Guide For Malware Development

[Inessa_Fevre]

Hi,
I am posting this here. This is a guide for malware development about 34 pages long that I made for myself along with diagrams .
I asked here (previous username was something else) & in many infosec communities on how to be a Malware Developer but didn't had any good response so I searched for myself.

If you do not trust the PDF File ; first download it and run it through a VirusScanner or VirusTotal .

I hope it helps you as it helped me (I keep coming back to it).

This assumes no knowledge of programming /computer science.

Use preferred lab setup as a reference. Do not follow it Toe - Toe. I have for example Win LTSC + Cygwin /Parrot Sec running along with a couple of Text Editors , IDEs and Libraries

Another thing to note, C & C++ are going to go extinct in near future ; Rust programming in Malwares will be widely used.
Python is literally the most bullshit language I have ever come across , do not use it to write actual large codebases.

https://mega.nz/file/Ys5wHbRa#wiyg-UYyTV...zWgjyN_y_s

Also have a look at this:
https://github.com/ronin-rb

Next up: Sektor 7 Malware Certs are shit I guess, same for SANS . If you want them , there is a website called hide01.ir that provides lab+book+video of every infosec cert.
Assoicated with HideZeroOne , is another group called Library-Sec-IR : These guys mantain a plethora of books related to topics in Advance Malware Development , APTs and Anti-Forensics.

Finally, if you are looking for people interested in this stuff; there aren't many. Only 200-300 in the entire world.
I have checked out 185 Discord Servers , 35 Telegram channels & what not.
Long Story short : All the malware authors and ransomware writers hangout on temp IRC Chatrooms. There are only 8 of these said chatrooms

Most red teamers will use out of the box payloads ; they will never use malware as it is out of legal scope.

Exploit Development is different. It's like college freshman maths.

Once you are done with this , you will want to know how malware writers are caught. Popular response is "Forensics" & "Reverse Engineering" ;
It's not.
Amateur writers will make a set of 12 mistakes that leads them to being caught ; someone who is writing an enterprise grade RaaS is & will mindfuck you.

If you want to know how things work in the real world ; start reading indictment paperwork , released investigative paperwork & FBI Financial Crimes stuff along with Europol.
Whatever you can get your hands on that is de-classified

Keep in mind , most countries do not have any infra to tackle cyber crime.
Rest done.
--------------------------
Good Day!

[Vector]

Welcome to GreySec. On peril of sounding like an asshole i just had some quick commentary.

You know you can format your posts in such a way that you don't need to make a PDF, upload it and tell our users to download it. In fact, i would have preferred a formatted post, then the page without too much trouble could've been converted to PDF complete with your illustrations.

Also, you know just as well as i do that there are tools capable of far more detailed analysis of PDF files than a quick VT scan.

I'll reserve judgement for after i analyze your document but the tone of your post is a little patronizing. Not trying to be the tone police, but if you'd like people to engage with your content you might want to consider that.

[hworth]

Hi,
I am posting this here. This is a guide for malware development about 34 pages long that I made for myself along with diagrams .
I asked here (previous username was something else) & in many infosec communities on how to be a Malware Developer but didn't had any good response so I searched for myself.

I hope it helps you as it helped me (I keep coming back to it).

This assumes no knowledge of programming /computer science.

...

If you want to know how things work in the real world ; start reading indictment paperwork , released investigative paperwork & FBI Financial Crimes stuff along with Europol.
Whatever you can get your hands on that is de-classified

Keep in mind , most countries do not have any infra to tackle cyber crime.
Rest done.
--------------------------
Good Day!

Excellent job, Inessa_Fevre! I found the write-up very interesting & useful.

I do agree with Vector that your PDF contents could still be formatted / edited to fit in a post, however... other than that, nice work and I look forward to (hopefully) seeing more from you on GS in the future.

[archived]

Just read your entire guide and I'm amazed by it. The child analogy got me. It simply clicks.
Is there any non-invasive way to keep in touch with you? anyway i greatly appreciate your work.

[Agonal]

Hi,
I am posting this here. This is a guide for malware development about 34 pages long that I made for myself along with diagrams .
I asked here (previous username was something else) & in many infosec communities on how to be a Malware Developer but didn't had any good response so I searched for myself.

...

Keep in mind , most countries do not have any infra to tackle cyber crime.
Rest done.
--------------------------
Good Day!

Welcome to GreySec!

I browse through your PDF and it seems more than interesting.
I will work through it next week.
Thanks for this amazing work and the effort!

KR
Agonal

[Ayumi_Nkm]

OP here.
(The one who made this post)
---------------
Thank you for your feedback and yes I am aware that I could made a mutli threaded long post and formatted it but it was too  much work for me.

Half of the contents in this refrence are not mine.
I talked to a certain person who has been in red teaming for 12 years now and he was kind enough to lend me his time and guide me through the entire process.
I copy-pasted what he said and edited accordingly.

The other parts of the guide are based on talking to ransomware developers who were state affiliated and reviewed the diagrams.
Contrary to the popular belief , ransomware groups are very disciplined and organised with strict work timings and offering a lot of employment benifits 
(Example Grafte : 22 days paid leave annually and 12 days sick leave)

They usually ask for 6-8 years of exprience as being an excellent programmer or if you don't have that exp , they ask for equivalent knowledge.
---------------
The reason I made this guide was for myself only and to help me. When I first posted it in other places , I recieved a lot of negative feedback but me being a 4channer , I now believe that they are more retarded than me.
I was told that this guide is useless and is just "50,000" buzzwords.

I was actually very confused about how to get any job in cyber security because everywhere you look (the first 4600 LinkedIn job postings they ask for a lot of expensive certificates) ; I gave up any hopes and am not interested in the field anymore. 
 
