Dark Side Ops - Malware Dev

Threat Intel reports are constantly being released which document the novel techniques and custom tooling that support real world operations. However, despite access to this information, the industry still lacks many of the fundamentals required to emulate nation state threats, opting instead for "off the shelf" tooling and click-once solutions. These tools abstract the true work required to compromise, engage, and exfiltrate a target network, leaving an operator scrambling when the going gets tough. "Dark Side Ops: Malware Dev" focuses on the goals, challenges, architecture, and operations of advanced persistent threat (APT) tooling. Participants will dive deep into source code to gain a strong understanding of execution vectors, payload generation, automation, staging, command and control, and exfiltration. In addition, participants are given hands-on experience with black hat techniques currently used by hackers to bypass NIDS and HIPS systems, layer 7 web proxies, "next-gen" antivirus, and DLP solutions. At the end of this course students will be able to: Build and modify custom payload droppers, beaconing backdoors, and interactive shells. Implement stealthy command and control methods. Design and automate the creation of sophisticated client-side attacks. Pivot laterally between workstations for large-scale network compromise. Bypass defensive host and network countermeasures such as anti-virus, firewalls, IDS/IPS, SIEMs, and strict egress filtering. Establish custom, stealthy persistence in a target network. Compile and deploy an advanced custom toolkit for exploration, understanding, and real "Red Side" operations. Participants will receive source code to a variety of offensive tools, including custom shells, backdoors, C2 listening posts, and client-side exploitation techniques. To reinforce the knowledge provided through instruction, the modification and creation of the code is the focal point of every lab, allowing participants to take materials home for continued use. ** This is a completely rebuilt version of our previous "Custom Penetration Testing" course. **