Offensive Tool Development

Windows focused course on custom C2, implant and post-exploitation techniques programming primarily using Rust for offensive / red team operations. Includes hypervisor + rootkit dev, custom design and implementation of techniques.

Buy $3,200.00

Course curriculum

Windows-focused course on modern offensive techniques developed from scratch leveraging Rust

1. Important Information
2. High-Level Overview
3. Windows Internals & x86-64 Primer
4. Public Code Analysis & Operational Concerns
5. Initial Development Environment Setup
6. Rust Notes
1. First Challenge: Our Own GetProcAddress Implementation
2. First Challenge Solution Pt.1: Exploring GetProcAddress
3. First Challenge Solution Pt.2: Exploring GetModuleHandle & the PEB
4. First Challenge Solution Pt.3: Finalizing our Custom Module Finder
5. First Challenge Solution Pt.4: Thread Safety & Cleanup
6. First Challenge Solution Pt.3: Notes & Current Code
7. First Challenge Solution Pt.5: Defining the PE32+ Format
8. First Challenge Solution Pt.6: Parsing In-Mem Modules
9. First Challenge Solution Pt.7: Continuing Parser Development
10. First Challenge Solution Pt.8: Forwarder Checks & Export Tables
11. First Challenge Solution Pt.9: Finalization
12. Creating our Custom COFF Loader: Design
13. Custom COFF Loader: Initial Files
14. COFF Loader Challenge Description: Symbols
15. Note: Windows APIs & Rust
16. COFF Loader Challenge: Notes
17. COFF Loader Solution
18. COFF Loader Solution Files
19. Process Injection Purpose, Methods & Code
20. Process Injection (Duplicate Object + Sections) Sample w/ Rust
1. C2 Comm Concepts, Management & Notes + VT Hash Challenge
2. VT Hash Solution
3. VT Hash Solution Files
4. Server & Implant Comms Over HTTP/2 w/ Protobuf & Serde
5. Server & Implant Files
1. Overview of EDR & AV Internals
2. Target Analysis, Technique Discovery & Bypass Theory + Challenge
3. Avoiding All Hooks & Unhooking via In-Mem Disassembly + Solution
4. In-Mem Disassembly + Unhooking Source
5. Developing a Custom Rust MiniDumper (MiniDump Format Specification & Avoiding Hooks)
6. Custom Rust MiniDumper Solution (Tokens, Getting System, PssWalk* APIs + More)
7. Custom Rust MiniDumper Source Code
8. Stack Trace Obfuscation
9. Stack Trace Obfuscation Solution
10. Stack Trace Obfuscation Solution Files
1. Intro to Kernel Rootkits
2. Kernel Debugging Environment Setup
3. Analysis of our Custom Protection Kernel Driver
4. Custom Protection Kernel Rootkit Source
1. Initial Hypervisor Theory
2. Creating the HyperCore & HyperWin Projects
3. Deploying & Testing our Initial Code
4. Detecting VMX & Existing Hypervisors
5. VMXON Requirements
6. Custom Spinlocks & Global Allocators
7. Creating a VP
8. Executing on all Logical Processors
9. VMCS Fields & Initialization
10. VMCS Fields & Initialization pt.2
11. VMCS Fields & Initialization pt.3
12. VMCS Fields & Initialization pt.4
13. VMCS Fields & Initialization pt.5
14. VMCS, DPCs & Kernel Debugging
15. Code Cleanup & VMLAUNCH
16. Hypervisor Code (So Far)
17. Hypervisor Code (Working)
1. Assignment: 32bit Support for PE Loader
2. Assignment: C2 Process List

About this course

$3,200.00
64 lessons
High & low level dive into offensive security tooling w/ Rust. Create custom loaders, Kernel rootkits, Hypervisor implants & more.
12-month access to the course

Learnings

Here's a tiny sample of the learnings you'll achieve throughout this course

Accurately assess capability requirements for offensive operations, examining trade-offs between time & effort of approaches and planning an offensive toolkit (design, features, documentation, logging, etc)
Perform fine-grained manipulations on processes & memory (e.g. manually loading PE32/32+ files, COFF files + more in pure no_std Rust)
Write custom blue-pill Hypervisors and Kernel rootkits as part of our advanced module development section
Create completely custom Rust-based tooling that contains both our own custom designed approach to techniques, but also cherry-picks useful techniques seen in APTs or commercial toolkits (all completely implemented ourselves in Rust, no copy-pasting code) while accounting for weaknesses identified in certain external toolkits
Deep-dive into EDRs and AVs, actively reversing samples to identify gaps and understand its operations at the code level, gaining an in-depth understanding how it integrates into the OS

Course Benefits

A tiny portion of the benefits you receive with this course

Beginner & Advanced content, creating our code from scratch and walking through the design & decision making process for our custom tooling
Community pages to engage with discussions between peers & instructor, with ongoing support after the course & extra workshops / live Q&A sessions
(Optional) Assessments & completions certificates to show you've retained the information presented and are comfortable programming offensive techniques in Rust, in the context of completely custom design->implementations alongside extracting designs and re-implementing them from APTs
Frequent updates & revisions -- access the latest in offensive Rust tooling

Student Reviews

View what some of our previous students thought of our course

Syllabus is amazing.

Farid Akifzada

For now I can't finish the course, but course content is very promising. I hope there will be more content like this.

Read Less