Zero2Hero: Analysis Of ASUS SHADOWHAMMER Attack | Zero2Hero | Zero 2 Automated | Products | Zero2Automated

Zero2Hero: Analysis Of ASUS SHADOWHAMMER Attack

Zero2Hero: Analysis Of ASUS SHADOWHAMMER Attack

This is an extra special episode of Zero2Hero. In this part, we dive into the shellcode used in the SHADOWHAMMER attack against ASUS. We use a mixture of tools to analyse this shellcode, starting of with BinDiff to determine the infected executable and where the malicious shellcode is executed, over to the usual IDA and x64Dbg for further analysis!

Zero 2 Automated

Buy nowLearn more

Chapter 0x00: Course Introduction

Course Introduction and Structure

Presentation Access

Discord Invite

IDA Pro & Hex-Rays Training Discount

Chapter 0x01: Algorithms

Delayed 0 days

Looking at Algorithms inside of Malware

Recognizing Common Cryptographic Algorithms - Encryption

"Recognizing Common Cryptographic Algorithms - Encryption" Samples

Chapter 0x02: Initial Stagers

Delayed 0 days

Unpacking Malware Samples

Diving into 1st Stage Loaders

Reversing Second Stage Loaders - IcedID

Reversing Second Stage Loaders - Zloader

Writing Automated Config Extractors and Emulators

Equation Editor Theory PDF: Exploit Analysis

"Unpacking Malware Samples" Samples

"Diving into 1st Stage Loaders" Macro Infected Documents

"Diving into 1st Stage Loaders" Equation Editor Exploiting Documents

"Reversing Second Stage Loaders" Samples

Chapter 0x03: Evasion

Delayed 3 days

Reverse Engineering Process Injection - Reflective, DLL, PE, Hollowing

Reverse Engineering Process Injection - Doppelganging, APC, EarlyBird

Reverse Engineering Process Injection - API Hooking

Reverse Engineering Process Injection - PROPagate Injection

Analyzing Anti-Analysis Mechanisms in Malware

Analyzing Persistence Mechanisms in Malware

Process Injection Theory PDF: PROPagate Injection

Process Injection Theory PDF: Process Doppelganging

Process Injection Theory PDF: Reflective DLL Injection

"Reverse Engineering Process Injection" Samples - Part 1

"Reverse Engineering Process Injection" Samples - Part 2

"Reverse Engineering Process Injection" Samples - Part 3

"Analyzing Anti-Analysis Mechanisms in Malware" Samples

"Analyzing Persistence Mechanisms in Malware" Samples

Practical Analysis

Delayed 5 days

Custom Sample README

Custom Sample 1

Chapter 0x04: Malware Internals

Delayed 7 days

Malware Internals: Qakbot Web Inject Loader (Part 1)

Malware Internals: Qakbot Web Inject Loader (Part 2)

Malware Internals: Worms & Spyware

Malware Internals: Ransomware, POS, Wipers, SpamBots, and RATs

"Malware Internals: Qakbot Web Inject Loader" Sample

"Malware Internals: Worms & Spyware" Samples

"Malware Internals: Ransomware, POS, Wipers, SpamBots, and RATs" Samples

Chapter 0x05: In-Depth Analysis

Delayed 10 days

Theory - Trickbot & Active Directory: In-Depth Analysis

Practical - Trickbot & Active Directory: In-Depth Analysis

Trickbot & Active Directory: Prototype Source Code (CPP)

Qakbot Deep Dive - First Stage Analysis

Qakbot Deep Dive - Second Stage Analysis

Qakbot Deep Dive - Communications Analysis

"Qakbot Deep Dive - First Stage Analysis" Sample

Compiled BriefLZ DLL

Qakbot Scripts

Chapter 0x06: Exploitation

Delayed 12 days

Trickbot Case Study: EternalBlue & EternalRomance - Theory

Trickbot Case Study: EternalBlue & EternalRomance - Practical

Analysing a Kernel Level Priv. Esc. Exploit: CVE-2014-4113

Kernel Level Priv. Esc. Exploit Samples

Analysing a Vulnerable Driver Exploitation Technique for Disabling DSE

Vulnerable Driver Exploitation Samples

Analyzing a UAC Bypass

Chapter 0x07: Decompilable2Src Malware

Delayed 14 days

Analyzing Uncompiled & Decompilable Malware

"Analyzing Uncompiled & Decompilable Malware" Samples

Chapter 0x08: Threat Intelligence

Delayed 15 days

Hunting for Automated Signature Development - YARA

Threat Intelligence - Part 1

Threat Intelligence - Part 2

Chapter 0x09: Shellcode Analysis

Delayed 17 days

Analysing Shellcode Statically and Dynamically

"Analysing Shellcode Statically and Dynamically" Samples

Chapter 0x0A: Rootkits & Bootkits

Delayed 20 days

TrickBoot Theory PDF: Technical Details

Analyzing Trickbot's Bootkit Vulnerability Reconnaissance Tool: Trickboot

permaDll32.zip

Final Examination

Delayed 21 days

Examination Brief

Zero2Automated Exam: Theory

Biweekly Malware Challenges

Challenge #1: Gozi String Decryption

Challenge #2: IcedID Configuration Extraction

Challenge #3: Oski Stealer String Decryption

Challenge #4: Operation DreamJob

Zero2Hero

Zero2Hero: Algorithms - RC4

Zero2Hero: How Attackers Gain Footholds

Zero2Hero: Persistence

Zero2Hero: Privilege Escalation

Zero2Hero: Analysis Of ASUS SHADOWHAMMER Attack

Zero2Hero: Basic Injection Techniques

Zero2Hero: RigEK - Theory

Zero2Hero: RigEK - Practice Part 1

Zero2Hero: RigEK - Practice Part 2

Zero2Hero: POS - Theory

Zero2Hero: POS - Practice

Zero2Hero: FIN7 Insights - Theory

Zero2Hero: FIN7 Insights - Practice Part 1

Zero2Hero: FIN7 Insights - Practice Part 2

Zero2Hero: Trickbot Hooking Engine - Theory

Zero2Hero: Trickbot Hooking Engine - Practice

Zero2Hero: Golang Usage in Malware - Theory

Zero2Hero: Golang Usage in Malware - Practice

Zero2Hero: YARA Hunting for Code Reuse - Theory

Zero2Hero: YARA Hunting for Code Reuse - Practice

Zero2Hero: Malware Samples

Zero2Automated: Malware Walkthroughs E-Book

Zero2Automated Malware Walkthroughs

Zero2Automated Malware Walkthroughs - EPUB (Test)

Blog Posts

Netwalker - From static RE to automatic extraction

Resources

Link to Windows 7 VM