2026-05-06 –, Workshops and Stage - Gernsback (C1.05.02)
Whether you are a Red Team or Blue Team specialist, learning the techniques and tricks of malware development gives you the most complete picture of advanced attacks. Also, due to the fact that most (classic) malwares are written under Windows, as a rule, this gives you tangible knowledge of developing under Windows.
The course will teach you how to develop malware, including classic tricks and tricks of modern ransomware found in the wild. Everything is supported by real examples.
The course is intended for Red Team specialists to learn in more detail the tricks of malware development (also persistence and AV bypass) and will also be useful to Blue Team specialists when conducting investigations and analyzing malware.
The course is divided into four logical sections:
- Malware development tricks and techniques (classic injection tricks, DLL injection tricks, shellcode running)
- AV evasion tricks (Anti-VM, Anti-Sandbox, Anti-disassembling)
- Persistence techniques
- Cryptographic functions in malware development (exclusive)
- Malware Development for Android and Linux (bonus)
Most of the example in this course require a deep understanding of the Python, Kotlin
and C/C++ programming languages.
Knowledge of assembly language basics is not required but will be an advantage
The course will teach you how to develop malware, including classic tricks and tricks of modern ransomware found in the wild. Everything is supported by real examples.
The course is intended for Red Team specialists to learn in more detail the tricks of malware development (also persistence and AV bypass) and will also be useful to Blue Team specialists when conducting investigations and analyzing malware.
The course is divided into four logical sections:
- Malware development tricks and techniques (classic injection tricks, DLL injection tricks, shellcode running)
- AV evasion tricks (Anti-VM, Anti-Sandbox, Anti-disassembling)
- Persistence techniques
- Cryptographic functions in malware development (exclusive)
- Malware Development for Android and Linux (bonus)
Most of the example in this course require a deep understanding of the Python, Kotlin
and C/C++ programming languages.
Knowledge of assembly language basics is not required but will be an advantage
Training Outline (detailed, timed - total ~8 hours):
MALWARE INJECTION TECHNIQUES:
1. Traditional Injection Approaches: Code and DLL (2 practical examples, LAB + 1 homework) - 20 min
2. Exploring Hijacking Techniques (2 practical examples, LAB + 1 homework) - 20 min
3. Understanding Asynchronous Procedure Call (APC) Injections (2 practical examples, LAB + 1 homework) - 15 min
4. Mastering New Injection/Hooking Techniques (4 practical example, LAB) - 20 min
PERSISTENCE MECHANISMS:
5. Classic Path: Registry Run Keys / Persistence via Registry Keys ( 3 practical example, LAB) - 15 min
6. Persistence via Winlogon Process ( 2 practical example, LAB) - 15 min
7. Exploiting Windows Services for Persistence ( 2 practical examples, LAB + 1 homework) - 15 min
8. Exploring Non-Trivial Loopholes and New Persistence Techniques ( 5 practical examples, LAB + 2 homework) - 15 min
MALWARE FOR PRIVILEGE ESCALATION:
9. Manipulating Access Tokens like APT (1 practical example, LAB + 1 homework) - 15 min
10. Password stealing / LSASS.exe dumping (3 practical example, LAB + 1 homework) - 15 min
11. Malware for bypass User Access Control (2 practical example LAB + 1 homework) - 15 min
ANTI-VM AND AV BYPASSING
12. Anti-Virtual Machine Strategies (4 practical example, LAB + 1 homework) - 15 min
13. Practical use of hash algorithms in malware ( 1 practical example, LAB + 1 homework) - 15 min
14. Evasion Static Detection ( 1 practical example, LAB + 1 homework) - 15 min
15. Evasion Dynamic Detection (1 practical example, LAB + 1 homework) - 15 min
16. Advanced Evasion Techniques (1 practical example, LAB + 1 homework) - 15 min
17. Cryptography for bypassing security solutions ( 4 practical examples, LAB + 2 homework) - 15 min
Linux and Android Malware
18. Linux Kernel Hacking (1 practical example, LAB) - 15 min
19. Linux process injection (1 practical example, LAB) - 15 min
20. Introduction to Android Malware (3 practical examples, LAB) - 40 min
21. Leveraging legit APIs for Android Malware (2 practical examples, LAB) - 40 min
RESEARCH AND PRACTICE:
22. Simple Tricks and Automation for Malware Development and Emulation (3 practical examples, LAB + 1 homework) - 15 min
23. How to find New Persistence Techniques (2 practical examples, LAB + 1 homework) - 15 min
24. Elliptic Curve Cryptography (ECC) and Malware ( 1 practical example, LAB + 1 homework) - 15 min
cybersecurity enthusiast, author, speaker and mathematician. Author of popular books:
MD MZ Malware Development Book (Github, 2022, 2024)
MALWILD: Malware in the Wild Book (Github, 2023)
Malware Development for Ethical Hackers Book: (Packt, 2024)
AIYA Mobile Malware Development Book (Github, 2025)
Malware Development for Ethical Hackers 2nd edition (Packt, 2026, in progress)
Author and tech reviewer at Packt.
Co founder of various cybersecurity research labs, author of many cybersecurity blogs, HVCK magazine
Malpedia contributor
Speaker at BlackHat, DEFCON, Security BSides, Arab Security Conference, Hack.lu, Positive Hack Talks, etc conferences