 25 Maldev Academy Tool - MiniShell 2e5e50eff60245dd81620925222710d4.html
│   ├── 26 Local Payload Execution - DLL 047762d5d58a43308c08affcede128f9
│   │   ├── create-a-dll.png
│   │   ├── dll-injection-execution.png
│   │   └── task-manager-dll.png
│   ├── 26 Local Payload Execution - DLL 047762d5d58a43308c08affcede128f9.html
│   ├── 27 Local Payload Execution - Shellcode e1f075df7aa84bcd8b475e875c589a9b
│   │   ├── local-shellcode-injection-1.png
│   │   ├── local-shellcode-injection-2.png
│   │   ├── local-shellcode-injection-3.png
│   │   ├── local-shellcode-injection-4.png
│   │   ├── local-shellcode-injection-5.png
│   │   └── local-shellcode-injection-6.png
│   ├── 27 Local Payload Execution - Shellcode e1f075df7aa84bcd8b475e875c589a9b.html
│   ├── 28 Process Injection - DLL Injection 673245a70556420cb999c1f1cc2723a9
│   │   ├── remote-dll-injection-1.png
│   │   ├── remote-dll-injection-2.png
│   │   ├── remote-dll-injection-3.png
│   │   ├── remote-dll-injection-4.png
│   │   ├── remote-dll-injection-5.png
│   │   ├── remote-dll-injection-6.png
│   │   └── remote-dll-injection-7.png
│   ├── 28 Process Injection - DLL Injection 673245a70556420cb999c1f1cc2723a9.html
│   ├── 29 Process Injection - Shellcode Injection 462956fe40674d56baa665523f37bdf2
│   │   ├── remote-shellcode-injection-1.png
│   │   ├── remote-shellcode-injection-2.png
│   │   ├── remote-shellcode-injection-3.png
│   │   ├── remote-shellcode-injection-4.png
│   │   ├── remote-shellcode-injection-5.png
│   │   ├── remote-shellcode-injection-6.png
│   │   ├── remote-shellcode-injection-7.png
│   │   └── remote-shellcode-injection-8.png
│   ├── 29 Process Injection - Shellcode Injection 462956fe40674d56baa665523f37bdf2.html
│   ├── 3 Required Tools 4fe7ff0b0d174fa5a6d1ce0fd98d3197
│   │   ├── Untitled 1.png
│   │   ├── Untitled 2.png
│   │   ├── Untitled 3.png
│   │   ├── Untitled 4.png
│   │   └── Untitled.png
│   ├── 3 Required Tools 4fe7ff0b0d174fa5a6d1ce0fd98d3197.html
│   ├── 30 Payload Staging - Web Server eda456e5264144a5896120955cee9540
│   │   ├── python-http-server-2.png
│   │   ├── python-http-server.png
│   │   ├── staging-demo-1.png
│   │   ├── staging-demo-2.png
│   │   └── staging-github.png
│   ├── 30 Payload Staging - Web Server eda456e5264144a5896120955cee9540.html
│   ├── 31 Payload Staging - Windows Registry e777de605e884adf970e64206c5d249f
│   │   ├── registry-demo-1.png
│   │   ├── registry-demo-2.png
│   │   ├── registry-demo-3.png
│   │   ├── registry-img.png
│   │   ├── registry-new-string-value.png
│   │   ├── registry-read-demo-1.png
│   │   ├── registry-read-demo-2.png
│   │   └── registry-read-demo-3.png
│   ├── 31 Payload Staging - Windows Registry e777de605e884adf970e64206c5d249f.html
│   ├── 32 Malware Binary Signing fe21c309a829423fa32229958b372dac
│   │   ├── maldev-properties.png
│   │   ├── pfx-creation.png
│   │   ├── sign.png
│   │   ├── vt-1.png
│   │   └── vt-2.png
│   ├── 32 Malware Binary Signing fe21c309a829423fa32229958b372dac.html
│   ├── 33 Process Enumeration - EnumProcesses 68c6d61e1bea4011b331a89d300322f9
│   │   ├── enumprocesses-108501303-c0dfa0d8-5e73-431e-9f5f-3cea0bb217be.png
│   │   └── enumprocesses-208500959-341d233b-4852-463e-8108-6d6e4c109416.png
│   ├── 33 Process Enumeration - EnumProcesses 68c6d61e1bea4011b331a89d300322f9.html
│   ├── 34 Process Enumeration - NtQuerySystemInformation 70484231965b41108520d9f766477b6f
│   │   ├── nt-108508463-27e8a0b8-4d4e-4391-bf1d-8d75ad2567d3.png
│   │   ├── nt-208666134-5c070d23-50f4-4e1d-978f-11122892a9c3.png
│   │   └── nt-308665154-9c8bdf73-bfb4-40b5-a39f-3b6ee2044076.png
│   ├── 34 Process Enumeration - NtQuerySystemInformation 70484231965b41108520d9f766477b6f.html
│   ├── 35 Thread Hijacking - Local Thread Creation dfbe368a13a84ee793d9772723c40623
│   │   ├── threadhijack-208833406-0c1bb9f4-9a41-46e0-a2d5-b05f71c6c287.png
│   │   ├── threadhijack-308833564-0000d447-c970-40d8-8be3-8da70b63f30f.png
│   │   └── threadhijack-408833616-43a64b68-f30e-466c-a4c6-4d48289c0158.png
│   ├── 35 Thread Hijacking - Local Thread Creation dfbe368a13a84ee793d9772723c40623.html
│   ├── 36 Thread Hijacking - Remote Thread Creation 8810a50599cc4cb7a0915dadf5cabe29
│   │   └── rthread-hijack-108970868-ca84b0fe-ce83-447e-b7a1-4116559bc414.png
│   ├── 36 Thread Hijacking - Remote Thread Creation 8810a50599cc4cb7a0915dadf5cabe29.html
