windowsaptwarfare-ma2023

0001-01-01

Windows APT Warfare Identify and prevent Windows APT attacks effectively

by Sheng-Hao Ma

Packt Publishing 2023

ISBN 978-1-80461-811-0

https://github.com/PacktPublishing/Windows-APT-Warfare https://www.packtpub.com/en-us/product/windows-apt-warfare-9781804618110

Page Remark
xiv TDM-GCC
4 subsystem
calling conventions for C, C++
5 MinGW
Application Binary Interface (ABI)
“Argument Passing and Naming Conventions” - Microsoft
MessageBoxA
6 Assembler - transforming assembly to machine code
7 x86 instruction set
8 Common Object File Format (COFF)
object file
9 linker
“How to write endian-independent code in C” - IBM
10 application loader
Data Execution Prevention (DEP)
12 process hatching process
13 file mapping
14 DOS Header
IMAGE_DOS_HEADER
IMAGE_DOS_SIGNATURE
NT Header
PE structure
.signature field
17 File Header IMAGE_FILE_HEADER
Optional Header
19 Section Header IMAGE_SECTION_HEADER
section headers array
21 PE parsing
24 PE infection
PE patcher
27 msfencode
29 tinyLinker
31 IMAGE_SUBSYSTEM_WINDOWS_CUI
IMAGE_SUBSYSTEM_WINDOWS_GUI
32 Process Hollowing
RunPE
38 PE2HTML
important and indestructable fields in PE files
“Hacking the world with HTML”
42 function calling convention
43 calling convention
45 Thread Environment Block (TEB)
46 Structured Exception Handling (SEH)
multi-thread
47 Process Environment Block
48 UNICODE_STRING
RTL_USER_PROCESS_PARAMETERS
49 PEB_LDR_DATA
LIST_ENTRY
LDR_DATA_TABLE_ENTRY
53 Process Parameter Forgery
vssadmin delete shadows /all /quit
54 Process Monitor
55 masquerade cmdline
“Antivirus Bypass Techniques: Learn practical techniques and tactics to ombat, bypass, and evade antivirus software” - Nir Yehoshua
enumerating loaded modules without an API
ldrParser.c
56 flink

No notes link to this note

Recent Posts