Malwaredevacademy course for free.
├───Anti-Analysis - Introduction
├───Anti-Debugging - Multiple Techniques
├───Anti-Debugging - Self-Deletion
├───Anti-Virtual Environments - API Hammering
├───Anti-Virtual Environments - Multiple Delay Execution Techniques
├───Anti-Virtual Environments - Multiple Techniques
├───APC Injection
├───API Hooking - Custom Code
├───API Hooking - Detours Library
│ └───a_data
├───API Hooking - Introduction
├───API Hooking - Minhook Library
├───API Hooking - Using Windows APIs
├───Binary Entropy Reduction
├───Brute Force Decryption
├───Bypassing AVs
├───Callback Code Execution
├───Coding Basics
├───CRT Library Removal & Malware Compiling
├───Detection Mechanisms
├───Dynamic-Link Library
├───Early Bird APC Injection
├───Evading Microsoft Defender Static Analysis
├───IAT Camouflage
├───IAT Hiding & Obfuscation - API Hashing
├───IAT Hiding & Obfuscation - Compile Time API Hashing
├───IAT Hiding & Obfuscation - Custom GetModuleHandle
├───IAT Hiding & Obfuscation - Custom GetProcAddress
├───IAT Hiding & Obfuscation - Custom Pseudo Handles
├───IAT Hiding & Obfuscation - Introduction
├───Indirect Syscalls - HellsHall
├───Introduction To EDRs
├───Introduction To Malware Development
├───Introduction To Payload Encryption
├───Introduction To The Windows API
├───Local Function Stomping Injection
├───Local Mapping Injection
├───Local Payload Execution - DLL
├───Local Payload Execution - Shellcode
├───Maldev Academy Tool - HellShell
├───MalDev Academy Tool - KeyGuard
├───Maldev Academy Tool - MiniShell
├───Malware Binary Signing
├───NTDLL Unhooking - From a Suspended Process
├───NTDLL Unhooking - From a Web Server
├───NTDLL Unhooking - From Disk
├───NTDLL Unhooking - From KnownDlls Directory
├───NTDLL Unhooking - Introduction
├───Parsing PE Headers
├───Payload Encryption - AES Encryption
├───Payload Encryption - RC4
├───Payload Encryption - XOR
├───Payload Execution Control
├───Payload Obfuscation - IPv4_IPv6Fuscation
├───Payload Obfuscation - MACFuscation
├───Payload Obfuscation - UUIDFuscation
├───Payload Placement - .data & .rdata Sections
├───Payload Placement - .rsrc Section
├───Payload Placement - .text Section
├───Payload Staging - Web Server
│ └───a_data
├───Payload Staging - Windows Registry
├───Portable Executable Format
├───Process Argument Spoofing (1)
├───Process Argument Spoofing (2)
├───Process Enumeration - EnumProcesses
├───Process Enumeration - NtQuerySystemInformation
├───Process Injection - DLL Injection
├───Process Injection - Shellcode Injection
├───Remote Function Stomping Injection
├───Remote Mapping Injection
├───Required Tools
├───String Hashing
├───Syscalls - Hell's Gate
├───Syscalls - Introduction
├───Syscalls - Reimplementing APC Injection
├───Syscalls - Reimplementing Classic Injection
├───Syscalls - Reimplementing Mapping Injection
├───Syscalls - SysWhispers
├───Syscalls - Userland Hooking
├───Thread Hijacking - Local Thread Creation
├───Thread Hijacking - Local Thread Enumeration
├───Thread Hijacking - Remote Thread Creation
├───Thread Hijacking - Remote Thread Enumeration
├───Undocumented Structures
├───Updating Hell's Gate
├───Welcome Module
├───Windows Memory Management
└───Windows Processes
