The Black Magicks of Malware: Function Call Obfuscation 

Hey All, just wanted to drop by and say thank you for everything you do! I've been watching your streams, VODs, and videos for the past year, soaking in your advice and recommendations. As a result, I landed my first job offer and joined a great company! Wishing you all the best, and once again, thank you!

I’ve only tested it for kernel mode imports but it should be possible either way. The only hard thing is finding the base address of the DLL you’re looking for (because of ASLR). Most should be automatically loaded so you should be able to get it by iterating the loaded modules list from the PEB. (gs:60 iirc)

🎉🎉🎉 behold, he is back on yt!! Glad to see you again!

Awesome to see you back bud. Currently working through OSEP, so this is well timed.

Great to see series coming back!

Doing WinAPI function calls in my reverse engineering class right now, this was super helpful!

Awesome explanation I will definitely need to play around with this and see if I can find anything. Thanks for the content!

Appreciate that you are back!

spectacular! I'm a little thin on coding experience so I appreciate the boilerplate code. Thank you Al!

Dude your content is pure gold!!!

welcome back to youtube

Ayyye new video!

CHEF CRISP WUZ HERE!

nice vid!

no, throwing a meterpreter instead of calc will not work as well, especially with C# and an EDR on board. it will probably get flagged before you get to launch it