SEKTOR7 Institute Logo
Login
SEKTOR7 Institute/RTO: Malware Development Essentials
Buy now
RED TEAM Operator: Malware Development Essentials

  • $499

RTO: Malware Development Essentials

  • 34 Lessons
  • 365-day access

A course on becoming a better ethical hacker, pentester and red teamer by learning offensive security tools development in Windows.
Buy now

Welcome to Malware Development Essentials course!

Are you a pen tester having some experience with Metasploit or Empire frameworks? Or maybe you take your first steps as an ethical hacker and you want to know more about how all these offensive tools work? Or you are a blue teamer or threat hunter who needs to better understand the internal workings of malware?

This course will provide you the answers you're looking for. It will teach you how to develop your own custom offensive security tool (OST) for Microsoft Windows. And by custom OTA we mean building a dropper for any payload you want (Metasploit meterpreter, Empire or Cobalt Strike beacons, etc.), injecting your shellcodes into remote processes, creating trojan horses (backdooring existing software) and bypassing Windows Defender AV.

You will receive a virtual machine with complete environment for developing and testing your software, and a set of source code templates which will allow you to focus on understanding the essential mechanisms instead of less important technical aspects of implementation.

COURSE IN A NUTSHELL

You Will Learn

  • What is malware development
  • What is PE file structure
  • Where to store your payload inside PE
  • How to encode and encrypt payloads
  • How and why obfuscate function calls
  • How to backdoor programs
  • How to inject your code into remote processes

What Will You Get?

  • Full-blown videos explaining all techniques in detail
  • Transcription with English subtitles
  • Text supplements with additional information (code snipets, structure definitions, technology description and context, etc.)
  • Source code with code templates for rapid development
  • VM image with ready-to-use development environment

Requirements

  • Understanding of operating system architecture

  • Some experience with Windows OS

  • Basic knowledge about C and Intel assembly

  • Computer with Intel-compatible CPU, min. 4 GB of RAM + 30 GB of free disk space

  • VirtualBox 6.0+ installed

  • Strong will to learn and having fun

Target Audience

  • Ethical Hackers
  • Penetration Testers
  • Blue Teamers
  • Threat Hunters
  • All security engineers/professionals wanting to learn advanced offensive tactics

Contents

Intro and Setup

Short introduction to malware development and setting up our test environment
Introduction
  • 3 mins
  • 5.88 MB
Development VM Setup
  • 6 mins
  • 16.5 MB
RTO-Win10.ova
    RTO-maldev.zip
    • 1.94 MB
    RTO-maldev-encrypted.zip
    • 1.94 MB
    Shellcodes

      Portable Executable

      Explore PE files, their structure and where is a good place for your payload
      PE files - format and structure
      • 4 mins
      • 16.6 MB
      PE Bear - looking inside
      • 5 mins
      • 18.3 MB
      Preview
      Generating EXE vs DLL
      • 6 mins
      • 12.8 MB
      PE compilation
      • 11 mins
      • 40.5 MB

      Droppers

      Learn how to write custom droppers
      Storing payloads in code section
      • 13 mins
      • 46.7 MB
      Data section as a container
      • 6 mins
      • 24.1 MB
      Preview
      Payloads in resource section
      • 11 mins
      • 41.1 MB
      Where to store payloads?
      • 6 mins
      • 11.2 MB

      Obfuscation and Hiding

      Discover how to hide your code from static and dynamic analysis
      Payload encoding
      • 10 mins
      • 39.2 MB
      Preview
      Encrypting payloads - XOR
      • 7 mins
      • 32.4 MB
      Encrypting payloads - AES
      • 7 mins
      • 28 MB
      Antivirus vs call obfuscation
      • 4 mins
      • 8.84 MB
      Implementing function call obfuscation
      • 12 mins
      • 40.2 MB
      Encoding and Encryption
      • 6 mins
      • 11.2 MB

      Backdoors and Trojans

      Learn how to backdoor existing software and convert it into a custom trojan.
      Backdooring PE theory
      • 5 mins
      • 9.52 MB
      Making Putty a trojan
      • 21 mins
      • 101 MB

