Register Online

Contact Info

(+91)-974-690-6654
support@c0c0n.org

Social Links

WS-14

Home WorkshopsOffensive Tradecraft Development

Offensive Tradecraft Development

07-09 October, 2025

WORKSHOP OBJECTIVE

This comprehensive training program aims to equip participants with the knowledge and skills to develop evasive malware for responsible red teaming. Through theoretical lectures, hands-on demonstrations, and practical exercises, participants will gain an in-depth understanding of the latest malware development techniques.

In addition, participants will learn how to create malware that can evade detection and infiltrate targeted systems while adhering to ethical guidelines and legal boundaries.

By the end of this training program, participants will comprehensively understand the latest malware development techniques and how to apply them responsibly. In addition, they will be equipped with the necessary skills to develop customised malware suited for red team operations.

PARTICIPANT'S REQUIREMENTS

  •      A laptop with at least 16GB of RAM, having either VMware or VirtualBox
  •      Linux and Windows VMs Installed

PRE-REQUISITE

  •     Comfortable with writing code in C# and C
  •     Basic understanding of the Windows environment

WHO SHOULD ATTEND

  •      Penetration Testers / Red Teams
  •      Blue Teams
  •      Malware Analysts
  •      Threat Hunting Team

WHAT TO EXPECT

  •   During this training, you can expect to gain hands-on experience in tradecraft development. Experienced instructors with years of practical experience in red teaming will deliver the training and be well-versed in the latest trends and techniques.
  •   The training will be divided into modules covering various topics related to tradecraft development. Each module will consist of a theoretical lecture followed by hands-on demonstrations and practical exercises, allowing you to apply what you have learned in a simulated environment.
  •   You can also expect to network and collaborate with other participants in the training and the instructors, who will be available to provide guidance and answer any questions.
  •   By the end of the training, you will have a solid understanding of tradecraft development and be equipped with the knowledge and skills needed to perform effective red teaming and penetration testing activities professionally.

WHAT NOT TO EXPECT

  •     0 days or exploit development knowledge
  •     Bypasses on commercial security products

WHAT ATTENDEES WILL GET

  •     All course material, including commands, slides and source code snippets for malwareAdditionally, technical support will be extended during and after the training class.

AUDIENCE LEVEL

Intermediate; Advanced

DURATION

3 Days

Trainers

Arun Nair

Senior Security Consultant, RedSeer

Aravind Prakash

Security Consultant, Optiv

Soumyadeep Basu

Sr. Security Engineer, GoDaddy

Training Plan

  • Day 1: Foundations of Tradecraft Development
    • PE File Format and Parsing
      • Portable Executable (PE) structure fundamentals
      • Import Address Table (IAT)
      • Export Address Table (EAT)
      • Import directory analysis
      • Export directory analysis
    • Basic Shellcode Development
      • Intro to Shellcode Development
      • x86/x64 Instruction set basics
      • Converting Assembly to raw bytes
      • Position Independent Code (PIC)
      • Hiding your shellcode
    • Encryption and Encoding Techniques
      • Payload obfuscation methods - XOR, AES, Base64
      • Common encoding algorithms
      • Signature detection bypass strategies
    • Windows API Essentials
      • Intro to Processes, Memory, Threads and Tokens
      • Introduction to Windows System Programming (Win API)
        • Data Types
        • Structures
        • Pointers
      • Programming using commonly used windows api in maldev
      • NT API fundamentals
      • Windows data type architecture
      • Function call obfuscation
      • P/Invoke (Platform Invocation Services)
      • D/Invoke (Dynamic Invocation)
      • Syswhispers framework
      • Direct syscall implementation
    • Process Injection Techniques
      • Basic shellcode runner development
      • Standard process injection methods
      • Remote DLL Injection
      • Callback-based process injection
      • Queue User APC Injection
      • Early Bird APC Queue Code Injection
      • Map-view injection approach
      • Thread Execution Hijacking
  • Day 2: Tradecraft Development Intermediate
    • Evasion Fundamentals
      • Antivirus signature bypass techniques
      • Module Stomping
      • Dynamic API Loading
      • Binary Signing
      • DLL Hijacking and Sideloading
      • DLL Proxying
    • Advanced Injection Techniques
      • Reflective Injection methodology
      • Shellcode Reflective DLL Injection (sRDI)
      • Process MockingJay
      • Early Cascade Injection
      • Early Cryo-Bird Injection
      • Threadless Injection / Remote Function Stomping
      • Waiting Thread Hijacking
  • Day 3: Tradecraft Development Advanced
    • Security Controls in Windows
      • Windows Events
      • AMSI internals
      • ETW internals
        • EtwTi (Threat-Intelligence (TI) etw provider)
        • .Net runtime tracing
    • Security Controls Bypasses
      • Event Tracing for Windows (ETW) bypass
        • Patching methods
        • Patchless techniques
      • Antimalware Scan Interface (AMSI) bypass
        • Patching method
        • Patchless technique
    • Process Manipulation
      • Parent Process ID (PPID) spoofing
      • Command line argument spoofing
    • Hooking Windows APIs
      • Inline Function Hooking
      • IAT Hooking
      • Microsoft Detours
      • AMSI Hooking (and bypass) using Frida
    • EDR Evasion Techniques
      • Import Address Table (IAT) unhooking
      • Detours implementation and bypass
      • Direct and Indirect syscall
      • NTDLL unhooking methods
      • Hell's Gate technique
      • Perun's Fart technique
      • Heaven's Gate technique
    • Capstone Project
      • Building a custom EDR evasive loader

Book your seat Now

Workshops

Windows Kernel Exploitation Foundation & Advanced Training
Read More
Multi-Cloud (AWS, Azure & GCP) Security [2025 Edition]
Read More
Offensive OSINT
Read More
Android Security Primer
Read More
Automotive Security: A Hands-On Approach
Read More
Mastering Telecom Security: A Hands-on Guide to RAN & Core Network Protection
Read More
Hands on in Signal intelligence, Electronic Warfare, and CEMA for Security Applications
Read More
StealthOps: Red Team Operations 2025 Edition
Read More
HackTheWeb: Pentesting Beyond Basics
Read More
Secure Code Audit Exclusive Edition
Read More
Hacking Android, iOS and IoT apps by Example
Read More
Attacking CI CD Environments
Read More
Breaking Smart Kiosks with Windows 11 OS Hardening
Read More
Offensive Tradecraft Development

COMMUNITY PARTNERS

INDUSTRY CONFERENCE ALLIES

Contact Us

© Copyright 2025 -c0c0n. All Right Reserved