Exploiting Windows API for Red Teaming
I have given months to this series and explained the concepts of windows api exploitation for red and blue teaming. This is a combination of two courses from Pentesters Academy – Windows API Exploitation Recipes and Windows Process Injection for Red-Blue Teams and my own research on the topics. I will start with the basics of information gathering to advanced process injection and execution topics.
This is an education course so I will be using administrator privileges for generating the valid output of the projects and later might discuss the evasion and privilege escalation techniques as well in the series.
- Basic of C++ programming
- The virtual environment of Windows OS with at least 4 GB memory and 50 GB disk space
- Windows 10 latest version (here)
- Visual Studio 2022 Community Edition (here)
- Windows Process Listing
- Using WTSEnumerateProcessesEx API from WtsApi32.lib (Part 1 and Part 2)
- Using EnumProcesses API from psapi
- Using CreateToolhelp32Snapshot API from TlHelp32.h
- Using NtQuerySystemInformation API from Ntdll.dll
- Dumping Token Information from the Process's Handle
- Reading and Writing into the Process's Memory
- Process Injection Techniques