Name of Traning:
Offensive Tradecraft Development
A full description of the training:
This intensive training program is designed to empower participants with the expertise and capabilities required for the development of sophisticated tradecraft, tailored for responsible red teaming. Through a combination of comprehensive theoretical lectures, hands-on demonstrations, and practical exercises, participants will acquire an in-depth comprehension of cutting-edge malware development techniques.
Within legal boundaries, this training equips participants with the ability to craft evasive malware that can infiltrate targeted systems while adhering to responsible red teaming practices. By the end of the training, participants will not only possess a comprehensive understanding of the latest malware development techniques but will also be proficient in developing customized malware tailored for red team operations
Outline of the Class
Day 1:
- Portable Executable Format
- IAT and EAT
- Parsing PE file Format
- Windows Architecture
- Windows APIs Essentials
- Shellcode Development on Windows
- Hiding Your Shellcode using Various Techniques
- Encoding and Encrypting Shellcode
- DLL Sideloading
- Process Injection Techniques
- Remote DLL Injection
- QueueUserAPC Injection
- Mapview Injection
- Thread Hijacking
- Module Stomping
Day 2:
- PInvoke & DInvoke
- Hooking Using Frida
- Hooking Manually using C/C++
- Hooking to bypass AMSI & ETW
- Hooking using Vectored Exception Handler
- Bypassing AMSI & ETW via patching Hooking
- Reflective DLL Injection
- Shellcode Reflective DLL Injection
- Direct and Indirect Syscalls
WHAT TO BRING?
- A laptop with at least 8 GB RAM having either VMware or VirtualBox
WHO SHOULD ATTEND:
- Penetration Testers / Red Teams
- Blue Teams
- Malware Developers
- Threat Hunter
PREREQUISITES:
- Comfortable with writing code in C++ and C
- Basic understanding of the Windows environment
WHAT TO EXPECT?
You can expect to gain hands-on experience in malware development during this training. Experienced instructors will deliver the training with years of practical experience in red teaming and are well-versed in the latest trends and techniques.
The training will be divided into modules covering various topics related to malware development, and each module will consist of a theoretical lecture followed by hands-on demonstrations and practical exercises, allowing you to apply what you have learned in a simulated environment.
You can also expect to network and collaborate with other participants in the training and the instructors, who will be available to provide guidance and answer any questions. By the end of the training, you will have a solid understanding of malware development and be equipped with the knowledge and skills needed to perform effective red teaming and penetration testing activities professionally.
WHAT ATTENDEES WILL GET
All course material, including commands, slides and source code snippets for malware Additionally, technical support will be extended during and after the training class. Participants will be provided with a customized virtual machine with the necessary tools required for the training pre-installed.
WHAT NOT TO EXPECT
- 0 days or exploit development knowledge
- Bypasses on commercial security products