│   ├── 37 Thread Hijacking - Local Thread Enumeration 0e5417dc3f844a68aa319deb6a376ce9
│   │   ├── tenum-0209185998-74b97dca-e541-401d-b700-b45852e7564a.png
│   │   ├── tenum-109188468-94e7741b-8953-4079-8a7c-8ab3cc449779.png
│   │   └── tenum-209188936-9a4de3fe-fd13-4a25-b343-153a59ea894b.png
│   ├── 37 Thread Hijacking - Local Thread Enumeration 0e5417dc3f844a68aa319deb6a376ce9.html
│   ├── 38 Thread Hijacking - Remote Thread Enumeration 0856586d8db7435fadc7ae2b918da7b2
│   │   ├── renum-109196659-5f5a1b94-3074-4774-8271-03a07b5f2c04.png
│   │   ├── renum-209196664-c43d380c-79ab-48c1-97c9-396c3c2b7c4d.png
│   │   └── renum-309196669-ebbdc23d-e0c2-436c-ac73-70f18c971c3b.png
│   ├── 38 Thread Hijacking - Remote Thread Enumeration 0856586d8db7435fadc7ae2b918da7b2.html
│   ├── 39 APC Injection 86545b9163834568b0a197adc696666e
│   │   ├── apc-demo-1-109284381-1875d55b-1574-4421-b4e9-6f6948a5a316.png
│   │   ├── apc-demo-1-209284381-1875d55b-1574-4421-b4e9-6f6948a5a316.png
│   │   ├── apc-demo-2-109284381-1875d55b-1574-4421-b4e9-6f6948a5a316.png
│   │   └── apc-demo-2-209284381-1875d55b-1574-4421-b4e9-6f6948a5a316.png
│   ├── 39 APC Injection 86545b9163834568b0a197adc696666e.html
│   ├── 4 Coding Basics 2ff6d449157546238ba8c316b981337f.html
│   ├── 40 Early Bird APC Injection a9fb0ac0fc464b7c8a61de3fba4d7c8c
│   │   ├── demo-109330271-93c3e529-dfea-4868-ad56-48ce90efe172.png
│   │   ├── demo-209330277-04b3a674-e5f7-41b1-95a3-423e34d2f5aa.png
│   │   └── demo-309330284-92aec1dc-b899-49a8-a170-f9845cbe5246.png
│   ├── 40 Early Bird APC Injection a9fb0ac0fc464b7c8a61de3fba4d7c8c.html
│   ├── 41 Callback Code Execution da849912e27f4bde9f88caaf4847aeb0.html
│   ├── 42 Local Mapping Injection a18ce0d426434c27b585cf1ddd825b70
│   │   ├── local-map-inject-109424404-c8e38d0c-cf1a-401a-b881-e1d50f0fb1dd.png
│   │   ├── local-map-inject-209424404-c8e38d0c-cf1a-401a-b881-e1d50f0fb1dd.png
│   │   ├── local-map-inject-309427185-a71d9b01-a6f8-4fd8-be13-25e331ad96d8.png
│   │   └── local-map-inject-409427186-264e5199-4331-4578-84bc-c9c9cba45046.png
│   ├── 42 Local Mapping Injection a18ce0d426434c27b585cf1ddd825b70.html
│   ├── 43 Remote Mapping Injection 268ba3a4ebcd42e8a6a99cf2c8eb88c2
│   │   ├── remote-map-109431584-4f2ef9e2-3d8e-49ce-9998-b9070c566647.png
│   │   ├── remote-map-209431586-0863ea8b-fa83-486b-aeac-ff718f759de7.png
│   │   ├── remote-map-309431587-6d988463-f0aa-4cc2-8252-1b0d1426af2d.png
│   │   └── remote-map-409431570-6cd31d0b-0dee-4930-97d3-5124112c3e77.png
│   ├── 43 Remote Mapping Injection 268ba3a4ebcd42e8a6a99cf2c8eb88c2.html
│   ├── 44 Local Function Stomping Injection c935dd1a71c845059628b12d6c3cdcb8
│   │   ├── stomp-109438900-53f68143-4143-4be4-978c-4c38e9b4f0d4.png
│   │   ├── stomp-209438901-b436065b-17a9-43b2-86a9-da708329b4c7.png
│   │   ├── stomp-309438902-a96c9c50-7ac1-42f9-918f-992a2ef749d6.png
│   │   └── stomp-409438904-bfacfa89-e6cb-4903-9cd1-7a55c9b66697.png
│   ├── 44 Local Function Stomping Injection c935dd1a71c845059628b12d6c3cdcb8.html
│   ├── 45 Remote Function Stomping Injection d7942e1bc9af45968f6b7eea69b6559e
│   │   ├── remote-stomp-109445015-30dbf6a1-2ece-4d4c-a304-a9fc12f8f231.png
│   │   ├── remote-stomp-209445031-a0b9b825-93f8-429c-a6eb-5dc4e276e2df.png
│   │   ├── remote-stomp-309445021-d9ccc1af-1eb5-4e9e-ba62-8f67b3442c90.png
│   │   ├── remote-stomp-409445036-d03ad29c-8eb0-4b5a-b166-bd30458dbe1a.png
│   │   └── remote-stomp-509445038-6bb55397-dbac-4546-b1d7-2a7be0744c8a.png
│   ├── 45 Remote Function Stomping Injection d7942e1bc9af45968f6b7eea69b6559e.html
│   ├── 46 Payload Execution Control 169c1c943aed40e096a42d7b9761c466
│   │   ├── control-109459156-0c97cf3a-c176-46da-bd31-afb2d2161b9f.png
│   │   ├── control-209459157-cda5268b-bd34-47ed-874b-a799e0680fb8.png
│   │   └── control-309459160-66750edb-600a-4fef-a1f2-ef2deec92d5e.png
│   ├── 46 Payload Execution Control 169c1c943aed40e096a42d7b9761c466.html
│   ├── 47 Spoofing PPID 5f6b664165244f6284dd737c7e5d823c
│   │   ├── demo-109330271-93c3e529-dfea-4868-ad56-48ce90efe172.png
│   │   ├── ppid-spoofing-1209528890-4c267ff2-a7b9-4036-8279-a5af58f067c7.png
│   │   ├── ppid-spoofing-209529234-c72226c9-0cf1-401f-b46d-6b32cb1bac25.png
│   │   ├── ppid-spoofing-309529480-978dfe1a-ba61-4881-a33d-9614bd7ee3bb.png
│   │   └── ppid-spoofing-409530891-f8b81cc4-8cec-4ffe-b413-debf5f051ae8.png
