Technical details of exploits and distributed malicious systems, together with associated discovery and analysis approaches.
Build a home hacker lab using SecGen
Tool
SecGen creates vulnerable virtual machines, lab environments, and hacking challenges, so students can learn security penetration testing techniques. Boxes like Metasploitable2 are always the same, this project uses Vagrant, Puppet, and Ruby to create randomly vulnerable virtual machines that can be used for learning or for hosting CTF events.
Training
External link
Explore TripleCross
TripleCross
TripleCross is a Linux eBPF rootkit that demonstrates the offensive capabilities of the eBPF technology. It features backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
How could you hide a process?
Malware often tries to hide itself from other software, for example, anti-virus. How can a process hide from other processes whilst it is running?
How could you hide in a file?
Malware may hide itself or information it has gathered in files. How can this be done whilst still keeping the data accessible to the malware?
How could you hide in a network protocol?
Malware often tries to conceal its communication from other software and network devices. How can malware achieve this whilst still being able to send and receive information?
Install Flare-VM
FLARE VM is a fully customizable, Windows-based security distribution for malware analysis, incident response, penetration testing, etc.
Install Kali linux
Kali Linux is an open-source, Debian-based Linux distribution geared towards various information security tasks, such as Penetration Testing, Security Research, Computer Forensics and Reverse Engineering.
Learn about bypassing eBPF-based Security Enforcement Tools
Form3 blog
Understand the limitations of eBPF-based tools and how adversaries may bypass them.
Learn hacking skills using HackTheBox
Hack The Box is a massive, online cybersecurity training platform, allowing individuals, companies, universities and all kinds of organizations around the world to level up their hacking skills.
Listen to the Risky Business podcast
Risky Business
Published weekly, the Risky Business podcast features news and in-depth commentary from security industry luminaries. Hosted by award-winning journalist Patrick Gray, Risky Business has become a must-listen digest for information security professionals.
MiTM network traffic
mitmproxy is a free and open source interactive HTTPS proxy. You can use it on the command line, through a web interface, or through a Python API.
Pack and unpack an executable
Many different executable packers exist. They may compress, encrypt or obfuscate the underlying binary. Malware authors may use either off-the-shelf packers or custom packers to avoid detection. One example packer is UPX, a free, portable, extendable, high-performance executable packer for several executable formats. If you've got more time, try analysing or debugging the binary.
Play around with Objective-See's macOS security tools
Objective-See is a non-profit that creates simple, effective macOS security tools. Their tools are free and open-source.
Article
Read a Project Zero write up
Project Zero is a team of security analysts employed by Google tasked with finding zero-day vulnerabilities. They provide comprehensive write-ups of the vulnerabilities they discover, and their work to work with the wide community to remediate them.
Handbook
Read The Art of Mac Malware
TAOMM
The "Art of Mac Malware" was created to provide a comprehensive resource about threats targeting Apple's desktop OS. Dedicated to the community, it is a culmination of over a decade of macOS security research.
Read the CyBOK Malware & Attack Technologies Knowledge Area introduction
The Cyber Security Body Of Knowledge is a comprehensive Body of Knowledge to inform and underpin education and professional training for the cyber security sector. The CyBOK project aims to bring cyber security into line with the more established sciences by distilling knowledge from major internationally-recognised experts to form a Cyber Security Body of Knowledge that will provide much-needed foundations for this emerging topic. The project, funded by the National Cyber Security Programme, is led by the University of Bristol's Professor Awais Rashid, along with other leading cyber security experts - including Professor Andrew Martin, Professor Steve Schneider, Dr Yulia Cherdantseva, Dr Rod Chapman and Dr Marina Krotofil.
Try The Backdoor Factory (BDF)
The goal of BDF is to patch executable binaries with user desired shellcode and continue normal execution of the prepatched state.
Try using the Capstone disassembler
Capstone is a lightweight multi-platform, multi-architecture disassembly framework.
Use Frida
Frida is a dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers. Inject your own scripts into black box processes. Hook any function, spy on crypto APIs or trace private application code, no source code needed. Edit, hit save, and instantly see the results. All without compilation steps or program restarts.
Use Metapsloit to compromise a virtual machine
Metasploit is the world’s most used penetration testing framework.
Use radare2
A free/libre toolchain for easing several low level tasks like forensics, software reverse engineering, exploiting, debugging etc.
BlackHat