Module 2: Introduction to Malware Development

Open source tools are signatured by security vendors and can easily be detected. They are not reliable. Paid tools can be reliable since they are not publicly available and can be considered as custom tools being developed. There are chances that paid tools have already been analyzed and/or detected by the security vendors making them less reliable in offensive security. However, this all depends on the malware vendor’s service. Plus, most of them are probably convenient to use.

The better option is to develop custom tools to avoid detection from security vendors. You get to have full control and no need to pay. The downside is that developing custom tools requires experience and skills.

I chose developing my own custom tools because I am here to learn. Not to spread malware and cause chaos. If I want chaos, I can just buy those services online. That’s no different from being a script kiddie.

Rust. Next.

Just kidding. Any programming language can be used. Even Python, yes. But the choice of which programming language comes down to choosing which language works the best for:

Go and Rust is difficult to reverse engineer not because it’s hard but the lack of tooling to do so (might change in couple of years). Unlike C/C++, there’s already tons of documented resources in reverse engineering them.

Albeit Rust having bigger file size than C, I think it’s possible to strip it down but I haven’t gotten it to work as small as 16 KiB.

Similar to Software Development Life Cycle, we just follow that process and call it a day. With extra steps.