This is the code repository for Windows APT Warfare, published by Packt.
Identify and prevent Windows APT attacks effectively
An Advanced Persistent Threat (APT) is a severe form of cyberattack that lies low in the system for a prolonged time and locates and then exploits sensitive information. Preventing APTs requires a strong foundation of basic security techniques combined with effective security monitoring. This book will help you gain a red team perspective on exploiting system design and master techniques to prevent APT attacks. Once you’ve understood the internal design of operating systems, you’ll be ready to get hands-on with red team attacks and, further, learn how to create and compile C source code into an EXE program file. Throughout this book, you’ll explore the inner workings of how Windows systems run and how attackers abuse this knowledge to bypass antivirus products and protection.
This book covers the following exciting features:
- Explore various DLL injection techniques for setting API hooks
- Understand how to run an arbitrary program file in memory
- Become familiar with malware obfuscation techniques to evade antivirus detection
- Discover how malware circumvents current security measures and tools
- Use Microsoft Authenticode to sign your code to avoid tampering
- Explore various strategies to bypass UAC design for privilege escalation
If you feel this book is for you, get your copy today!
All of the code is organized into folders. For example, Chapter#01.
The code will look like the following:
#include <Windows.h>
Int main(void) {
MessageBoxA(0, "hi there.", "info", 0);
return 0;
}
Following is what you need for this book: This book is for cybersecurity professionals- especially for anyone working on Windows security, or malware researchers, network administrators, ethical hackers looking to explore Windows exploit, kernel practice, and reverse engineering. A basic understanding of reverse engineering and C/C++ will be helpful.
With the following software and hardware list you can run all code files present in the book (Chapter 1-11).
| Chapter | Software required | OS required |
|---|---|---|
| 1-11 | TDM-GCC | Windows |
| 1-11 | Visual Studio Community (C++) | Windows |
| 1-11 | PE-bear | Windows |
We also provide a PDF file that has color images of the screenshots/diagrams used in this book. Click here to download it.
Sheng-Hao Ma is currently working as a threat researcher at TXOne Networks, specializing in Windows reverse engineering analysis for over 10 years. In addition, he is currently a member of CHROOT, an information security community in Taiwan. He has served as a speaker and instructor for various international conferences and organizations such as Black Hat USA, DEFCON, CODE BLUE, HITB, VXCON, HITCON, ROOTCON, Ministry of National Defense, and Ministry of Education.
If you have already purchased a print or Kindle version of this book, you can get a DRM-free PDF version at no cost.
Simply click on the link to claim your free PDF.