│   ├── 47 Spoofing PPID 5f6b664165244f6284dd737c7e5d823c.html
│   ├── 48 Process Argument Spoofing (1) b427dcafb59043239840f40c0ab8dc81
│   │   ├── arg-spoof-109550005-441b53e8-9f32-48c3-96a5-56b5b7eb427a.png
│   │   ├── arg-spoof-209553208-efe6e1fb-2e03-4840-a1ff-821217ddf731.png
│   │   └── arg-spoof-309567835-eed3b698-80d0-4a39-ae98-7d2f4120a9a3.png
│   ├── 48 Process Argument Spoofing (1) b427dcafb59043239840f40c0ab8dc81.html
│   ├── 49 Process Argument Spoofing (2) 0f4d524b53fa4b2b9d2b2a52376a158a
│   │   ├── 51 String Hashing 67af0332497148fa85a9f95864996ede.html
│   │   ├── spoofing-109614220-d9136e16-4a7e-4ce2-a309-db47577d6f88.png
│   │   ├── spoofing-209614417-27d1960a-a101-4d6d-8247-e49c9a387556.png
│   │   ├── spoofing-309614553-c8f18edc-301f-4bca-92e6-bf65ae03bddf.png
│   │   ├── spoofing-409618296-d64a33d8-0d25-400f-9a2d-47d9483ec70f.png
│   │   ├── spoofing-509622098-ebfd8016-9d4d-413f-929f-53e8465666dd.png
│   │   └── spoofing-609622288-7f9400eb-100e-490a-a5a6-adbfa2b61f42.png
│   ├── 49 Process Argument Spoofing (2) 0f4d524b53fa4b2b9d2b2a52376a158a.html
│   ├── 5 Windows Architecture 012cf6ad24cc4d18897cd9414c274997
│   │   ├── Untitled 1.png
│   │   ├── Untitled 2.png
│   │   └── Untitled.png
│   ├── 5 Windows Architecture 012cf6ad24cc4d18897cd9414c274997.html
│   ├── 50 Parsing PE Headers 7d60ebf31c744655b0a36dbbfcb8e9c1
│   │   ├── pe-parser-109789281-55662de8-c252-427c-b4d0-8245e238ce10.png
│   │   ├── pe-parser-209789466-71cb09b6-7e8f-4694-b9b6-f5064aecfb9c.png
│   │   └── pe-structure.png
│   ├── 50 Parsing PE Headers 7d60ebf31c744655b0a36dbbfcb8e9c1.html
│   ├── 51 String Hashing bda15d26efa8495790b4467721838661
│   │   ├── string-hashing-020876979-d3fbb005-d0d5-4624-a302-9f0f0469d86a.png
│   │   └── string-hashing-109826350-7f0ae4f9-76c6-4293-990a-16ff72de7e0b.png
│   ├── 51 String Hashing bda15d26efa8495790b4467721838661.html
│   ├── 52 IAT Hiding & Obfuscation - Introduction 92083157ed3949938746858848e5ef9d
│   │   └── iat-intro-209847024-7ba7fa01-913d-405a-94c1-6cd28adcee51.png
│   ├── 52 IAT Hiding & Obfuscation - Introduction 92083157ed3949938746858848e5ef9d.html
│   ├── 53 IAT Hiding & Obfuscation - Custom GetProcAddres aa735dbf7a4e4c188c8b6e8f8549cfea
│   │   ├── custom-getproc-109913387-f0fdcc3d-e9aa-48f3-bb97-615758130bad.png
│   │   ├── custom-getproc-209914072-4c8104f3-6208-42c4-8822-479c44d291ce.png
│   │   ├── custom-getproc-309915517-9f411b29-61c3-4104-9d05-7fa8977ddeca.png
│   │   └── ordinals-getproc.png
│   ├── 53 IAT Hiding & Obfuscation - Custom GetProcAddres aa735dbf7a4e4c188c8b6e8f8549cfea.html
│   ├── 54 IAT Hiding & Obfuscation - Custom GetModuleHand 031d95fe35cc41edac2064756d73a043
│   │   ├── custom-getmodule-new-221769848-48118974-d4b7-4a63-b2ce-8802bdec4573.png
│   │   ├── custom-getmodulehandle-021764060-4bc54cbd-29ea-470a-9402-ac2fbd0bb4db.png
│   │   ├── custom-getmodulehandle-110036660-4488defa-47aa-4993-902d-0c97cb1673c0.png
│   │   ├── custom-getmodulehandle-210036220-10ef0096-9099-4066-b6a6-5c5f06cbb4df.png
│   │   ├── custom-getmodulehandle-310037888-cfab12a2-d9ff-4174-9c6e-2cc335d6809e.png
│   │   ├── custom-getmodulehandle-410036660-4488defa-47aa-4993-902d-0c97cb1673c0.png
│   │   ├── custom-getmodulehandle-510041809-92e59481-49dc-4f6c-bc6d-74133ba5fa3b.png
│   │   ├── custom-getmodulehandle-610043506-5d864abe-3528-4e13-bf28-faeba07c12e2.png
│   │   └── msdn-593029583.png
│   ├── 54 IAT Hiding & Obfuscation - Custom GetModuleHand 031d95fe35cc41edac2064756d73a043.html
│   ├── 55 IAT Hiding & Obfuscation - API Hashing 3fe6fb0cde7d41fdb7357575d7685be3
│   │   ├── api-hashing-110060375-e0d6069b-7538-4b31-add1-92f72003f85c.png
│   │   └── api-hashing-210060409-a932736a-ec54-4946-939f-750f44affa19.png
│   ├── 55 IAT Hiding & Obfuscation - API Hashing 3fe6fb0cde7d41fdb7357575d7685be3.html
│   ├── 56 IAT Hiding & Obfuscation - Custom Pseudo Handle b9c801a007204fdfa5e888dc127c744a
│   │   ├── pseudo-handle-124505341-1cca443b-e5d2-4d90-8a75-5f77b08bfe56.png
│   │   ├── pseudo-handle-224505515-1079792a-5685-4051-a364-6a7424d95646.png
│   │   ├── pseudo-handle-324505523-586c63fa-8f52-4564-b01f-a52c3a34524f.png
│   │   ├── pseudo-handle-424505527-99a803e2-eaff-49a3-9ac2-470bc1fb8c69.png
│   │   └── pseudo-handle-524524030-94c0a3e8-71c0-4df6-b4b5-e95b2e76edca.png
│   ├── 56 IAT Hiding & Obfuscation - Custom Pseudo Handle b9c801a007204fdfa5e888dc127c744a.html
