Welcome to the MalDev & AV/EDR Evasion for Pentesters workshop for the Congreso Internacional de Seguridad de la Información (2022). In this workshop we will be focusing on using C# for malware development for Windows. We will see basic process injection techniques, strings / shellcode obfuscation and evasion for .NET code.
Description: With Antivirus (AV) tools and Endpoint Detection and Response (EDR) systems advancing more and more in their detection and monitoring capabilities, running a simple hacking tool can become a real challenge for a pentester during a penetration test. This workshop will show you how AV/EDR works, different techniques to evade these security solutions as well as a quick introduction to the world of malware development (MalDev).
Skill Level: Basic / Intermediate
Prerequisites: Basic programming/scripting skills. Prior experience with C# helps but not required.
Aimed at: It is mainly aimed at beginners interested in offensive security (Red Team), but those interested in defensive security (Blue Team) are also welcome as it will help them understand how malware works and thus improve their detection engineering.
- C# 101
- Malware Development Introduction
- Process Injection Techniques
- Antivirus/EDR Bypass
Asahel Hernandez (blazz3) - Github - Twitter
All the code snippets in this workshop started from a Github repository/gist, a Stack Overflow code snippet or a Google search. Special mention goes out to:
- Mauricio Velazco - defcon27_csharp_workshop | Github | Twitter
- Amarjit Labhuram - AH2021Workshop | Github | Twitter
- Cas Van Cooten - maldev-for-dummies | Github | Twitter
- Jean Francois Maes - Github | Twitter
- Fabian M. - Github | Twitter
- Security Assurance Team @Dell
- @offsectraining
- @marduky_
- @xbytemx
- @f99942
- @nightwolfx2
- @blackleitus