This presentation explores my discovery of unconventional malware persistence techniques through registry modifications and DLL hijacking vulnerabilities. We'll delve into cases involving Windows Internet Explorer, Win32API cryptographic features, Windows Troubleshooting, Microsoft Teams (patched), and Process Hacker 2 (patched in v3). The research highlights the exploitation of legitimate Windows resources for persistence and compares these methods with traditional techniques employed by APT groups and ransomware authors.

Malware Development and Persistence Techniques.
The course will teach you how to develop malware, including classic tricks and tricks of modern ransomware found in the wild. Everything is supported by real examples.
The course is intended for Red Team specialists to learn in more detail the tricks of malware development (also persistence and AV bypass) and will also be useful to Blue Team specialists when conducting investigations and analyzing malware.

The course is divided into four logical sections:
- Malware development tricks and techniques (classic injection tricks, DLL injection tricks, shellcode running)
- AV evasion tricks (Anti-VM, Anti-Sandbox, Anti-disassembling)
- Persistence techniques
- Cryptographic functions in malware development (exclusive)