Training Abstract
This training program introduces participants to the core concepts of malware development from an offensive red team perspective. Rather than focusing on heavy coding, the course emphasizes understanding how implants work, why certain techniques are used, and how red teams think about building custom tools.
Through clear explanations, real-world examples, and structured lectures, participants will build a solid conceptual foundation in implant design, tradecraft basics, and operational considerations, all without needing advanced programming skills.
What to expect: All course material, including commands, slides, and source code snippets for malware. Additionally, technical support will be extended during and after the training class.
Training Outline
- Portable Executable (PE) structure fundamentals
- Import Address Table (IAT)
- Export Address Table (EAT)
- Import directory analysis
- Export directory analysis
- Intro to Shellcode Development
- x86/x64 Instruction set basics
- Converting Assembly to raw bytes
- Position Independent Code (PIC)
- Hiding your shellcode
- Payload obfuscation methods - XOR, AES, Base64
- Common encoding algorithms
- Signature detection bypass strategies
- Intro to Processes, Memory, Threads, and Tokens
- Introduction to Windows System Programming (Win API)
- Data Types
- Structures
- Pointers
- NT API fundamentals
- Windows data type architecture
- Function call obfuscation
- P/Invoke (Platform Invocation Services)
- D/Invoke (Dynamic Invocation)
- Basic shellcode runner development
- Process injection methods
- Remote DLL Injection
- Antivirus signature bypass techniques
- Module Stomping
- Dynamic API Loading
- Binary Signing
- DLL Hijacking and Sideloading
- DLL Proxying
- Windows Events
- AMSI internals
- ETW internals
- Parent Process ID (PPID) spoofing
- Command line argument spoofing
Who Should Take This Training
This training is designed for the following security professionals:
- Penetration Testers / Red Teams
- Blue Teams
- Malware Developers
- Threat Hunting Team
Audience Level
Beginner to Intermediate. You should have:
- Comfortable with writing code in C# and C
- Basic understanding of the Windows environment
Student Requirements
Please prepare the following before the training:
- A laptop with at least 16GB of RAM, having either VMware or VirtualBox Linux and Windows VMs Installed
Meet the Trainers
Aravind Prakash
Aravind Prakash is a Senior Security Consultant at Optiv, specializing in offensive security and tradecraft development. With extensive experience in red teaming and offensive operations, he has led numerous complex engagements across industries, helping organizations strengthen their resilience against real-world adversaries.
He holds CRTP, CRTE, CRTO, and CRTO 2 certifications and has a strong background in adversary simulation, detection evasion, and red team tradecraft. Aravind has also worked as a trainer, delivering hands-on workshops for clients from different sectors with varied requirements.
He has delivered talks and training sessions at c0c0n, sharing insights on offensive security, red team methodologies, and detection bypass techniques.
