# Exploit & Malware Development

## **Phase 1: Foundations**

**Objective:** To establish a solid understanding of computer systems, networking, and programming—essential groundwork for malware and exploit development.

***

#### 1. **Computer Systems & Networking Basics**

* **Resource:** *Computer Systems: A Programmer's Perspective,* [*Roppers.org*](https://www.roppers.org/courses/fundamentals)
* **Purpose:** Introduces how systems operate at the hardware and software levels, essential for understanding vulnerabilities and low-level operations.
* **Topics:** CPU architecture, memory management, processes, networking protocols (TCP/IP, DNS, HTTP), client-server model.

#### 2. **Programming Fundamentals**

* **Resource:**
  * *Assembly:* [*Low Level Academy Courses*](https://lowlevel.academy/courses/armassembly)*,* [*FreeCodeCamp Assembly ARM Course*](https://www.freecodecamp.org/news/learn-assembly-language-programming-with-arm/)*,* [*Olive Stem Free Assembly course*](https://olivestem.net/courses/x86-assembly-with-nasm)
  * *C:* *The C Programming Language* by Kernighan & Ritchie, [Learn-C](https://www.learn-c.org/), [C Essentials 1](https://cppinstitute.org/c-essentials-1), [C Essentials 2](https://cppinstitute.org/c-essentials-2), [C Programming Course by Programiz](https://www.youtube.com/watch?v=0Sg6QHmlFJE\&list=PL98qAXLA6aftD9ZlnjpLhdQAOFI8xIB6e\&index=31), [Olive Stem Free C course](https://olivestem.net/courses/basics-of-c-programming), *Harvard's free CS50 course*
  * *C++:* [*W3schools*](https://www.w3schools.com/cpp/default.asp)*,* [*Learn-C++*](https://www.learn-cpp.org/)*,* [*CPP Essentials 1*](https://cppinstitute.org/cpp-essentials-1)*,* [*CPP Essentials 2*](https://cppinstitute.org/cpp-essentials-2)
  * *Python:* *Automate the Boring Stuff with Python Book,* [*Learn-python*](https://www.learnpython.org/)*,* [*Python Essentials 1*](https://pythoninstitute.org/python-essentials-1)*,* [*Python Essentials 2*](https://pythoninstitute.org/python-essentials-2)*,* [*Python Basics by KodeKloud*](https://www.youtube.com/watch?v=2zvXrbjyXZc)
* **Purpose:** Learn to write programs that interact directly with memory and systems, and automate tasks.
* **Topics:** C memory management, file I/O, socket programming, scripting, process control.

#### 3. **Operating System Internals**

* **Resource:**
  * *Linux:* [Linux Journey](https://linuxjourney.com/)
  * *Windows:* *Windows Internals* by Mark Russinovich
* **Purpose:** Understanding OS behavior and internals is critical for exploitation and persistence techniques.
* **Topics:** Syscalls, services, permissions, Windows registry, Linux file system hierarchy.

#### 4. **Command Line and Scripting Essentials**

* **Resource:** [OverTheWire: Bandit](https://overthewire.org/wargames/bandit/)
* **Purpose:** Build confidence using the shell and scripting, skills often used in malware automation or reverse shells.
* **Topics:** Bash scripting, CLI tools, file and process management.

**Expected Outcome:**\
By the end of this phase, learners will be comfortable with systems internals, C and Python programming, basic networking, and OS-level scripting, foundational for further exploit and malware development.

***

## **Phase 2: Vulnerability Research**

**Objective:** Learn how software breaks by studying bugs and vulnerabilities, focusing on memory corruption and binary analysis.

As an exploit developer, you will often move back and forth between the vulnerable code, the compiled binary, and the corresponding assembly to understand the bug and build a working exploit

#### 1. **Binary Exploitation Fundamentals**

* **Resource:** [ret2systems](https://wargames.ret2.systems/course), [pwn.college](https://pwn.college/), [Nightmare](https://guyinatuxedo.github.io/), [pwnable.xyz](https://pwnable.xyz), [RPISEC MBE](https://github.com/RPISEC/MBE)
* **Purpose:** Learn to identify and exploit memory-based vulnerabilities through interactive challenges.
* **Topics:** Stack overflows, format string vulnerabilities, buffer overflows, intro to shellcoding.

#### 2. **Reverse Engineering Basics**

* **Resource:** *Ghidra*, *IDA Free*, *x64dbg, Binary Ninja*
* **Purpose:** Teaches how to analyze binary executables to discover bugs and understand malware.
* **Topics:** Static vs dynamic analysis, control flow, function signatures, anti-debugging techniques.

#### 3. **Using Debuggers and Exploit Development Tools**

* **Resource:** *Immunity Debugger* with *Mona.py*, *GDB*, *radare2*
* **Purpose:** Learn hands-on debugging, breakpoint setting, and stack/frame inspection.
* **Topics:** Stack inspection, SEH exploitation, return address control, crash analysis.

#### 4. **CTF Practice and Vulnerable Machines**

* **Resource:** [Hack The Box](https://hackthebox.com/), [TryHackMe](https://tryhackme.com/)
* **Purpose:** Apply binary exploitation and reverse engineering skills in real-world simulated environments.
* **Topics:** Privilege escalation, buffer overflow chains, vulnerable binaries.

**Expected Outcome:**\
By the end of this phase, learners will understand core vulnerability types, how to identify and exploit them, and how to reverse engineer software for analysis or attack development.

