0

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Free Learning

Windows APT Warfare

You're reading from Windows APT Warfare Identify and prevent Windows APT attacks effectively

Product type Paperback

Published in Mar 2023

Publisher Packt

ISBN-13 9781804618110

Length 258 pages

Edition 1st Edition

Languages

C++

Tools

MiniGW

Concepts

Cybersecurity

Author (1):

Sheng-Hao Ma

View More author details

Table of Contents (17) Chapters

Preface

1. Part 1 – Modern Windows Compiler

2. Chapter 1: From Source to Binaries – The Journey of a C Program FREE CHAPTER

3. Chapter 2: Process Memory – File Mapping, PE Parser, tinyLinker, and Hollowing

4. Chapter 3: Dynamic API Calling – Thread, Process, and Environment Information

5. Part 2 – Windows Process Internals

6. Chapter 4: Shellcode Technique – Exported Function Parsing

7. Chapter 5: Application Loader Design

8. Chapter 6: PE Module Relocation

9. Part 3 – Abuse System Design and Red Team Tips

10. Chapter 7: PE to Shellcode – Transforming PE Files into Shellcode

11. Chapter 8: Software Packer Design

12. Chapter 9: Digital Signature – Authenticode Verification

13. Chapter 10: Reversing User Account Control and Bypassing Tricks

14. Index

Why subscribe?

15. Other Books You May Enjoy

Appendix – NTFS, Paths, and Symbols

Win32 and NT path specification

Examples of mock signatures

The following example is the signatureThief project in the Chapter#9 folder of the GitHub project. In order to save space, this book only extracts the highlighted code, and the complete source code should be referred to the complete project for detailed reading.

At this point, the first exploit readers may think of, since signed programs must have an Authenticode signature message at the end of their files, is stealing someone else’s Authenticode signature message directly within our malware, which should bypass the authentication process. Let’s put that to the test.

Figure 9.13 shows the functional design for stealing static Authenticode signature information in the signatureThief project:

Figure 9.13 – The rippedCert function

Figure 9.13 – The rippedCert function

At lines 26-37 of the code is the design of the rippedCert function. It reads the incoming PE file with fopen and fread, parses the Authenticode signature block pointed to by...

The rest of the chapter is locked

Register for a free Packt account to unlock a world of extra content!

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $19.99/month. Cancel anytime

Authors (1)

Sheng-Hao Ma

Sheng-Hao Ma

Sheng-Hao Ma is currently working as a threat researcher at TXOne Networks, specializing in Windows reverse engineering analysis for over 10 years. In addition, he is currently a member of CHROOT, an information security community in Taiwan. He has served as a speaker and instructor for various international conferences and organizations such as Black Hat USA, DEFCON, CODE BLUE, HITB, VXCON, HITCON, ROOTCON, Ministry of National Defense, and Ministry of Education.

See other products by Sheng-Hao Ma

Personalised recommendations for you

Based on your interests and search pattern

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m