Malware Development
Notes on malware development.
Disclaimer: These notes are to be used only for ethical, legal purposes. I am not an expert malware developer. I’m an ethical hacker who, in the course of my learnings, has discovered that there is a relative lack of free resources on the subject of malware development. In my opinion, this means that the bad guys have a leg up on defenders and the white hat community. I started taking detailed notes on malware development as I learn this topic, and decided to post them in the hopes that they may be helpful to other folks interested in this sort of thing. Hopefully these notes will help bring balance to the force in some small way.
Notes on The Art of Malware Development
0: Introduction to malware development: The introduction covers what malware is and why malware development is a great skill for penetration testers and red teamers.
1: Tools of the trade: An overview of the software used for malware development. VMs, IDEs, utilities, etc.
2: Portable Executable (PE) Files: The PE file format, used for .exe and .dll files.
— 2a: DOS Header
— 2b: DOS Stub
— 2c: Rich Header
— 2d: NT Headers
—- 2d1: PE Signature
—- 2d2: File Header
—- 2d3: Optional Header
—— 2d3a: Data Directories
— 2e: Section Table / Section Headers
— 2f: Sections
3: Windows Processes: Applications, processes, threads, handles, and the function calls used by a process to access the Windows kernel.
General Comments on Learning Malware Development
The following topics are super helpful when it comes to learning malware and are out of scope for these notes:
- C/C++ programming
- Assembly programming
- Reverse engineering
- Command and control (C2) software use and development
I haven’t found a single course of study on malware development that includes all of these things, probably because it would 10x the work required to make a course on malware development, but perhaps also because these topics are best studied on their own terms. An attempt to combine all of these topics into a single course would likely to do a disservice to all of them.
What seems to work best for me has been to lean on different resources for these things. I’m not remotely close to being an expert in any of them, but I think that as I’ve learned it’s been really helpful to try to progress in each of them to a certain degree.
Personally, I’ve leaned heavily on OST2 (Open Security Training) for learning assembly and reverse engineering, and I really can’t recommend it enough. For C2 stuff there are also a few courses out there and a lot of helpful Github projects, notes, and helpful conference talks.
Eventually I may post notes on some of these topics.
Other Resources Helpful For Learning Malware Development
As I develop these notes I will also build this section out as a comprehensive resource for the content I’ve found most helpful in my own journey in learning to develop malware.
Malware Development Courses
The following are paid courses that I’ve personally used in my journey to learn malware development.
Sektor7 Institute – Great courses. The introductory course is available on Udemy for a very small price.
Maldev Academy – Amazing, comprehensive course. A little pricey but worth it.
Reverse Engineering Courses
Open Security Training (OST2) – An incredible resource. Free courses on assembly, reverse engineering, and much more! If you are totally new to RE and/or malware development, this is a great place to start. Also check out their YouTube channel, which has videos for older courses.
Malware Unicorn – Free, high quality workshops on reverse engineering, PE injection, and more. These are a little short but very well done.
Other Stuff
0xRick’s Blog – Great articles on portable executables (PEs) and various other topics of interest.
Geoff Chappell is a well known software analyst and reverse engineer who has created an enormously inspiring website with a ton of great information on Windows architecture. There’s a lot of helpful information that I haven’t seen anywhere else.
Flippy Bit And The Attack Of The Hexadecimals From Base 16 – Fun game to get good at converting between hex and binary. OST2 recommends being able to score at least 25 before learning assembly so that you can just master this simple skill and then convert quickly in your head. A few hours well spent and surprisingly fun.
This assembly language course on Electronics Reference is pretty good, but I’m biased.