Learn Code Injection Techniques And Take Your Security Skills To The Next Level!
Code injections allow you to execute code in benign processes on the system in order to bypass security solutions. Learn these techniques and enhance your reversing and pentesting skills.
David Korczynski’s new course is at the Novotel London West, Hammersmith from the 3rd – 5th of December, 2019.
This 3-Day course takes you from beginner to advanced, both implementing and learning how to defend against Code Injections from the foundations to the cutting edge.
Who Should Take This Course
- Malware analysts
- Threat Analysts and hunters
- Incident Responders
- Red Team members
- Security Engineers
“If you’re thinking of taking CC SAS, this course is a must-see”
You Won’t Fully Understand Advanced Persistent Threats Until You Understand Code Injection
From Zeus Panda to APT38, modern malware operators use code injection techniques for stealth and persistence. Understanding code injection techniques involved hunting white papers spread across the Internet, and trying to work on each technique indivdiually… Until now.
This course covers various code injection techniques, starting with the basic CreateRemoteThread and working all the way up to advanced techniques used in high-end nation state malware. Whether you’re engaged in adversary simulation, or threat hunting, this course gives you the tools you need to step up your game from the very next day.
As well as the course, you’ll receive an exclusive invite to 44CON’s quarterly 44CONnect events over the next 12 months. At your first 44CONnect, dinner’s on us.
What You’ll Learn
- Basic and Advanced techniques
- Each technique’s strengths and weaknesses
- Code injection technique detection
- Code injection analysis and debugging
- APT-grade code-injection technique chaining
- Practical “Atom Bombing” and “Powerloading”
Course Outline
Day 1 – First Steps
- Introduction and Course Overview
- Introducing the toolbox
- Lunch
- Understanding physical and virtual memory, and Windows processes
- First code injection techniques (CreateRemoteThread)
- Executing and monitoring code injections
- Extracting code injection artifacts
Day 2 – Real-World Attacks
- Day 1 Recap
- Reflective code injection without touching disk
- Lunch
- Constructing and analysing reflective code injection
- Process hollowing and hooking
- Deep analysis of real-world attack
- Deep-dive into a real-world malware sample that heavily utilises code injections.
Day 3 – Going Pro
- Day 2 Recap
- Chaining code injections together like APTs
- Lunch
- Introduction to Return Oriented Programming (ROP) and Data Execution Prevention (DEP)
- Introduction to Windows shared objects and shared sections
- PowerLoader – Targeted code injection using exploit-like features
- Building and analysing PowerLoader
- Real-world example of PowerLoader malware
- Atom Bombing – Advanced code injection against any Windows process
- Early-bird code injection
- Process Doppelganging code injection
- Course summary and conclusion
What To Bring
- A Laptop capable of connecting to the Internet over WiFi
- A Windows Remote Desktop Client
- The course is mostly cloud based and labs are accessed remotely.
What Students Are Provided With
- Printed course book
- Source code and binaries of introduced code injections
- Real-world malware examples using code injection techniques, with relevant and detailed analysis.
- Access to online platform with exercises and content
3 Days of Training at a Premium London Venue.
Book Now at only £1950 Inc. VAT!
4 Reasons Why You’ll Want To Train With 44CON
Venue
Focus on learning with our spacious, air-conditioned rooms. The comfort doesn’t stop there, with incredible food at lunch and in breaks.
Serious Savings
Save over 50% with us compared to the same courses at other events in London. Get the Vegas experience without the cost.
44CONnect
Get exclusive invites to 44CONnect – our quarterly event with talks and more. Invites run for 12 months after your last course.
44CON Discounts
You’ll receive an exclusive £50 discount code for standard tickets to the next main 44CON event: the UK’s best security conference.
Meet The Trainer: David Korczynski
David Korczynski is a researcher in software security and program analysis. He specialises in building tools to automate reverse engineering, be it custom malware sandboxes, static analysis tools, automatic bug finders, compiler extensions etc. He is a co-founder of Ada Logics, a company that specialises in advanced software research for high-profile industry clients. Ada Logics specialises in automatic program analysis for software security.
David finished his PhD in Computer Science at Oxford University where he specialised in automatic analysis of malware that use advanced code injection techniques and other complex obfuscation techniques. He has carried out software security research in both industry and academia.
44CON December Bonus: Hootenanny Tickets Included!
The 44CONnect Hootenanny is an end-of-year one day event on the 6th of December.
The Hootenanny has a single talk track, a workshop track and an escape room track. We’ll have workshops from our trainers so you can get a taste of their courses, and a bunch of invited talks at the level of quality you’ve come to expect from a full 44CON. The event is fully catered, of course.
All December training attendees automatically receive a Hootenanny ticket as part of their booking. Those who’ve attended training at any time in 2019 can join our wait list. Tickets will be issued to the wait list two weeks before the Hootenanny event.
Watch David Talk About Code Injection
Capturing Malware Propagation
Still unsure if this is the right course for you? Watch David talk about capturing malware propagations with code injection and code reuse attacks, delivered at the ACM CCS in 2017.
David has since completed his Oxford Phd and continues to research malware and code injection at Ada Logics.
https://www.youtube.com/watch?v=3HIPl0SylT8
Stay In Touch
Like the NSA, our newsletter will be in your inbox every Tuesday. Unlike the NSA, you can unsubscribe at any time.