The class presents an in-depth description of the techniques implemented in modern malware to evade defenders and security products (such as AV, IPS, IDS, EDR), and how attackers design and operate their implants to ensure a prompt redeployment after a detection or a public disclosure by researchers or security vendors.

The training covers real-world scenarios that impair (effectively slow-down or dissuade) reverse engineering efforts and make the job of first responders more time consuming. 

The techniques are demonstrated in two ways: first, by reversing real malware samples, and then by re-implementing an improved version of the malware code. The training is designed from the attacker’s point of view, teaching red-teams how to make their implants stealthier, but it will also teach defenders how to deal with anti-reversing and OPSEC techniques demonstrated in class.

The class focuses primarily on Windows malware and on analysing, tweaking and re-purposing real world malware samples. Participants will be provided with plenty of custom code to facilitate the understanding of complex techniques.

Theory sessions are followed by exercises where participants reverse and re-implement specific parts of real malware in order to fully understand the hidden corners of all the techniques involved. 50% of the course is dedicated to hands-on labs that show how to translate theory into practice.

Labs are designed to provide flexibility in terms of complexity and include bonus tracks to ensure that you always feel engaged and have something interesting to explore and learn.

To develop and test the techniques described during theory sessions, students are provided with the source-code of our training agent and its matching C2.