│   ├── 57 IAT Hiding & Obfuscation - Compile Time API Has af3ce62d28bb4e0a824b7e3a42315d80
│   │   ├── compile-time-hashing-110127028-dfa23b5b-cc3a-430a-b792-23792ce51c5d.png
│   │   ├── compile-time-hashing-210127200-98154fdf-2810-472c-b3f8-6fa46605955b.png
│   │   ├── compile-time-hashing-310127229-b041b0ac-e48e-4c12-88b5-cc39ce6e0d8e.png
│   │   ├── compile-time-hashing-410127235-cfc37903-ef42-4ab6-8401-d1a20282a479.png
│   │   ├── compile-time-hashing-510127264-113b5309-cdbb-4d86-9c74-7e7a0b0c3918.png
│   │   ├── compile-time-hashing-610127288-887779b6-b023-4a31-8bc7-e76018642b94.png
│   │   ├── compile-time-hashing-710127301-b4ad2456-74a9-4030-893a-d330d35dc25a.png
│   │   └── compile-time-hashing-810127330-fd9124e2-361c-463b-bc4e-7e5ea2dc65a7.png
│   ├── 57 IAT Hiding & Obfuscation - Compile Time API Has af3ce62d28bb4e0a824b7e3a42315d80.html
│   ├── 58 API Hooking - Introduction b43ef4c2f27a4891a09b1ca65a4522fe
│   │   ├── hooking-intro-115247938-09b2e089-3a64-443f-86b1-e147acfe8cdc.png
│   │   └── hooking-intro-215247209-ce8c97aa-3d6f-488e-893c-aea9230f6afa.png
│   ├── 58 API Hooking - Introduction b43ef4c2f27a4891a09b1ca65a4522fe.html
│   ├── 59 API Hooking - Detours Library b06d3c8c1d6040d886472493a5084f2c
│   │   ├── detours-113692112-13168cc0-dd84-4b71-9c9a-c639b6bcd3e8.png
│   │   ├── detours-213692174-164b9d16-059a-4587-a4d2-3e264f3ac539.png
│   │   └── detours-313692221-be94d5d0-34a4-42a9-9545-a4934e5878ef.png
│   ├── 59 API Hooking - Detours Library b06d3c8c1d6040d886472493a5084f2c.html
│   ├── 6 Windows Memory Management 3de16d4bafa34eb19106dd2c5f0ff634
│   │   ├── memory-mgmt-105290746-d5fa58f7-b3d7-4064-98b8-6f7ee5dcc12d.png
│   │   ├── memory-mgmt-205290946-31ab4c35-b0e6-4727-9d45-8e439453207d.png
│   │   ├── memory-mgmt-305293097-6334290e-3d79-4254-9a79-cd7011ca4bbc.png
│   │   ├── memory-mgmt-424394866-a0dead3a-b72b-4600-8003-b8ecc2a27449.png
│   │   ├── memory-mgmt-524394895-7c747075-d866-4ca8-a15f-09cb4fec7e6d.png
│   │   └── virtual-memory.png
│   ├── 6 Windows Memory Management 3de16d4bafa34eb19106dd2c5f0ff634.html
│   ├── 60 API Hooking - Minhook Library c42628518a7f494495b8c3af9e5203f3
│   │   ├── minhook-113692839-29b30634-f82b-49a1-9bbc-9a27277431b2.png
│   │   ├── minhook-213692909-51d8413a-eb9a-44a3-b59c-a43fc6fa5113.png
│   │   └── minhook-313692968-0b322f31-7913-48b2-95bf-15e5088aa0af.png
│   ├── 60 API Hooking - Minhook Library c42628518a7f494495b8c3af9e5203f3.html
│   ├── 61 API Hooking - Custom Code 7e6302f71fe94f6786760d6f2b619236
│   │   ├── custom-trampoline-113731211-c0c71ee9-93b5-4e56-811e-b9595193062f.png
│   │   ├── custom-trampoline-213732622-0d251a96-90b6-43fa-ae02-6bc14b0b6c3e.png
│   │   ├── custom-trampoline-313731997-b35bff75-14b3-4b32-96d7-913132055062.png
│   │   ├── custom-trampoline-413732637-5e2985c7-2bda-4e75-98c4-9ea6e8c1798b.png
│   │   └── custom-trampoline-513732042-e95b475c-72ed-4797-b8e5-4d7cb545f209.png
│   ├── 61 API Hooking - Custom Code 7e6302f71fe94f6786760d6f2b619236.html
│   ├── 62 API Hooking - Using Windows APIs f8ded5cdb10a45bfbadda982993d6bcf
│   │   └── windows-hooks-1223195943-e2c26fe0-45e5-4ef2-b10c-fcadf1933528.png
│   ├── 62 API Hooking - Using Windows APIs f8ded5cdb10a45bfbadda982993d6bcf.html
│   ├── 63 Syscalls - Introduction b8f710a9d1a64edeac1abd028752da3c
│   │   ├── syscall-intro-221095509-588e2694-4323-4de4-a929-01a0fc209ff0.png
│   │   ├── syscall-intro-321109035-b09edb7e-5ecb-4c6f-96d5-de081603d047.png
│   │   ├── syscalls-intro-213904491-110e794d-616f-4239-8a0a-96c2d2be77df.png
│   │   ├── syscalls-intro-313903469-08ed9596-55bd-4c09-b39b-dc1f8e169d49.png
│   │   └── syscalls-intro-413903414-69957a37-e317-4913-aa29-d9720b6f9eb4.png
│   ├── 63 Syscalls - Introduction b8f710a9d1a64edeac1abd028752da3c.html
│   ├── 64 Syscalls - Userland Hooking 874286351a4a4dc0a89d688487b2f698
│   │   ├── syscalls-userland-hooks-113914292-072b98f1-dd82-4ccc-b111-2a2ae6475fee.png
│   │   ├── syscalls-userland-hooks-213914403-878e7988-5106-49dd-95fd-11c10c1ef47b.png
│   │   ├── syscalls-userland-hooks-313917466-28dfea35-3e7d-489f-9575-9232fc742b47.png
│   │   ├── syscalls-userland-hooks-413917672-f8a15753-f95d-4236-98e0-d5e4bceec18e.png
│   │   ├── syscalls-userland-hooks-516898739-a3e3c7e6-68d7-4e8f-a424-15137d79eda1.png
│   │   └── syscalls-userland-hooks-616902643-50621da8-9220-413d-9a46-ffcb980caf4f.png