When I first asked some employed people on how to go about it , they told me that there are no entry level jobs in cyber security and the entire industry is based around on consulting or government funded companies.
Which is actually true because I did researched a lot into it.

Given that how competitive this field is and with the hype train of labour shortage there is ,
(There isn't any labour shortage , it's just false statistics).
With majority of employers preferring first world residents with white ethnicity  & the extra effort that you are required to put in to stay on top of the outcoming vulnerabilities and exploits , it really doesn't make any sense to go in it with regards to the pay.
Pay is very important because in today's world , it is now impossible to buy a house or land , let alone mantain a good & healthy diet.


Anyways , I wasted 6 months of my life . i had a lot more stuff including how to make on the fly tools used by APTs  , but I am not interested in it anymore.
My discord is Lakshmana#3016 , if you are interested in directly messaging me (non invasive way)

[Insider]

OP here.
(The one who made this post)
---------------
Thank you for your feedback and yes I am aware that I could made a mutli threaded long post and formatted it but it was too much work for me.

Half of the contents in this refrence are not mine.
I talked to a certain person who has been in red teaming for 12 years now and he was kind enough to lend me his time and guide me through the entire process.
I copy-pasted what he said and edited accordingly.

The other parts of the guide are based on talking to ransomware developers who were state affiliated and reviewed the diagrams.
Contrary to the popular belief , ransomware groups are very disciplined and organised with strict work timings and offering a lot of employment benifits
(Example Grafte : 22 days paid leave annually and 12 days sick leave)

They usually ask for 6-8 years of exprience as being an excellent programmer or if you don't have that exp , they ask for equivalent knowledge.
---------------
The reason I made this guide was for myself only and to help me. When I first posted it in other places , I recieved a lot of negative feedback but me being a 4channer , I now believe that they are more retarded than me.
I was told that this guide is useless and is just "50,000" buzzwords.

Welcome back OP    Glad to see you around here again! I've read through this guide and while it may not be a strictly technical guide to things. I still find it very informative and useful. Good place for just general advice on where to get started, how to learn and where to find tons of good resources. Some buzzwords like the quotes sure, but I see nothing wrong with that. 

And very interesting point regarding ransomware programmers. I had no idea they had paid benefits like this. Interesting!

That being said. I'm adding this thread to the malware sticky.

I was actually very confused about how to get any job in cyber security because everywhere you look (the first 4600 LinkedIn job postings they ask for a lot of expensive certificates) ; I gave up any hopes and am not interested in the field anymore.

When I first asked some employed people on how to go about it , they told me that there are no entry level jobs in cyber security and the entire industry is based around on consulting or government funded companies.
Which is actually true because I did researched a lot into it.

Given that how competitive this field is and with the hype train of labour shortage there is ,
(There isn't any labour shortage , it's just false statistics).
With majority of employers preferring first world residents with white ethnicity & the extra effort that you are required to put in to stay on top of the outcoming vulnerabilities and exploits , it really doesn't make any sense to go in it with regards to the pay.
Pay is very important because in today's world , it is now impossible to buy a house or land , let alone mantain a good & healthy diet.

In my opinion/experience I think it depends a bit on where you are and how you approach this. At least around here, there's a good chance to get an entry-level job in IT-security. For example if you look for SOC Analyst positions at certain companies (Blue team, security analyst). There you can get a job if you do know the basics of networking, scripting. And it certainly help to build up a portfolio to show off your skills. Like a github with project, a blog with writeups and participate in different CTFs. Although certificates certainly helps you bypass the HR filter in some places. At least getting an OSCP which is around 800$ (relatively cheap if you already have a steady job) would be useful.

And as for the red team side of things. At least around here I've seen people accepting people into so called "Trainee" programes för pentesting for people already in different sectors in IT. Like programming, IT-support and all that. And yeah of course as I said before, building an portfolio would help with all that.

In my opinion; while some positions will ask a lot of arbitary year requirements in experience and all that. I see them more as guidelines. Sometimes you can cold approach different companies and ask if they would consider hiring for a more junior position instead. Could actually be cheaper for them as you'll go in with a lower pay grade they normally would offer for a more senior position. As long as you show that you are willing to learn. This may be harder at bigger companies, probably better success at smaller companies with smaller HR or maybe even no HR at all.

Just my 2 cents.

Anyways , I wasted 6 months of my life . i had a lot more stuff including how to make on the fly tools used by APTs , but I am not interested in it anymore.
My discord is Lakshmana#3016 , if you are interested in directly messaging me (non invasive way)

I have added you on discord. If you want I can verify your authorship of your old forum account and merge them together. Sadly the "recover" account function is not working at the moment. It's on my TODO list to fix.

Also feel free to join our discord if you'd like: https://greysec.net/discord

[Ayumi_Nkm]

Thanks for the advice . I have heard and read that for the Nth time from a lot of people.
I am done.

[hworth]

My discord is Lakshmana#3016 , if you are interested in directly messaging me (non invasive way)

Thanks so much for following up on your OP! :-)

Just wanted to let you know the discord nick you stated above does not work; if you're not comfortable sharing the correct one feel free to PM as I'd like to add you.

[enmafia2]

Thanks for the advice . I have heard and read that for the Nth time from a lot of people.
I am done.

I think that maybe you are looking in the wrong places or your country is maybe not so developed. In my opinion, job opportunities appear mostly from connections, and hacking conferences are a great place to make them. Also, there are usually a lot of companies looking for employees there, make sure you bring your curriculum and leave them a copy.
If you are interested in the field, go for it. Maybe you have to go for some entry jobs like Insider said at first, but you can always escalate and get to positions you are really interested in.

Good luck!