Instructor:

Joshua Abraham (jxaics at-sign rit dot edu)

Office Hours: Available most evenings after 8:30pm by appointment.

Description

A hands-on, in-depth approach to building cyber capabilities on Windows 10 (x64). We will cover Windows architecture, 
user-mode execution, OS primitives, PE file format, process injection, shellcode, and building extendable/modular 
software. This course includes a strong technical focus using hands-on learning and pair programming; as we complete 
a cumulative project. We will also cover the ethics of developing offensive capabilities and why understanding how 
to build cyber capabilities will prepare students for a career in the security industry.

A strong background with C/C++ is required, as well as being comfortable using Git.

Textbook

None. All required resources will be provided.

VM Setup / Hardware

* Host system must be 64 bit (x64). Unfortunately ARM and Apple Silicon (M1-M3) will not work.
* Recommended CPU should be quad-core or better.
* 8 GB of RAM.
* At least 80GB of free space.
* VMWare Workstation Pro. https://offsec.csec.rit.edu/files/VMware-workstation-full-17.5.2-23775571.exe (or later)

Ref: https://www.mikeroysoft.com/post/download-fusion-ws/

Expectations

* Act with integrity
* Do no harm
* Execute only on authorized systems. No exceptions!
* Course materials including code, won’t become public.
* You are responsible for your own learning. If you dont understand it's your job to gain clarity.
* You will learn by doing labs. Homework is where you apply the learning.
* Respect everyone

Course Values

Respect and Inclusive

This course is inclusive of all participants, regardless of personal identity (gender, race, sexual orientation, etc.).

Late Assignments

Homework or Labs that are submitted after the deadline will not be accepted.

Learning Objectives

Students that complete this course will be able to:

* Develop custom tools using Windows APIs.
* Design and implement real-world client/server C2 communications.
* Extend Windows applications at runtime using process injection.
* Build custom shellcode and DLLs to perform common OS tasks.
* Manipulate Windows by leveraging OS design choices.

Course Calendar

The following is a rough outline of the course calendar and is therefore subject to change.

* Introduction
* Windows Architecture & Filesystem
* WinInet & Making comms work
* Basic Tasking, Host Enumeration and Processes
* Process Injection
* PE Format
* PIC Shellcode
* Module Loading
* Privileges & Registry
* Evasion
* C2 Comms, Redirectors and Alt Comms