      Code Injection

      Explore potential ways to inject your payload with classic shellcode and DLL injections
      Injecting code into remote process
      • 5 mins
      • 8.87 MB
      Implementing code injection
      • 9 mins
      • 35 MB
      Loading DLLs into remote process
      • 6 mins
      • 12.5 MB
      DLL generator and injector
      • 8 mins
      • 30.6 MB
      What is code injection?
      • 5 mins
      • 11.1 MB

      Extras

      Making program invisible
      • 8 mins
      • 27.8 MB

      Combined Project

      Take everything what you have learned so far, and build a new custom dropper
      Dropper implementation
      • 25 mins
      • 100 MB
      Bypassing Windows Defender
      • 17 mins
      • 74.3 MB
      Assignment
        Dropper overview
        • 1 min
        • 2.53 MB
        Preview

        Summary

        Your Feedback
          Course closing information
          • 4 mins
          • 7.23 MB

          Instructor: reenz0h

          Chief Research Officer at SEKTOR7. In the industry for over 20 years. Worked in global Red Team for almost a decade. Simulated threat actors targeting IT infrastructure across various industries (financial, technology, industrial, energy, aviation) around the world. Speaker at HackCon, PWNing, WTH@ck, Sec-T, T2, DeepSec. Gave guest lectures at several military and civil academies and universities.

          Founder of x33fcon security conference
          and SEKTOR7 offensive research company
          XYoutubeWebsite

          FAQs

          Why malware development?

          So-called malware development in the context of legal security testing is also known as offensive security tool (OST) development or Offensive Coding. The goal is to teach all cybersecurity professionals, both red and blue teams, to use this knowledge to better understand how real threat actors operate and use different techniques (TTP). This approach should significantly improve the skillset of offensive and defensive teams in testing and securing the production environments of their customers and employers in the long run.

          How long is the course?

          All videos are about 4h long.

          What language is used in the course?

          All videos, text and materials are in English.

          Is it on-line course only?

          The course is composed of 2 types of materials. Videos, which are available on-line only, and virtual machine with source code templates, which can be downloaded and stored on your computer, so you can access it later off-line.
          In case of video download attempts, access to the content will be revoked.

          How long is the course available after purchase?

          After you purchase the course, you have access to all the videos and materials for 365 days. You can learn whenever you want, the content will always await for you within that time frame.
          Moreover, any updates to the course materials (ie. new modules, new videos, new files, etc.) will also be available for anyone who purchased the course without any extra charge.

          Do I have to be an expert in C language or Intel assembly?

          No. Although some level of experience in C programming and Intel assembly reading is required, you don't have to be an expert in this field. Basic knowledge about the syntax, data structures and function calling convention is enough during the course.
          For refresher check these resources: 

          How can I get an invoice?

          You can get an invoice after you purchase the course.
          After logging into your account, first go to Settings and edit Address (including business details like company name and tax ID). Then save and go to Billing and just download the invoice.

          How to change VAT rate?

          When you are registering in the course, you can choose VAT rate appropriate for your country (if you are from EU). After you supply your email, the system will present you a price with suggested VAT rate, and, if a tax rate is inappropriate or you do not qualify for VAT because of your tax residence, adjust the rate by clicking on update and chose your country of residence.

          Can I get a Certificate of Completion?

          When the course is finished, Certificate of Completion will be generated automatically. The notification email will be send with CoC access details.
          To include your name on the certificate, please provide your first and last name in your profile Settings.

          Can I share my account with others?

          Unfortunately, we consider this unfair and therefore it is prohibited. We try to keep our prices affordable so that the course can reach as many students as possible.

          Legal Disclaimer

          All the materials are for educational and research purposes only.
           
          Do not attempt to violate the law with anything contained in materials produced by Sektor7. Neither administration of this server, the authors of this material, or anyone else affiliated in any way, is going to accept responsibility for your actions.

          By using institute.sektor7.net and its contents, you accept that you will only lawfully use it in a test lab – with devices that you own or are allowed to conduct penetration tests for your customers and clients.

          Do not abuse this material. Be responsible.