Socials
Twitter: https://twitter.com/Mako_Sec GitHub: https://github.com/MakoSec
Disclaimer
This post talks about Malware Development in a strictly red teaming manner and is intended for people who are infecting systems with the consent of those who own them.
Introduction
As I continue to work on stuff for work / learning purposes I found myself focusing more and more on the malware development space of Information Security. As I continue to grow this blog that is likely the space I’m going to focus on for a majority of the content. With that in mind, I thought it would be valuable to provide others who want to explore this space a good road map to start off with. While there are tons of resources to learn, it can get overwhelming and I hope this can serve as a starting point for people. Please keep in mind, I am a beginner in this field myself and have only been exploring it deeply for about a year now. If anyone reading this has any suggestions please send them my way and I will be happy to update this.
Learn Basic Programming
Malware Development is essentially just programming for a very niche purpose, to infect systems (with consent of course). In a red team / pentest manner, this typically is done with the goal to establish a C2 (Command and Control) session within a target organization. While malware is typically written exclusively in compiled languages such as C/C++, C#, Nim, GOlang, etc. It is not necessarily required to start off learning those languages. Personally, I would recommend learning programming with a language like Python as its simplicity allows you to easily digest and understand topics in programming that can be translated to lower level languages such as C/C++. Here are some resources to get started in Python.
- Python Complete Course For Beginners
https://www.udemy.com/course/python-complete-course-for-beginners/
- Top 13 Resources To Learn Python Programming
https://towardsdatascience.com/top-13-resources-to-learn-python-programming-46f3b0b74b91
Once you have a solid foundation with general programming knowledge you will need to understand some aspects of programming that python simply doesn’t teach. For example, you will have to understand allocating / managing memory and data types such as pointers. This is where it is best to become acquainted with some C# or C++. There are tons of free resources to do this but here are some, keep in mind you don’t have to aim to be an expert in programming with C# or C++ to write malware with those languages, however a basic understanding is necessary.
Writing Malware
Once a cursory understanding of programming and C# or C/C++ is acquired move onto learning Malware Development specific things. To start, I highly recommend this Defcon C# workshop. It touches on a lot of offensive C# basics and is a great place to begin. Another great place to start is this blog series by Paranoid Ninja. His blogs are always very well detailed and while it might not be possible to digest all of it right away, read it a couple times to ensure you understand the concepts.
However, the best resource for starting off in Malware Development are the courses offered by Sektor7 which can be found here. The essentials course takes you through understanding the PE file format to basic shellcode injection and payload obfuscation. The intermediate course ramps things up significantly and teaches more complex methods of process injection. It also teaches concepts like API hooking, DLL injection, and creating importless PE files. They are great courses and extremely affordable, with the intermediate course running only $229.
Another great resource offered completely for free is ired.team from @spotheplanet. This page contains a ton of useful information that goes well beyond malware development. I would also highly recommend finding some good blogs that discuss things like Malware Development such as the ones I listed in this post.
Some other interesting things to look at is the offensive Nim repository by byt3bleed3r. Content surrounding the tool Donut created by TheWover. Or DInvoke also created by TheWover.
Conclusion
This was a simple primer containing some resources people who want to explore Malware Development can check out. This is by no means a comprehensive list as there are so many things in this space to cover such as payload delivery, AV evasion, lateral movement, evading logs, etc. I hope to post more content regarding tons of things malware development in the near future. Again, if anyone has anything to add to this please let me know!