Offensive Tradecraft Development
Oct 4th and 5th, 2023Grand Hyatt, Kochi, India
WS-11
Offensive Tradecraft Development
This comprehensive training program aims to equip participants with the knowledge and skills to develop evasive malware for responsible red teaming. Through theoretical lectures, hands-on demonstrations, and practical exercises, participants will gain an in-depth understanding of the latest malware development techniques
In addition, participants will learn how to create malware that can evade detection and infiltrate targeted systems while adhering to ethical guidelines and legal boundaries.
By the end of this training program, participants will comprehensively understand the latest malware development techniques and how to apply them responsibly. In addition, they will be equipped with the necessary skills to develop customised malware suited for red team operations.
Course Content (ToC):
- Day 1: - Offensive Tradecraft Development - Basics
- PE file format and parsing
- IAT
- EAT
- Imports
- Exports
- Encrypting and encoding payloads to bypass signature detection
- Windows API essentials
- NTAPI
- Data types in Windows
- Pinvoke
- Dinvoke
- Syswhispers and the concept of direct syscalls
- Process Injection Techniques
- Simple shellcode runner
- Simple process injection
- Process Injection via callbacks
- Queue User APC Injection
- Early Bird APC Queue Code Injection
- Map-view injection
- Thread Execution Hijacking
- PE file format and parsing
- Day 2: - Offensive Tradecraft Development - Advanced
- AV/Signature bypass
- Reflective Injection
- Shellcode Reflective DLL Injection (sRDI)
- ETW and AMSI bypass (via patching and patchless)
- PPID spoofing
- Cmdline spoofing
- EDR Evasion Techniques
- IAT Unhooking
- Detours
- Indirect syscalls
- NTDLL unhooking
- Hells Gate
- Heaven’s gate
Pre-requisite:
- Comfortable with writing code in C# and C
- Basic understanding of the Windows environment
Participants Requirements:
- A laptop with at least 16GB RAM having either VMware or VirtualBox
- Linux and Windows VMs Installed
Duration:
2 Days
Who should attend
- Penetration Testers / Red Teams
- Blue Teams
- Malware Developers
- Threat Hunting Team
What to expect:
You can expect to gain hands-on experience in malware development during this training. Experienced instructors will deliver the training with years of practical experience in red teaming and are well-versed in the latest trends and techniques.
The training will be divided into modules covering various topics related to malware development, and each module will consist of a theoretical lecture followed by hands-on demonstrations and practical exercises, allowing you to apply what you have learned in a simulated environment.
You can also expect to network and collaborate with other participants in the training and the instructors, who will be available to provide guidance and answer any questions.
By the end of the training, you will have a solid understanding of malware development and be equipped with the knowledge and skills needed to perform effective red teaming and penetration testing activities professionally.
What not to expect
- 0 days or exploit development knowledge
- Bypasses on commercial security products
What attendees will get
All course material, including commands, slides and source code snippets for malwareAdditionally, technical support will be extended during and after the training class
Speakers
Arun Nair
Independent Security Researcher , India Arun is a skilled Red Teamer with extensive malware development and evasion expertise. With a strong background in offensive security, Arun possesses a range of certifications, including the Offensive Security Certified Professional (OSCP), CodeMachine Malware Techniques, and Malware on Steroids. These certifications demonstrate Arun's deep understanding of advanced strategies and techniques involved in malware development. Arun has honed this knowledge through practical experience from working with renowned organizations such as Google and Mandiant. These engagements have provided Arun with invaluable insights into the tactics employed by real-world adversaries. With his comprehensive skill set and hands-on experience, Arun is well-equipped to tackle the most sophisticated cybersecurity and red teaming challenges.
Aravind Prakash
Red Team Operator , Resillion , India Aravind is an experienced Red Teamer working in Resillion with a strong background in offensive security and a passion for malware development. With multiple certifications, including CRTP, CRTE and CRTO. Having conducted numerous engagements, Aravind has gained valuable insights into the tactics used by real-world adversaries. Their expertise allows them to simulate attacks and identify system and network vulnerabilities.
Soumyadeep Basu
Cloud Threat Detection Engineer , CRED , India Soumyadeep is a cybersecurity professional with expertise in both offensive and defensive security. Having earned certifications such as OSCP, OSEP, eCPTX and AZ-500, Soumyadeep possesses extensive skills and knowledge in both offensive and defensive cybersecurity domains. Soumyadeep has a strong foundation in red teaming and has worked with red team consulting companies like Mandiant and Payatu. Soumyadeep is a Cloud Threat Detection Engineer at CRED, specializing in identifying and mitigating cloud-based security threats.
ORGANIZED BY
ORGANIZING PARTNERS
PLATINUM SPONSORS
GOLD SPONSORS
SILVER SPONSORS
BRONZE SPONSORS
COMMUNITY PARTNERS
NETWORKING PARTNER
MEDIA PARTNERS
STRATEGIC PARTNER
Jet Suit demo partner