Windows malware development: A JMP in the dark
From BruCON 2017
Malware development has always been a subject that has been frowned upon, however it is a valuable skill to possess for Security Specialists as it will help them acquire a better understanding on how Windows operates under the hood. This knowledge can be applied in many fields such as general penetration testing and bug bounties.
Whilst the development of malware is not illegal, as at that point it is still just a piece of software, the distribution and usage of the software on third party systems is still illegal. Therefore, it can be a cumbersome task to piece together all the information, this workshop thus aims to centralize and explain this information in a coherent fashion.
Most modern-day malware uses injection, both for persistence and stealth purposes. During the workshop we will focus on the different injection techniques used, rather than on the malware itself. Stealth will be the common thread, it will become obvious how helpless antivirus software stands in the protection against these type of attacks, even with using defensive techniques such as function hooking.
After this workshop, security researchers will have a solid basis to start from to continue further research.