│   ├── 64 Syscalls - Userland Hooking 874286351a4a4dc0a89d688487b2f698.html
│   ├── 65 Syscalls - SysWhispers b0330e613e8f4441bb581226cf7412ea
│   │   ├── syswhipsers2-syscall-search.png
│   │   └── syswhispers-314041015-7c969ae9-8b74-46a5-bf36-2c6bbedad332.png
│   ├── 65 Syscalls - SysWhispers b0330e613e8f4441bb581226cf7412ea.html
│   ├── 66 Syscalls - Hell's Gate d6268c1cdf0f4709ae05a196f475974b
│   │   ├── hellsgate-114089998-966e34f8-c59b-4b3a-8c84-8d6014001a19.png
│   │   ├── hellsgate-214097117-16ca9e20-17b3-427c-b0b0-b0e7ec78191c.png
│   │   ├── hellsgate-314099314-0029aee9-f8c2-4436-a740-4c2964a952be.png
│   │   └── hellsgate-414099901-48434135-7e83-4cd5-aea6-94d1ef75f652.png
│   ├── 66 Syscalls - Hell's Gate d6268c1cdf0f4709ae05a196f475974b.html
│   ├── 67 Syscalls - Reimplementing Classic Injection a51528df7b4045359976f170fab7b5ef
│   │   ├── syscalls-classic-114349632-de44115a-3e9f-450f-bb37-f0bff7776d5f.png
│   │   ├── syscalls-classic-214351708-4ba6253b-4713-4fed-8711-e8cb0766938e.png
│   │   ├── syscalls-classic-314352187-6786f4d7-1ae2-4e6b-94ce-8f8087d223df.png
│   │   ├── syscalls-classic-414353258-3fbf4ead-ce9c-4083-805a-ae5ced08213e.png
│   │   ├── syscalls-classic-514353606-1e3d5862-fc03-4247-b03e-493b07f3a1ce.png
│   │   ├── syscalls-classic-618293274-8d259f06-efa2-4254-886c-ce14500fb65d.png
│   │   ├── syscalls-classic-714361294-3e6b766a-57cc-4a05-b788-fe53e9cdc3c2.png
│   │   ├── syscalls-classic-814362613-395c4f9f-05c5-4a0a-9325-4f2deedaf1b7.png
│   │   ├── syscalls-classic-914361542-8212a53a-8c06-4a9f-ba93-4bf8add3ab35.png
│   │   └── syscalls-classic-9214363039-c409bb06-27a1-433e-a06b-3617828b68d4.png
│   ├── 67 Syscalls - Reimplementing Classic Injection a51528df7b4045359976f170fab7b5ef.html
│   ├── 68 Syscalls - Reimplementing Mapping Injection 2f2302d29c4b4300bc09befcc91e503c
│   │   ├── syscall-mapping-114492060-65bb4d32-e61b-4489-b768-f4ef6629282c.png
│   │   ├── syscall-mapping-214533288-cc53802f-345d-4eb3-896a-fb4d7dc61b27.png
│   │   ├── syscall-mapping-314533763-efe02370-e08e-4d13-9c4c-884931855bdc.png
│   │   ├── syscall-mapping-414534077-da2c3b3e-fcac-4691-9e1e-261b6380e7cb.png
│   │   └── syscall-mapping-514534407-34d19c71-70d1-4669-99c0-6b3ce6a64d9e.png
│   ├── 68 Syscalls - Reimplementing Mapping Injection 2f2302d29c4b4300bc09befcc91e503c.html
│   ├── 69 Syscalls - Reimplementing APC Injection 4134d6cae4f8487384888ad519adc700
│   │   ├── syscall-apc-114387928-a6054f8c-8590-49cb-a97e-6eb4d7e2870e.png
│   │   └── syscall-apc-214388088-5de280c3-8fd2-4546-9127-c058c373757b.png
│   ├── 69 Syscalls - Reimplementing APC Injection 4134d6cae4f8487384888ad519adc700.html
│   ├── 7 Introduction To The Windows API fe26cafbdf464e039dabea74013cf65d.html
│   ├── 70 Anti-Analysis - Introduction f00a576434474763babcbad9fb8b988c.html
│   ├── 71 Anti-Debugging - Multiple Techniques 6e238e4d6c414f8f93da7cc5af419566
│   │   ├── anti-debugging-115282576-1557ca5f-2841-4a0f-ad73-63c30e03c843.png
│   │   ├── anti-debugging-215283166-37faff36-628c-43e4-aaf1-e41ad6310dd9.png
│   │   ├── anti-debugging-315282633-6d0bf541-7327-42b9-af79-0b9f9489cd68.png
│   │   └── anti-debugging-415305654-6593a2cd-5fc1-4f8c-b4dc-9f4eb55c47b6.png
│   ├── 71 Anti-Debugging - Multiple Techniques 6e238e4d6c414f8f93da7cc5af419566.html
│   ├── 72 Anti-Debugging - Self-Deletion 97e7cad56b8d474b97988fb7c91703d5
│   │   ├── self-deletion-115320077-5c34dcbb-2e0e-461d-b8e5-a1b34d72b139.png
│   │   ├── self-deletion-215320748-1964cf44-c332-443a-9f52-465aa7ffe9be.png
│   │   ├── self-deletion-315324185-4157dabc-fe41-4a40-b1ce-caf4c3a19c1f.png
│   │   ├── self-deletion-415326977-a40ef9d4-4c54-4c0b-b02c-c3396e24a221.png
│   │   └── self-deletion-6222060992-0b642d05-e871-4ed1-b2f0-a634796ea284.png
│   ├── 72 Anti-Debugging - Self-Deletion 97e7cad56b8d474b97988fb7c91703d5.html
│   ├── 73 Anti-Virtual Environments - Multiple Techniques d3a43bd340604f059172e28fd60e8dd3.html
│   ├── 74 Anti-Virtual Environments - Multiple Delay Exec 1a52c1ea94be40948ad1a4b786256621
│   │   └── delays-115710473-e0af0c25-7535-41ad-80a9-ac2be198e68f.png
│   ├── 74 Anti-Virtual Environments - Multiple Delay Exec 1a52c1ea94be40948ad1a4b786256621.html
│   ├── 75 Anti-Virtual Environments - API Hammering 65a79f843fa44243b4b53e9890141f43
│   │   ├── api-hammering-115849002-8f48543a-45d1-46bf-b740-5362f2ae7dc2.png
