90% of my Twitter DMs are asking me about how to start getting into Malware development. Well, I love answering them but it's easier to write a small thread about it so here we go.
1/12
1/12
First, we gotta learn some fundamentals.
I would highly recommend learning following things:
Win32 API
Networking (Communicate over HTTP/s, DNS, ICMP)
Encryption (basic use of Aes, Xor, Rc4, etc.)
Injection Techniques
Learn how to use Debuggers. trust me you gonna need this
2/12
I would highly recommend learning following things:
Win32 API
Networking (Communicate over HTTP/s, DNS, ICMP)
Encryption (basic use of Aes, Xor, Rc4, etc.)
Injection Techniques
Learn how to use Debuggers. trust me you gonna need this
2/12
So alright the first resource I recommend going through is the maelstrom blog post series from @preemptdev:
pre.empt.dev
3/12
pre.empt.dev
3/12
Read the source code of already existing open source C2s like Metasploits Meterpreter, Empire Framework, SharpC2, Shadow.
These projects contain so much info and code on how to:
make malware modular using reflective loaders/code injection, communicate with the C2, and more.
4/12
These projects contain so much info and code on how to:
make malware modular using reflective loaders/code injection, communicate with the C2, and more.
4/12
Another great "write your own C2 blog post series" is the one from @Ahm3d_H3sham
0xrick.github.io/misc/c2/
5/12
0xrick.github.io/misc/c2/
5/12
Great courses I really recommend taking is by @SEKTOR7net:
(Beginner) institute.sektor7.net/red-team-opera…
(Intermediate) institute.sektor7.net/rto-maldev-int…
Worth the money
6/12
(Beginner) institute.sektor7.net/red-team-opera…
(Intermediate) institute.sektor7.net/rto-maldev-int…
Worth the money
6/12
A website I recommend bookmark is by @CaptMeelo
captmeelo.com
Some very good blogs about evading AVs, Process Injection, native API, and more.
7/12
captmeelo.com
Some very good blogs about evading AVs, Process Injection, native API, and more.
7/12
I would recommend you to read a few of my Projects. I wrote them to learn how specific techniques work.
For example:
I wrote KaynLdr to learn how Reflective Loaders work (same with CoffeeLdr)
github.com/Cracked5pider
8/12
For example:
I wrote KaynLdr to learn how Reflective Loaders work (same with CoffeeLdr)
github.com/Cracked5pider
8/12
Another amazing place to learn malware development is of course @vxunderground
vx-underground.org is one of the best places to learn malware development. They have papers, projects, code snippets, and samples to reverse.
9/12
vx-underground.org is one of the best places to learn malware development. They have papers, projects, code snippets, and samples to reverse.
9/12
People I really recommend following and looking into their projects/courses/blogs/talks/tweets are:
@0xBoku
@trickster012
@s4ntiago_p
@kyleavery_
@SolomonSklash
@GeKarantzas
@_xpn_
@_RastaMouse
@am0nsec
@LittleJoeTables
10/12
@0xBoku
@trickster012
@s4ntiago_p
@kyleavery_
@SolomonSklash
@GeKarantzas
@_xpn_
@_RastaMouse
@am0nsec
@LittleJoeTables
10/12
Another list of people I really recommend following and looking into their projects/courses/blogs/talks/tweets are:
@ilove2pwn_
@ORCA10K
@rad9800
@modexpblog
@peterwintrsmith
@passthehashbrwn
@waldoirc
@Und3rf10w
@MrUn1k0d3r
@chvancooten
11/12
@ilove2pwn_
@ORCA10K
@rad9800
@modexpblog
@peterwintrsmith
@passthehashbrwn
@waldoirc
@Und3rf10w
@MrUn1k0d3r
@chvancooten
11/12
Learn how to use google lol
I learned nearly everything from public resources.
12/12
I learned nearly everything from public resources.
12/12
• • •
Missing some Tweet in this thread? You can try to
force a refresh
