2025-10-24 –, Hollenfels
Whether you are a Red Team or Blue Team specialist, learning the techniques
and tricks of malware development gives you the most complete picture of
advanced attacks. Also, due to the fact that most (classic) malwares are written
under Windows, as a rule, this gives you tangible knowledge of developing under Windows.
The course will teach you how to develop malware, including classic tricks and tricks of modern ransomware found in the wild. Everything is supported by real examples.
The course is intended for Red Team specialists to learn in more detail the tricks of malware development (also persistence and AV bypass) and will also be useful to Blue Team specialists when conducting investigations and analyzing malware.
The course is divided into four logical sections:
- Malware development tricks and techniques (classic injection tricks, DLL injection tricks, shellcode running)
- AV evasion tricks (Anti-VM, Anti-Sandbox, Anti-disassembling)
- Persistence techniques
- Cryptographic functions in malware development (exclusive)
- Malware Development for Android and Linux (bonus)
Most of the example in this course require a deep understanding of the Python, Kotlin
and C/C++ programming languages.
Knowledge of assembly language basics is not required but will be an advantage
Malware Development and Persistence Tricks for Ethical Hackers
MALWARE INJECTION TECHNIQUES:
1. Traditional Injection Approaches: Code and DLL (2 practical examples, LAB + 1 homework)
2. Exploring Hijacking Techniques (1 practrical example, LAB + 1 homework)
3. Understanding Asynchronous Procedure Call (APC) Injections (1 practical example, LAB + 1 homework)
4. Mastering API Hooking Techniques (1 practical example, LAB)
PERSISTENCE MECHANISMS:
5. Classic Path: Registry Run Keys ( 1 practical example, LAB)
6. Persistence via Winlogon Process ( 1 practical example, LAB)
7. Exploiting Windows Services for Persistence ( 1 practical example, LAB + 1 homework)
8. Exploring Non-Trivial Loopholes ( 2 practical examples, LAB + 1 homework)
MALWARE FOR PRIVILEGE ESCALATION:
9. Manipulating Access Tokens like APT (1 practical example, LAB + 1 homework)
10. Password stealing (1 practical example, LAB + 1 homework)
11. Malware for bypass User Access Control (1 practical example LAB + 1 homework)
ANTI-VM AND AV BYPASSING
12. Anti-Virtual Machine Strategies (4 practical example, LAB + 1 homework)
13. Practical use of hash algorithms in malware ( 1 practical example, LAB + 1 homework)
14. Evasion Static Detection ( 1 practical example, LAB + 1 homework)
15. Evasion Dynamic Detection (1 practical example, LAB + 1 homework)
16. Advanced Evasion Techniques (1 practical example, LAB + 1 homework)
17. Cryptography for bypassing security solutions ( 4 practical examples, LAB + 2 homework)
Linux and Android Malware
18. Linux Kernel Hacking (1 practical example, LAB)
19. Linux process injection (1 practical example, LAB)
20. Introduction to Android Malware (3 practical examples, LAB)
21. Leveraging legit APIs for Android Malware (2 practical examples, LAB)
RESEARCH AND PRACTICE:
22. Simple ciphers for malware development (3 practical examples, LAB + 1 homework)
23. The Power of Base64 Algorithm (2 practical examples, LAB + 1 homework)
24. Elliptic Curve Cryptography (ECC) and Malware ( 1 practical example, LAB + 1 homework)
cybersecurity enthusiast, author, speaker and mathematician. Author of popular books:
MD MZ Malware Development Book (2022, 2024)
MALWILD: Malware in the Wild Book (2023)
Malware Development for Ethical Hackers Book: https://www.amazon.com/dp/1801810176 (2024)
Author and tech reviewer at Packt. Co founder of MSSP Research LAB, author of many cybersecurity blogs, HVCK magazine
Malpedia contributor
Speaker at BlackHat, Security BSides, Arab Security Conference, Hack.lu, Standoff, etc conferences