│   │   └── api-hammering-215850112-05e21d3e-12a5-45c8-8d0f-31e466a2eae7.png
│   ├── 75 Anti-Virtual Environments - API Hammering 65a79f843fa44243b4b53e9890141f43.html
│   ├── 76 Binary Entropy Reduction e582eb6f4c64486f9a656a5b9e9d993b
│   │   ├── entropy-reduction-123023359-a3cbf186-3de6-4628-b920-1d7a8efdb169.png
│   │   ├── entropy-reduction-223028955-48be70b5-ea5e-43ab-97fa-904c32dd00ea.png
│   │   ├── entropy-reduction-323049334-8251f557-fc19-4eb4-92e8-f2bfb45edfae.png
│   │   └── entropy-reduction-423140943-cb067a49-080a-465d-ba8a-d44941e56b60.png
│   ├── 76 Binary Entropy Reduction e582eb6f4c64486f9a656a5b9e9d993b.html
│   ├── 77 Brute Force Decryption c467f2224963495388bded186d572805
│   │   ├── bruteforce-decryption-115958551-66287afd-396c-4beb-8255-0c330764cde5.png
│   │   ├── bruteforce-decryption-215972490-3457c0b5-833b-477d-a95d-ead9522e32be.png
│   │   └── bruteforce-decryption-315973990-7836fe71-fbb0-49a1-82e0-dbca3bccedbd.png
│   ├── 77 Brute Force Decryption c467f2224963495388bded186d572805.html
│   ├── 78 MalDev Academy Tool - KeyGuard 9ed61e52dac94108a2301370dbefb62a
│   │   ├── keyguard-116004022-69d0f001-ad32-4fd2-aec8-669c50c3d93d.png
│   │   ├── keyguard-216006045-84544960-079a-4c5c-9ac0-c4e31ba80dbc.png
│   │   └── keyguard-316007780-4cc95a19-5f8c-48db-99e6-defa90b83820.png
│   ├── 78 MalDev Academy Tool - KeyGuard 9ed61e52dac94108a2301370dbefb62a.html
│   ├── 79 CRT Library Removal & Malware Compiling b216a9e9d29b4590896568ead8916d65
│   │   ├── crt-11.png
│   │   ├── crt-116939162-63627c0c-8e3c-4a1f-a7f3-0b2450c9e7dc.png
│   │   ├── crt-12.png
│   │   ├── crt-13.png
│   │   ├── crt-14.png
│   │   ├── crt-15.png
│   │   ├── crt-16.png
│   │   ├── crt-17.png
│   │   ├── crt-18.png
│   │   ├── crt-19.png
│   │   ├── crt-20.png
│   │   ├── crt-21.png
│   │   ├── crt-216062571-e46c5ade-4aa5-4d7f-8d8a-5562af6a5229.png
│   │   ├── crt-22.png
│   │   ├── crt-23.png
│   │   ├── crt-24.png
│   │   ├── crt-25.png
│   │   ├── crt-26.png
│   │   ├── crt-27.png
│   │   ├── crt-28.png
│   │   ├── crt-29.png
│   │   ├── crt-30.png
│   │   ├── crt-416058406-95d621d1-1329-47b2-8750-ebbcef912dc8.png
│   │   ├── crt-716065105-1ba22df8-af64-483a-8a38-803b75bb4ae4.png
│   │   ├── crt-816073627-98d49140-e86d-4622-88c8-a40f9a9db79c.png
│   │   └── crt-916075724-73b3ba91-3a72-4f93-9dd8-0ee03cd3fe2d.png
│   ├── 79 CRT Library Removal & Malware Compiling b216a9e9d29b4590896568ead8916d65.html
│   ├── 8 Portable Executable Format a919d24f6aa94a2698766ef3f0bf5f21
│   │   └── pe-structure.png
│   ├── 8 Portable Executable Format a919d24f6aa94a2698766ef3f0bf5f21.html
│   ├── 80 IAT Camouflage b3a2763284464e8f92ccbb50130694b4
│   │   ├── iat-camo-0222202369-4ec0c257-3f73-4563-8611-6a367e668455.png
│   │   ├── iat-camo-116296566-e54ef1c8-582f-4114-8f76-7992d4c69358.png
│   │   ├── iat-camo-216316282-a383829c-9589-4081-a581-9bedc4f4f3f8.png
│   │   └── iat-camo-316322305-990ecd45-33a8-45d7-8f93-826ef0d18ad3.png
│   ├── 80 IAT Camouflage b3a2763284464e8f92ccbb50130694b4.html
│   ├── 81 Bypassing AVs c8b98ed828814f89b8db2d5ac5a9c230
│   │   ├── av-bypass-10.png
│   │   ├── av-bypass-11.png
│   │   ├── av-bypass-116769871-25449179-cdfb-412b-899f-1744ac77246b.png
│   │   ├── av-bypass-12.png
│   │   ├── av-bypass-13.png
│   │   ├── av-bypass-14.png
│   │   ├── av-bypass-15.png
│   │   ├── av-bypass-16.png
│   │   ├── av-bypass-17.png
│   │   ├── av-bypass-18.png
│   │   ├── av-bypass-216782299-f2e9c796-2d79-42e9-b69d-6e4277f531f4.png
│   │   ├── av-bypass-416782441-c87f902c-af70-4657-ad39-93d2f977673b.png
│   │   ├── av-bypass-616804411-39794aab-14d5-439c-9f30-2ed26efe8dce.png
│   │   ├── av-bypass-716812124-de717043-aa23-40c9-8058-f0ae0c06f407.png
│   │   ├── av-bypass-816812885-3a8e28cd-22cb-42f0-9673-9d58ea2471da.png
│   │   └── av-bypass-916815114-a9254939-9382-4dfe-8c32-54f871d9fc47.png
│   ├── 81 Bypassing AVs c8b98ed828814f89b8db2d5ac5a9c230.html
│   ├── 82 Introduction To EDRs f4827eb5fb1d4d198d575a5ad670624c
│   │   ├── amsi-functions.png
│   │   ├── edr-dashboard.png
│   │   ├── intro-edr-120017985-26bd0e42-0d73-4b1f-81da-b14b76e9efef.png
│   │   ├── intro-edr-219966477-a29ed0b1-e7af-4e89-8461-98d570ab8e1b.png
│   │   ├── intro-edr-320010420-0de272ee-4b02-4394-b79f-6bd29770d8da.png
│   │   └── intro-edr-419941044-badc629b-fa34-4dfc-95e4-db9f22c94612.png
