Come join White Knight Labs as they teach customized courses on malware development!
Topics that will be covered are: AMSI/ETW bypass, writing shellcode, writing BOFS, malleable C2 profile, various process injection techniques, hiding strings and imports, and more.
Block 1 – Intro to AV Evasion - 9:00 AM - 11:00 AM
hiding malicious strings
hiding malicious imports in the IAT
pros/cons of encryption/encoding shellcode
Block 2 – PE/COFF Primer - 11:00 AM - 1:00 PM
sections and purposes of the PE file format
storing shellcode in different sections
using and writing BOFs
Block 3 – Process Injection and Loaders - 2:00 PM - 4:00 PM
vanilla local and remote process injection
kernel callback for shellcode execution
Dirty Vanity and MockingJay
Block 4 – Writing Shellcode by Hand - 4:00 PM - 6:00 PM
intro to Assembly and memory registers
Participants should have basic knowledge of the following: AV/EDR, C/C# programming, C2 basics, Windows APIs
Participants need to bring the following: laptop /w 16GB RAM minimum and 1 x external monitor is recommended
The following software should be installed: IDA community, nasm, WSL2, VS Code
This is deeply technical hands-on training, get a night’s sleep and drink coffee. All the coffee.
Date & Time
September 8, 2023 | 9:00 AM - 6:00 PM | All 4 Blocks will be taught throughout the day, in 2-hour intervals
Jefferson Community and Technical College (JCTC) - 110 W Chestnut St, Louisville, KY 40202
Greg’s time in Army Special Forces and teaching at the NSA gives him a unique background for conducting full-scope offensive cyber operations. Greg has also led a traveling CISA red team that simulated attacks on America’s infrastructure. He has led over 100 penetration tests that include network, cloud, mobile, web app, API technologies – but his heart belongs to the cloud Windows malware development. He has authored and taught courses at DerbyCon, Wild West Hackin’ Fest, Calvin University, Antisyphon, and the HackDown Summit.
Greg holds the following certifications: GIAC Certified Penetration Tester (GPEN),GIAC Exploit Researcher and Advanced Penetration Tester (GXPN), GIAC Web Application Penetration Tester (GWAPT), and Certified Red Team Professional (CRTP), and 10-ish more. Greg lives in rural Michigan with his family. He is a weightlifter with an ultra-running problem.
During the last 10 years, John has worked in the following roles: blue team lead, developer, and senior penetration tester. John has led multiple red teams over the years, including filling the role of red team for F-Secure for the western hemisphere. Focused mostly on exploit development and offensive cyber operations, he has: led red team engagements in highly complex Fortune 500 companies, worked hand-in-hand with Microsoft to increase kernel security for the Windows 10 operating system, and is very proficient at surreptitious entry and alarm/lock bypass during physical penetration tests. He has authored and taught several courses at BlackHat, DerbyCon, Wild West Hackin’ Fest, Antisyphon, and the HackDown Summit.
John holds the following certificates: Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE), Certified Red Team Expert (CRTE), and SLAE64. John lives on a maple syrup farm in rural Pennsylvania with his family. He was recently bullied by his business partner to get back into running and now is completely addicted to it.