Malware Dev Training

Dive deep into source code to gain a strong understanding of execution vectors, payload generation, automation, staging, command and control, and exfiltration. Intensive, hands-on labs provides even intermediate participants with a structured and challenging approach to write custom code and bypass the very latest in offensive countermeasures.
About The Course:

Threat intel reports are constantly being released which document the novel techniques and custom tooling that support real-world operations. However, despite access to this information, the industry still lacks many of the fundamentals required to emulate nation-state threats, opting instead for “off the shelf” tooling and click-once solutions. These tools abstract the true work required to compromise, engage, and exfiltrate a target network, leaving an operator scrambling when the going gets tough.

Dark Side Ops 1: Malware Dev focuses on the goals, challenges, architecture, and operations of advanced persistent threat (APT) tooling. Participants will dive deep into source code to gain a strong understanding of execution vectors, payload generation, automation, staging, command and control, and exfiltration. In addition, participants are given hands-on experience with black hat techniques currently used by hackers to bypass NIDS and HIPS systems, layer 7 web proxies, “next-gen” antivirus, and DLP solutions.

Learn How To:
  • Build

    and modify custom payload droppers, beaconing backdoors, and interactive shells.

  • Implement

    stealthy command and control methods

  • Reverse Engineer

    and automate the creation of sophisticated client-side attacks

  • Develop

    laterally between workstations for large-scale network compromise

  • Bypass

    defensive host and network countermeasures

  • Establish

    custom, stealthy persistence in a target network

  • Compile

    and deploy an advanced custom toolkit for exploration, understanding, and real “Red Side” operations

Participants will receive source code to a variety of offensive tools, including custom shells, backdoors, C2 listening posts, and client-side exploitation techniques. To reinforce the knowledge provided through instruction, the modification and creation of the code is the focal point of every lab, allowing participants to take materials home for continued use.


Dark Side Ops 1: Malware Dev is ideal for offensive security enthusiasts who are ready to take their skills beyond the next tool, script, or fill-in-the-blank pen-testing dependence. If you’re an operator or hobbyist interested in building and modifying custom offensive tools to bypass the latest offensive countermeasures, this course is for you. If you are a SOC analyst, developer, or incident responder who is interested in a malware development deep dive for hands-on learning, this course is for you.

L33t programming skills are not necessary to enjoy this course, and the labs are designed to provide two packed days regardless of previous experience. The material will focus solely on Windows environments, however some of the tooling and all of the theory could be applied to other operating systems as well. We truly believe participants will not leave this course disappointed.

Participants Should Have At Least:
  • An intermediate level of systems administration experience using Windows or Linux
  • Familiarity with an APT kill chain (initial access, persistence, lateral movement, etc.)
  • Experience with programming (however small or long ago)
Participants Benefit From:
  • Knowledge of modern offensive research and concepts
  • Familiarity with Windows internal concepts (tokens, handles, services, etc.)
  • Experience developing netsec scripts or tools (C++, Python, Powershell, etc.)
  • Experience with penetration testing techniques or frameworks (Red Team Toolkit, Metasploit, Cobalt Strike, etc.)
Virtual Course Format:

All registrants have access to the Dark Side Ops training course material for 90 days through our learning management software: moodle. All attendees will receive access to the following materials:

  • Video Lectures: Engaging video presentations bring the classroom to you, whenever you’re ready to learn.
  • Lab manual, slides, and other resources
  • Tons of custom code

Discover why security operations teams choose NetSPI.