│   ├── 82 Introduction To EDRs f4827eb5fb1d4d198d575a5ad670624c.html
│   ├── 83 NTDLL Unhooking - Introduction e62fdd6d30884ac798da2ab3901442cc
│   │   ├── ntdll-unhooking-intro-118247087-fa554dbf-e85f-4d02-b855-2dce40f2e352.png
│   │   └── ntdll-unhooking-intro-218247984-f05b2000-b273-433a-8a71-740554180e3f.png
│   ├── 83 NTDLL Unhooking - Introduction e62fdd6d30884ac798da2ab3901442cc.html
│   ├── 84 NTDLL Unhooking - From Disk 8aeadeff47ae40f2bf190a32b0678f0a
│   │   ├── ntdll-unhooking-disk-10.png
│   │   ├── ntdll-unhooking-disk-118295799-85ce595b-6772-44bf-b764-0ba034284c2e.png
│   │   ├── ntdll-unhooking-disk-218424594-28bea557-3659-4d92-84e2-fc56907510dd.png
│   │   ├── ntdll-unhooking-disk-318424215-3ec0d749-437d-42cb-b138-c925ad1be481.png
│   │   ├── ntdll-unhooking-disk-418457505-d1001776-7d96-4177-9320-4fa80908827f.png
│   │   ├── ntdll-unhooking-disk-518457513-3ccc44f1-e96f-489c-a4fb-a4f455b4093d.png
│   │   ├── ntdll-unhooking-disk-618457520-f7c9130c-70bb-48a1-ab62-7c875e3d9daa.png
│   │   ├── ntdll-unhooking-disk-718459846-589d3a07-a934-4d32-bbdb-45bb2c91d748.png
│   │   ├── ntdll-unhooking-disk-818459854-9d1de617-884f-441b-85c1-173868f4aad3.png
│   │   ├── ntdll-unhooking-disk-918459862-619987f0-38ee-48c7-90f3-45b506f7342f.png
│   │   ├── ntdll-unhooking-disk-new-1.png
│   │   ├── ntdll-unhooking-disk-new-2.png
│   │   ├── ntdll-unhooking-disk-new-3.png
│   │   ├── ntdll-unhooking-disk-new-4.png
│   │   ├── ntdll-unhooking-disk-new-5.png
│   │   └── ntdll-unhooking-disk-new-6.png
│   ├── 84 NTDLL Unhooking - From Disk 8aeadeff47ae40f2bf190a32b0678f0a.html
│   ├── 85 NTDLL Unhooking - From KnownDlls Directory db89a0c0abe54a799e9816e7a2237546
│   │   ├── ntdll-unhooking-knowndlls-118473010-cd9df141-2f08-47f7-a57e-fdd53ee6ab30.png
│   │   ├── ntdll-unhooking-knowndlls-218529831-d561ae0a-5e2b-4da9-9eb6-a4301c970693.png
│   │   ├── ntdll-unhooking-knowndlls-318529838-7c90c7e7-efd9-4dcb-965f-0b562e1e32d5.png
│   │   ├── ntdll-unhooking-knowndlls-418529851-010d8412-8dce-4855-bfb8-fb083f7a15ee.png
│   │   └── ntdll-unhooking-knowndlls-518529888-b486838f-b284-46e5-83d4-54cfe050fed0.png
│   ├── 85 NTDLL Unhooking - From KnownDlls Directory db89a0c0abe54a799e9816e7a2237546.html
│   ├── 86 NTDLL Unhooking - From a Suspended Process b586e5f76b064f63a867c116853ff11a
│   │   ├── ntdll-suspended-process-118639361-38c2053c-1ce0-4432-996e-539a04a34786.png
│   │   ├── ntdll-suspended-process-218648672-32764e8b-364c-43a0-8dd7-b3e94c7f2420.png
│   │   ├── ntdll-suspended-process-318679682-0ba9b734-e1e7-4896-90d6-d05ada1ee9f7.png
│   │   ├── ntdll-suspended-process-418679690-a8faac4b-bb48-4d37-939d-70ca1a9711a2.png
│   │   ├── ntdll-suspended-process-518679693-f19b0159-5abb-4c98-88c0-091ea2cdfa31.png
│   │   └── ntdll-suspended-process-618679699-59d3f22d-e8a0-4d1d-9a61-85a48845db8b.png
│   ├── 86 NTDLL Unhooking - From a Suspended Process b586e5f76b064f63a867c116853ff11a.html
│   ├── 87 NTDLL Unhooking - From a Web Server d1bcc5c3167c43088e31dd211efded76
│   │   ├── ntdll-unhooking-server-10.png
│   │   ├── ntdll-unhooking-server-11.png
│   │   ├── ntdll-unhooking-server-118739986-88f6cb96-f2b6-4b20-8b93-7d32de908cb8.png
│   │   ├── ntdll-unhooking-server-218741853-fb112eb2-6058-4c09-bf31-6361daeb1dad.png
│   │   ├── ntdll-unhooking-server-318747866-fb9bb405-fce4-46b1-9797-a0787569d065.png
│   │   ├── ntdll-unhooking-server-418747883-88d09ac7-5a26-4428-858a-5e38577d3ed5.png
│   │   ├── ntdll-unhooking-server-518748318-85fde875-9b04-4087-99d7-99135d1fe75d.png
│   │   ├── ntdll-unhooking-server-618750624-b5511b03-9f66-42c6-ae0c-8262c7f9c7fb.png
│   │   ├── ntdll-unhooking-server-718816620-fdcedd74-65d6-49a9-b7b8-b83eb8d59b68.png
│   │   ├── ntdll-unhooking-server-818817840-42eb37ed-c3fb-4bfc-a990-a79ea05fc69a.png
│   │   └── ntdll-unhooking-server-918817843-e8ec2cca-a951-40e3-af75-14129cab4db5.png
│   ├── 87 NTDLL Unhooking - From a Web Server d1bcc5c3167c43088e31dd211efded76.html
│   ├── 88 Updating Hell's Gate fe07144871284371a5c31d710c3c2a4f
│   │   ├── hellsgate-update-10.png
│   │   ├── hellsgate-update-11.png
│   │   ├── hellsgate-update-118970171-6a388cdf-2e50-4441-8013-d4fb0afcd03a.png
│   │   ├── hellsgate-update-12.png
│   │   ├── hellsgate-update-13.png
│   │   ├── hellsgate-update-14.png
│   │   ├── hellsgate-update-15.png
│   │   ├── hellsgate-update-16.png
│   │   ├── hellsgate-update-17.png
