REVIEW: RED TEAM Operator: Malware Development Intermediate Course by SEKTOR7 Institute

API Hooking – RTO: Malware Development Intermediate course teaser

This is my review of the RED TEAM Operator: Malware Development Intermediate Course offered by SEKTOR7 InstituteAs an affiliate, I make money with qualifying purchases.

Malware Development Intermediate provides a continuation of the material learned in RED TEAM Operator: Malware Development Essentials.

You will learn about:

  • Variations of code injection techniques learned in the Essentials course
  • How to implement GetProcAddress and GetModuleHandle to evade antivirus and EDR heuristics.
  • How to hide suspicious imports
  • Reflective DLL Injection
  • Heaven’s Gate
  • Various methods to hook API calls
  • How to utilize IPC to ensure only one copy of your malware is running at a host at any given time

Although this is not an all-encompassing, definitive course on this subject, you will be provided with a solid foundational knowledge of how malware is implemented on Windows systems.

Going into this course, I already knew of most of these techniques, but haven’t explored them in depth. Most of my experience is from working on *nix systems. I felt that the courses from SEKTOR7 really helped me get familiarized with Windows malware.

I recommend this course as well as the Essentials course to anyone who has a fair amount of programming experience and is interested in Windows malware. You will probably have a hard time following along with this course if you do not understand the basics of C programming.

This course took me roughly 18 hours to work through and left me with a backlog of papers and articles to read, so I feel that it was worth the price of $229.

What’s Included

  • ~6 1/2 hours of on-demand video
  • 7 assignments
  • Zip file containing example C code
  • A Windows virtual machine with the all of the tools required to work through this course pre-installed

Final Project

The final project involved writing a password stealer for a popular disk encryption program. The instructor walks through the process of getting the password stealer working, and suggests making a handful of enhancements to this malware for self-study.


Links to bookmarks made while working through this course:

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s