Offensive Tool Development

Windows-focused course on modern custom C2, implant & post-exploitation techniques developed from scratch leveraging Rust.

Offensive Tool Development | Signal Labs | Advanced Offensive Cybersecurity Training | Self-Paced Trainings | Live Trainings | Virtual Trainings | Custom Private Trainings for Business

High & low level dive into offensive security tooling w/ Rust. Create custom loaders, kernel rootkits, hypervisor implants & more.

Who should take this course?

Red/Purple teams who want to learn advanced techniques (leveraging kernel rootkits for post-exploitation, techniques to bypass EDRs & AVs, quick 0-day hunting techniques to aid with privilege escalation) or those wanting to move away from using third-party tools and develop their own in-house frameworks for C2 & implants, including developing your own modules for post-exploitation tasks (dumping memory, hunting for privilege escalation vectors, obtaining persistence, key logging, etc).

This also applies to those using commercial tooling (e.g. Cobalt Strike) and who want to develop their own modules to extend or modify its capabilities, typically for evasion purposes or to add functionality & techniques not included in the tools.

This course is suitable for both beginners and intermediates, with some particularly advanced concepts (blue-pill hypervisors, 0-day hunting for red teamers) introduced in an easy-to-understand manner.

Course Syllabus

  • Methodology & Approaches (PlayBooks, Attack Lifecycles, APTs)
  • Analyzing Quality & Planning (Production Ready Code, Public Research Code vs Defanged Malware vs Commercial Tooling vs Custom Tooling)
  • Operational Concerns (OpSec, Logging & Artifact Tracking, Implant Metadata)
  • Analysis of Notable Malware & Techniques (Bootkits & Rootkits, Multi-Stage Implants, Unusual C2 Methods, Encryption & Rotating Keys, etc)
  • Software & Hardware Privileges (CPLs, Rings, Privilege Levels, Tokens, VMX/SVM Root/Non-Root)
  • User/Kernel Transitions, Device I/O, Paging
  • Interprocess Mechanisms (Shared Memory, RPC, Pipes, etc)
  • PE32/32+ Format Analysis & Transformation of Source or Shellcode -> Compiled Binary
  • Windows Subsystems & Initial Reverse Engineering 
  • HotPatching (e.g. Hooks/Detours, AppInit / AppCert DLLs, etc)
  • Development Environment Setup (OpSec Concerns)
  • Creating Our Own GetProcAddress (PEB Parsing | In-Memory Module Hunting | Thread Safety | PE32/PE32+ Formats)
  • Creating Our Own COFF Loader
  • Multiple Process Injection Techniques & Analysis (Object Duplication | Memory Mapped Sections | Threadless)
  • EDR Bypasses (Advanced Unhooking w/ In-Memory Disassembling Techniques)
  • Creating a Custom Rust-Based MiniDumper Solution (PssWalk* Apis, Tokens + more)
  • Stack Trace Obfuscation Techniques
  • Creating our Implant, Agent & Server Projects
  • Utilizing HTTP/2 & gRPC w/ Protobuf and Serde
  • Monitoring Assets (w/ VirusTotal APIs)
  • Proxies, Corporate SSL Interception / Stripping, Classification & Bypasses
  • Kernel Development Environment & Debugging Setup
  • Creating a Custom Protection Driver w/ Rust
  • Creating Our Own Custom Blue-Pill Hypervisor from Scratch (Intel VMX)

This course covers custom tool development for offensive security campaigns at the user, kernel and hypervisor levels. Write your own custom code in Rust from scratch, covering both the high-level design of our code to complete guided walkthroughs of our custom code development process, including our own Rust-based COFF loaders, anti-EDR modules, C2 server and agents, kernel rootkits, hypervisor implants and more.

Course Benefits

Beginner & Advanced Content with Live Demonstrations

Community Environment to Engage in Discussions with Peers & Instructor

Live Q&A Sessions & Ongoing Support After the Course

Frequently Updated Content with the Latest Techniques & Tools

Custom Code Developed by Signal Labs for Students

(Optional) Assessments & Completion Certificates

What makes Signal Labs self-paced courses different?

A firsthand look at our innovative self-paced course content.

Self-Paced Training

$3,200.00 USD

  • 61 Self-Paced Lessons.
  • 12-month access to the course.
  • Multiple hands-on exercises for each section.
  • Write custom blue-pill Hypervisors and Kernel rootkits.
  • Create completely custom Rust-based tooling.
  • Deep-dive into EDRs and AVs.
  • Community pages to engage with discussions between peers & instructor.
  • Course Materials: Recorded Content, Code Files.
  • (Optional) Assessments & completion certificates.
  • Note: Training platform access supports Windows and MacOS machines only.

*For larger business teams, reach out for custom packages.

Christopher Vella | Signal Labs | Advanced Offensive Cybersecurity Training | Self-Paced Trainings | Live Trainings | Virtual Trainings | Custom Private Trainings for Business

Instructor

Christopher Vella has extensive experience with red teaming and offensive operations, having performed them for a large range of clients including multiple high-profile banks, sensitive environments including air-traffic control systems, and more.

Christopher also has advanced knowledge of windows internals, kernel development, custom hypervisor development, and vulnerability research, enabling advanced custom tool development and the skills to leverage custom kernel rootkits in offensive operations.

Strong Signals

Stay Connected

We'll let you know when our next live training is scheduled.

Stay Connected

We'll let you know when our next live training is scheduled.

Stay Connected

We'll let you know when our next live training is scheduled.

Stay Connected

We'll let you know when our next live training is scheduled.