***

## **Phase 3: Exploit Development**

**Objective:** Learn how to write functional exploits and shellcode, bypass modern defenses, and create working Proof of Concepts (PoCs).

#### 1. **Shellcoding and Custom Payloads**

* **Resource:** *Shellcoder’s Handbook*, *PayloadsAllTheThings*
* **Purpose:** Learn how to write assembly shellcode to achieve code execution.
* **Topics:** Writing shellcode in Assembly, encoding/decoding, execve shell, Windows APIs.

#### 2. **Bypassing Defenses (DEP, ASLR, SEH)**

* **Resource:** *Corelan Exploit Development Series*
* **Purpose:** Master techniques to bypass OS-level defenses.
* **Topics:** Return Oriented Programming (ROP), Structured Exception Handler (SEH) exploitation, NOP sleds.

#### 3. **Exploit Development for Known Vulnerabilities**

* **Resource:** [Exploit-DB](https://www.exploit-db.com/)
* **Purpose:** Learn to write real-world PoCs for disclosed vulnerabilities.
* **Topics:** Fuzzing, CVE reproduction, buffer manipulation, ROP chain building.

#### 4. **Exploitation and C2 Frameworks**

* **Purpose:** Understand how to develop and use modules in professional-grade exploitation frameworks.
* **Topics:** Module structure, payload integration, local/remote exploitation.

#### Additional Resources

{% embed url="<https://academy.hackthebox.com/course/preview/intro-to-assembly-language>" %}

{% embed url="<https://p.ost2.fyi/courses/course-v1:OpenSecurityTraining2+Arch1001_x86-64_Asm+2021_v1/about>" %}

{% embed url="<https://opensecuritytraining.info/Exploits1.html>" %}

{% embed url="<https://ropemporium.com/index.html>" %}

{% embed url="<https://exploit.education/>" %}

{% embed url="<https://wargames.ret2.systems/course>" %}

**Expected Outcome:**\
By the end of this phase, learners will be capable of writing functional exploits, understanding protection bypasses, and contributing to frameworks like Metasploit or writing custom shellcode.

***

## **Phase 4: Malware Development**

**Objective:** Create and analyze malware with different capabilities, focusing on persistence, stealth, and command-and-control.

#### 1. **Windows Malware Fundamentals**

* **Resource:** *Practical Malware Development*
* **Purpose:** Learn how to develop malicious code for the Windows environment.
* **Topics:** DLL injection, keyloggers, fileless malware, Windows API abuse.

#### 2. **Persistence and Evasion Techniques**

* **Resource:** *Red Team Operator Handbook*, [*LOLBAS Project*](https://lolbas-project.github.io/)
* **Purpose:** Learn how malware maintains access and evades detection.
* **Topics:** Registry persistence, process hollowing, packing, AMSI bypass, antivirus evasion.

#### 3. **Command and Control (C2) Infrastructure**

* **Resource:** *Cobalt Strike*, *Sliver Framework*
* **Purpose:** Learn how attackers remotely control infected hosts and exfiltrate data.
* **Topics:** Reverse shells, beaconing, encryption, obfuscation.

#### 4. **Cross-platform Malware (Go, Rust, PowerShell)**

* **Resource:** *Malware Development in Go* by Didier Stevens
* **Purpose:** Build malware for multiple platforms using modern languages.
* **Topics:** Static binaries, evasion through language choice, PowerShell obfuscation.

#### Additional Resources

{% embed url="<https://maldevacademy.com/>" %}

{% embed url="<https://institute.sektor7.net/consumer>" %}

{% embed url="<https://training.whiteknightlabs.com/certifications/offensive-development-practitioner-certification/>" %}

**Expected Outcome:**\
By the end of this phase, learners will be able to write and understand fully functional malware across multiple platforms, with C2 capabilities and evasion techniques.

***

## **Phase 5: Advanced Topics**

**Objective:** Dive into complex attack vectors including kernel-level exploitation, rootkits, and advanced malware analysis.

#### 1. **Kernel Exploitation Basics**

* **Resource:** *A Guide to Kernel Exploitation* by Enrico Perla
* **Purpose:** Explore low-level vulnerabilities and exploit development inside kernel space.
* **Topics:** Kernel modules, syscall abuse, Windows driver exploitation, privilege escalation.

#### 2. **Rootkit Development**

* **Resource:** *Rootkits: Subverting the Windows Kernel*
* **Purpose:** Understand and develop stealth malware that hides within the OS itself.
* **Topics:** Userland vs kernel rootkits, inline hooking, DKOM, hiding processes and files.

#### 3. **Advanced Malware Analysis**

* **Resource:** *Practical Malware Analysis* by Sikorski & Honig
* **Purpose:** Learn how to reverse engineer and dissect malware samples in the wild.
* **Topics:** Packers, crypters, C2 decoding, behavior monitoring.

#### 4. **OPSEC and Attribution Avoidance**

* **Resource:** *Red Team Field Manual*
* **Purpose:** Learn how to develop malware with minimal forensic traceability.
* **Topics:** Anti-forensics, timestomping, evading EDRs, malware development OPSEC.

***

**Expected Outcome:**\
By the end of this phase, learners will have advanced knowledge in kernel exploitation, stealth malware, and techniques used by sophisticated threat actors.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://martian1337.gitbook.io/notes/training-and-career/guides/exploit-and-malware-development.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.