0

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Free Learning

Windows APT Warfare

You're reading from Windows APT Warfare Identify and prevent Windows APT attacks effectively

Product type Paperback

Published in Mar 2023

Publisher Packt

ISBN-13 9781804618110

Length 258 pages

Edition 1st Edition

Languages

C++

Tools

MiniGW

Concepts

Cybersecurity

Author (1):

Sheng-Hao Ma

View More author details

Table of Contents (17) Chapters

Preface

1. Part 1 – Modern Windows Compiler

2. Chapter 1: From Source to Binaries – The Journey of a C Program FREE CHAPTER

3. Chapter 2: Process Memory – File Mapping, PE Parser, tinyLinker, and Hollowing

4. Chapter 3: Dynamic API Calling – Thread, Process, and Environment Information

5. Part 2 – Windows Process Internals

6. Chapter 4: Shellcode Technique – Exported Function Parsing

7. Chapter 5: Application Loader Design

8. Chapter 6: PE Module Relocation

9. Part 3 – Abuse System Design and Red Team Tips

10. Chapter 7: PE to Shellcode – Transforming PE Files into Shellcode

11. Chapter 8: Software Packer Design

12. Chapter 9: Digital Signature – Authenticode Verification

13. Chapter 10: Reversing User Account Control and Bypassing Tricks

14. Index

Why subscribe?

15. Other Books You May Enjoy

Appendix – NTFS, Paths, and Symbols

Win32 and NT path specification

Examples of IAT hijack

Since each IMAGE_THUNK_DATA in an IAT holds the system function address, wouldn’t it be possible to monitor and hijack a program’s active behavior if we could overwrite the contents of IMAGE_THUNK_DATA with a function for monitoring purposes? The answer is yes. Let’s try it out with a sample program.

The following example is the source code of iatHook.cpp in the Chapter#5 folder of the GitHub project. In order to save space, this book only extracts the highlighted code; please refer to the full source code to read the full project:

Figure 5.10 – The iathook function

Figure 5.10 – The iathook function

Figure 5.10 shows the source code of the iatHook function, which reads in four parameters:

module: Points to the loaded module to be monitored
szHook_ApiName: The name of the function to be hijacked
callback: The function for monitoring purposes
apiAddr: The original correct address of the hijacked function

At...

The rest of the chapter is locked

Register for a free Packt account to unlock a world of extra content!

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $19.99/month. Cancel anytime

Authors (1)

Sheng-Hao Ma

Sheng-Hao Ma

Sheng-Hao Ma is currently working as a threat researcher at TXOne Networks, specializing in Windows reverse engineering analysis for over 10 years. In addition, he is currently a member of CHROOT, an information security community in Taiwan. He has served as a speaker and instructor for various international conferences and organizations such as Black Hat USA, DEFCON, CODE BLUE, HITB, VXCON, HITCON, ROOTCON, Ministry of National Defense, and Ministry of Education.

See other products by Sheng-Hao Ma

Personalised recommendations for you

Based on your interests and search pattern

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m