│   │   ├── hellsgate-update-218996854-1d20335d-ebc6-4c6c-b2a2-e8f584ac85b3.png
│   │   ├── hellsgate-update-318996340-a18adfb0-0cbe-4ac2-a5cd-b504f8f60525.png
│   │   ├── hellsgate-update-418994573-eaf74f3a-647c-44a2-9ce2-ac97916a9b12.png
│   │   ├── hellsgate-update-518995420-b4dc7adb-c5f2-4a38-99a1-cfb1e845f300.png
│   │   ├── hellsgate-update-619273167-9a251b35-1cb2-477a-80ba-b5ac9c0093a5.png
│   │   ├── hellsgate-update-719008069-88be2bdc-b34e-4a9b-a338-91df90cd51a2.png
│   │   ├── hellsgate-update-819042962-afbc121a-d298-419a-b1e5-89eef05d8fa9.png
│   │   └── hellsgate-update-919042983-21be24a2-1648-4a06-afe5-d08ededb7b0e.png
│   ├── 88 Updating Hell's Gate fe07144871284371a5c31d710c3c2a4f.html
│   ├── 89 Indirect Syscalls - HellsHall 94f45eeb837f4eb6829f55eb1d6c20dc
│   │   ├── indirect-syscalls-119305197-c35a0c2c-fc29-4153-ada5-aa88d131996d.png
│   │   ├── indirect-syscalls-219308096-e7b35871-ecc6-4b5a-9bf4-b7c3336002f0.png
│   │   ├── indirect-syscalls-319330695-e31df2e8-be16-4b00-a1b7-81fd36bfc967.png
│   │   ├── indirect-syscalls-419334075-bc9f1b1c-0c8c-49e4-988d-153d35a71ebd.png
│   │   ├── indirect-syscalls-519334085-48c45634-cf64-478d-9091-932eb275f419.png
│   │   ├── indirect-syscalls-619334089-413a5cbd-32fb-457b-8546-6f5f2036c320.png
│   │   ├── indirect-syscalls-719334094-24709fd0-3009-44af-bef7-acf53e0c7872.png
│   │   └── indirect-syscalls-819334105-80f7d3a7-1de2-45bd-81e3-e2703efd8b2e.png
│   ├── 89 Indirect Syscalls - HellsHall 94f45eeb837f4eb6829f55eb1d6c20dc.html
│   ├── 9 Dynamic-Link Library 81450f1651f74297aa2208e1dc397a4b
│   │   ├── create-dll-1.png
│   │   ├── create-dll-2.png
│   │   ├── create-dll-3-1.png
│   │   ├── create-dll-3.png
│   │   ├── create-dll-4.png
│   │   ├── create-dll-5.png
│   │   ├── create-dll-6.png
│   │   ├── dll-new-221233432-97a38697-bd82-45f8-ad5f-90d674de8b17.png
│   │   └── loaded-libraries.png
│   ├── 9 Dynamic-Link Library 81450f1651f74297aa2208e1dc397a4b.html
│   ├── 90 Block DLL Policy cf46e560a7fc47bcbb2c0ad81f874be6
│   │   ├── block-dll-119432594-98c5ac96-6827-4bd5-b1bd-8101251cf1ef.png
│   │   ├── block-dll-219450935-66de904e-890a-40f4-87ef-d521b44ab53d.png
│   │   └── block-dll-319450939-a6401c36-a633-4068-871e-6e3ea6768da4.png
│   ├── 90 Block DLL Policy cf46e560a7fc47bcbb2c0ad81f874be6.html
│   ├── 91 Diving Into NtCreateUserProcess 9128d84d1c2f49939aeffccbc228565b
│   │   ├── ntcreateuserprocess-119551140-8b599665-05e6-44b7-829c-fc1d43d6437d.jpg
│   │   ├── ntcreateuserprocess-219843832-69179def-33c9-4145-a2cc-5b876df3d410.png
│   │   ├── ntcreateuserprocess-319843814-83b44231-2b26-4236-8764-c0aab559838d.png
│   │   ├── ntcreateuserprocess-419843782-b85fa358-4019-49dd-856f-605170af0661.png
│   │   ├── ntcreateuserprocess-526114852-0ea90178-69cb-4383-98c2-796ffb348451.png
│   │   ├── ntcreateuserprocess-626114907-67b9501b-6e77-42b2-98a1-f7eac8e3021c.png
│   │   ├── ntcreateuserprocess-719850092-b93a1079-dfe7-4a3c-9db5-bc00c30df0b6.png
│   │   ├── ntcreateuserprocess-819850671-388c86f6-beb3-4009-b03d-2854ea61312e.png
│   │   └── ntcreateuserprocess-919850979-2cf51837-c6e8-448b-a038-ab24fb7007a0.png
│   ├── 91 Diving Into NtCreateUserProcess 9128d84d1c2f49939aeffccbc228565b.html
│   ├── darkside.txt
│   ├── michael-black-a5.jpg
│   └── trick-or-treat-6474735-5349184.png
├── MALWARE 8b74ccffb7e64efea30e3da4d919418d.html
├── Tut4Biz-LatestInternetMarketingForU.url
├── Tut4Sec-LatestSecurityTraining.url
├── UsefulWebsites.url
└── darkside.txt

82 directories, 487 files

DOWNLOAD


CONTACT FOR UPDATES
XMPP: [email protected]
PM: @randomuser

Thanks mate, incredible
Reply
ding ding ding  ding ding ding
Reply
thanks for the share, i have the older version of the pdf having 90 pages, lets see how it is.
Reply
need this coures !
Reply
Thanks friends!
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  HOW TO BECOME EXPERT IN MALWARE tacticaloperative 15 2,694 4 hours ago
Last Post: LkStr
  Need help creating malware on python vBotRobot 2 630 4 hours ago
Last Post: Ch1hiro
  Sektor7 - Malware Development Advanced - Vol.1 Sh4d0w1X 73 8,150 02-23-2024, 09:35 AM
Last Post: akonadi
  Rust Malware PDF builder (Open SRC) L_DWORD 7 2,430 02-16-2024, 05:16 PM
Last Post: Alpha
  Need help with starting Malware Dev earflaps 2 525 02-05-2024, 04:23 PM
Last Post: earflaps



 Users browsing this thread: 1 Guest(s)