Skip to main content
HashnodeNull Threat LabsNull Threat Labs

Command Palette

Search for a command to run...

MalDev Horizons

Updated
3 min read
MalDev Horizons
A
Anton Johnson
Part of seriesMalware Development

After passing multiple entry and intermediate level offensive security certifications such as the OSCP, CPTS, CRTP and most recently the CRTO, I’ve decided to take a break from certifications (unless the new RTO II drops) and dive into the world of malware development and OPSEC.

Inspiration

This inspiration first struck my soul after getting gobbled up by EDR and setting off numerous alerts two past engagements. I purchased the MalDev Academy Malware Development Course bundle but then quickly remembered that I actually know very little about how computers work at a low-level along with programming in Assembly language or C 🤠

I then decided to take the new CRTO course and exam from Zero-Point Security due to its high praises on the teachings of OPSEC and using the industry standard C2 Cobalt Strike.

The exam scores are based on achieving the objective and maintaining good OPSEC. I failed my first attempt due to poor OPSEC and getting stuck on the final step of the objective (I overlooked something very simple lol). For the OPSEC portion, I specifically lost points on the Malware section where points are deducted if Defender detects malware on a host.

The second time around I passed with obtaining the objective and having a perfect score on all other OPSEC considerations which was nice, I still lost points in the Malware section because my beacon was detected a few times 😅

The master plan

After talking to my good friend Muhannad he mentioned that I should take a look at OpenSecurityTraining2’s Architecture 1001: x86-64 Assembly free course to learn how computers work at one of the lowest levels before diving into C and malware development so my base could be even stronger.

That suggestion got me thinking:

“Man, the l337est hackers didn’t have all these tools and resources to their disposal like I do and they still know more than I do.”

With that thought, I decided to go low-level 😼

I’ve created the following roadmap to do just that.

  1. Learn x86-64 ASM using the Architecture 1001: x86-64 Assembly from OpenSecurityTraining2’s

  2. Learn C using W3school’s free C course and create various projects and applications to hammer the language into my brain.

  3. Dive into Maldev Academy’s Malware Development Couse and complete every module and challenge lab

  4. Take the RTO II course (CRTL) and really take my time going through the material

  5. Pwn all of (or at least the majority) of the HTB Pro Labs with proper OPSEC, custom payloads and a C2

  6. Seek therapy to address the lingering imposter syndrome for being in the offensive security sphere🫠

Outro

With this roadmap in front of me I’ll be sharing my journey and things I’ve learnt along the way within this blog for the other noobs that also want to be L337.

No promises that I’ll be consistent though since writing these does take a sometime :D

Happy hacking 😸

Comments

Join the discussion

No comments yet. Be the first to comment.

Malware Development

Part 2 of 2

Malware development research.

Start from the beginning

Building a Noob Shellcode Loader

Disclaimer ❗ This blog is intended for educational and research purposes only. The content shared here is meant to help readers understand how malware and offensive techniques work so they can better defend against them. I do not encourage or suppor...

More from this blog

N

Null Threat Labs

4 posts

Cybersecurity research.