Malware Development: System Calls

#Malware #Development

🦠 Use code "CROW10" for 10% OFF your order when you checkout at Maldev Academy! https://maldevacademy.com/?ref=crow

I sincerely hope you enjoyed watching this installment of our ongoing malware development series. I know the kernel debugging portion was a bit rushed, and for that, I apologize. I had an entire segment dedicated to kernel debugging, the intricacies of MSRs as well as the incredible CPUID instruction, and all of that planned out for this video but as you could imagine, had I included that, the video would be a month-long. So instead, I'm working on a blog post that will take you into harrowing depths of that entire process, so make sure you look out for it here: https://www.crow.rip/

Either way, thank you so much for watching, nerds! :D

🌐 Websites/Things Mentioned + Extra Reading:
Once I finish my blog, I'll include a link to the references section which will have all of these links and a LOT more.

Intel® 64 and IA-32 Architectures Software Developer Manuals: https://www.intel.com/content/www/us/...
A Syscall Journey in the Windows Kernel: https://alice.climent-pommeret.red/po...
The Quest for the SSDTs: https://www.codeproject.com/Articles/...
System Service Descriptor Table - SSDT: https://www.ired.team/miscellaneous-r...
OS2's Free Internals Course: https://p.ost2.fyi/courses/course-v1:...
HellsGate: https://github.com/am0nsec/HellsGate/...
Direct Syscalls vs Indirect Syscalls: https://redops.at/en/blog/direct-sysc...
ByePg: Defeating Patchguard using Exception-hooking: https://blog.can.ac/2019/10/19/byepg-...
Infinity Hook: https://github.com/everdox/InfinityHook
GhostHook – Bypassing PatchGuard with Processor Trace Based Hooking: https://www.cyberark.com/resources/th...

⚠️ Disclaimer:
The information presented in this video is for educational purposes only. It is not intended to be used for illegal or malicious activities. The creator and any individuals involved in the production of this video are not responsible for any misuse of the information provided. It is the responsibility of the viewer to ensure that they comply with all relevant laws and regulations in their jurisdiction.

💖 Support My Work
  / cr0w  
https://ko-fi.com/cr0ww
https://www.buymeacoffee.com/cr0w
Join this channel to get access to perks:
   / @crr0ww  

🔖 My Socials
  / discord  
https://www.crow.rip/
https://github.com/cr-0w
  / cr0ww_  

The images and music used in this video are used under the principle of fair use for the purpose of criticism, comment, news reporting, teaching, scholarship, and research. I do not claim ownership of any of the images/music and they are used solely for the purpose of enhancing the content of the video. I respect the rights of the creators and owners of these images and will remove any image upon request by the rightful owner.

Copyright Disclaimer under section 107 of the Copyright Act of 1976, allowance is made for “fair use” for purposes such as criticism, comment, news reporting, teaching, scholarship, education, and research. Fair use is a use permitted by copyright statute that might otherwise be infringing.

🕰️ Timestamps:
00:00 - Intro
02:38 - Learn Malware Development
04:26 - Today's Agenda
05:07 - Recap
07:48 - Post Syscall Invocation
16:20 - Direct Syscalls
20:05 - API Hooking Demo
25:36 - Back to Direct Syscalls
37:53 - Indirect Syscalls
44:28 - Outro