X
About Us

The argument in favor of using filler text goes something like this: If you use real content in the Consulting Process, anytime you reach a review point you’ll end up reviewing and negotiating the content itself and not the design.

Gallery
Social Account

Evasion in Memory

Evasion in Memory

In-memory Evasion is a four—part mini-course related to memory detection. This course is designed for red teams who want to upgrade their skills in this area. It is also intended for blue teams who want to understand the red point of view on these methods.
  • A lot of practice The practical part of the course is a laboratory with specially prepared machines that are as close as possible to real combat conditions.
  • Duration of Training : 54 Hour

Training Info

Many analytics and automated solutions use various memory detections to find embedded DLLs in memory. Memory detections examine the properties (and contents) of processes, threads, and memory to find indicators of malicious activity in the current process.The red teams need to know what defenses they are working with and how their tools interact with those defenses. The field of memory detection has developed significantly over the past few years. Regardless of whether you are on the red side or on the blue side, I hope that you will find this point of view useful.

What will you learn as part of the course?

Observable properties of processes, threads, and memory with Process Hacker. We also consider general heuristics, indicators in memory that we want to avoid. Heuristics are discussed and how they interact with actions taken by a representative attack platform (in this case, Cobalt Strike). This training justifies that attack toolkits do strange things, but in some cases these deviations from the normal behavior of the program are optional. General tips for avoiding the strange behavior that these detections reveal are discussed. Then it gets to the point: the settings for how the Beacon Cobalt Strike payload lives in memory are explained and demonstrated. This lecture also shows how to perform an OPSEC check of your configuration before taking action on a target. Finally, it concludes with a discussion of the context of the process and how it affects the number of suspicious actions/indicators that an automated solution allows.

At the end of the course, you will receive all learning materials, including course PDFs/slides, content materials, source code for payloads, exploit.

Professional Skills

DSAS by INJECT's Red Teaming is based on the highest standards in the industry. Red Teaming testing allows you to conduct a comprehensive check of the organization's security level in accordance with international standards. Whether you like it or not, we live in the era of cyber warfare. Everyone here is divided into predators and victims, but we suggest you become a hunter.

MODULE EDUCATION

1 Module

Getting to know Memory Detection

2 Module

A Payload's Life

3 Module

Evasion

4 Module

Threat emulation

Contact Me

Your email address will not be published. Required fields are marked *