vulncon
Arun Nair
Security Researcher
vulncon
Aravind Prakash
Red Team Operator, Resillion

Name of Traning:

Offensive Tradecraft Development

A full description of the training:

This intensive training program is designed to empower participants with the expertise and capabilities required for the development of sophisticated tradecraft, tailored for responsible red teaming. Through a combination of comprehensive theoretical lectures, hands-on demonstrations, and practical exercises, participants will acquire an in-depth comprehension of cutting-edge malware development techniques.

Within legal boundaries, this training equips participants with the ability to craft evasive malware that can infiltrate targeted systems while adhering to responsible red teaming practices. By the end of the training, participants will not only possess a comprehensive understanding of the latest malware development techniques but will also be proficient in developing customized malware tailored for red team operations

Outline of the Class

Day 1:

  • Portable Executable Format
  • IAT and EAT
  • Parsing PE file Format
  • Windows Architecture
  • Windows APIs Essentials
  • Shellcode Development on Windows
  • Hiding Your Shellcode using Various Techniques
  • Encoding and Encrypting Shellcode
  • DLL Sideloading
  • Process Injection Techniques
    • Remote DLL Injection
    • QueueUserAPC Injection
    • Mapview Injection
    • Thread Hijacking
    • Module Stomping

Day 2:

  • PInvoke & DInvoke
  • Hooking Using Frida
  • Hooking Manually using C/C++
  • Hooking to bypass AMSI & ETW
  • Hooking using Vectored Exception Handler
  • Bypassing AMSI & ETW via patching Hooking
  • Reflective DLL Injection
  • Shellcode Reflective DLL Injection
  • Direct and Indirect Syscalls

WHAT TO BRING?

  • A laptop with at least 8 GB RAM having either VMware or VirtualBox

WHO SHOULD ATTEND:

  • Penetration Testers / Red Teams
  • Blue Teams
  • Malware Developers
  • Threat Hunter

PREREQUISITES:

  • Comfortable with writing code in C++ and C
  • Basic understanding of the Windows environment

WHAT TO EXPECT?

You can expect to gain hands-on experience in malware development during this training. Experienced instructors will deliver the training with years of practical experience in red teaming and are well-versed in the latest trends and techniques.

The training will be divided into modules covering various topics related to malware development, and each module will consist of a theoretical lecture followed by hands-on demonstrations and practical exercises, allowing you to apply what you have learned in a simulated environment.

You can also expect to network and collaborate with other participants in the training and the instructors, who will be available to provide guidance and answer any questions. By the end of the training, you will have a solid understanding of malware development and be equipped with the knowledge and skills needed to perform effective red teaming and penetration testing activities professionally.

WHAT ATTENDEES WILL GET

All course material, including commands, slides and source code snippets for malware Additionally, technical support will be extended during and after the training class. Participants will be provided with a customized virtual machine with the necessary tools required for the training pre-installed.

WHAT NOT TO EXPECT

  • 0 days or exploit development knowledge
  • Bypasses on commercial security products

Trainer

vulncon
Arun Nair
Security Researcher

Arun is an experienced Red Teamer with specialized expertise in malware development and evasion. Holding certifications like OSCP, CRTP, CRTL, CodeMachine Malware Techniques, Malware on Steroids and Hacksys Windows Kernel Exploitation, he showcases a strong grasp in offensive security. His hands-on experience with top-tier organisations like Google and Mandiant enriches his understanding of real-world cyber tactics. He has volunteered as a trainer at Blackhat Europe MIPS Exploit Development, contributed at Defcon Adversary Village, and presented talks and workshops at RedTeamSummit, c0c0n, RingZer0, Bsides Transylvania, HackSpaceCon and regional Null Meetups.

vulncon
Aravind Prakash
Red Team Operator, Resillion

Aravind is an experienced Red Teamer working in Resillion with a strong background in offensive security and a passion for malware development. With multiple certifications, including CRTL (Certified Red Team Lead), CRTO , CRTE , CRTP etc and having conducted numerous engagements, Aravind has gained valuable insights into the tactics used by real-world adversaries. Their expertise allows them to simulate attacks and identify system and network vulnerabilities. He has also been invited as a speaker and trainer at international conferences like HackspaceCon, c0c0n, CactusCon etc.