Breaking in is just the beginning. The job of an emulated criminal is judged more by ‘how long can I persist’ and ‘what can I get out!’ As with the previous 5 Windows Malware Development (WMD) courses, let’s not just use some off the shelf tools or open source options with known signatures and maybe even some bloat. Let’s lay down some custom code! And rightfully so, the 2nd trilogy comes to an end with WMD 6 – Building Post-Exploitation Tools. This marks the completion of the WMD Advanced Path of courses 4 – 6.
In this course of the WMD series, we are learning the basics of post-exploitation tooling. Which, in reality, is just normal OS programming but using the data for malicious purposes. You know… like all malware. Either way, we are going to build the “hello worlds” of post-exploitation tools: an LSASS dumper and a COM persistence tool. Then we will wrap it all up by building a BOF out of one of them. I won’t tell you which; that’s a secret for the course.
Price = $120 $150 20% Launch Discount
Ends Midnight ET June 30
WMD 3-Course Bundles
46% Off WMD Intro Path
- WMD 1 – MalDev Basics (Now permanently NameYourPrice!)
- WMD 2 – Adv Exec & Obfuscation TTPs
- WMD 3 – Dynamic Evasion Techniques
20% Off WMD Advanced Path
- WMD 4 – PIC or It Didn’t Happen
- WMD 5 – Return of the Beacon
- WMD 6 – Building Post-Exploitation Tools
A New Trilogy Ends…
In a unique style that his students have come to love (both here on JHT and at DEF CON), Dahvid Schloss embarked on a new journey spawning a second trilogy. WMD 4 was the start of the WMD Advanced Path! WMD 5 continued with beacons and WMD 6 closes it out with post-exploitation.
Will there be a third trilogy? Hmm… Maybe maldev of other platforms or technologies?
See for Yourself with Free Preview Lessons and a LIVE DEMO with John Hammond:
📜 Course Introduction and Vitals
👴 Your Grandfather’s Post-Exploit Tooling
📼 The Legacy Pipeline
Course Introduction
Like all other WMD courses, this is meant to give you the basics of understanding NOT a final tool for your engagements. I’ll get you 80% of the way there; the remaining 20% is up to you.
What will I learn in WMD 6?
In WMD 6, we focus on post-exploit tooling:
- What they are
- How to choose their architecture
- How to write them
- How to integrate them into a C2 Agent
By the end of WMD 6, you should understand how to design and write your own post-exploit tooling.
What is the format of this course?
This course is a follow-along coding course. You won’t be given the code directly, and it’s encouraged that you write the code yourself while the video plays as the best way to learn is by doing.
You need to set up the lab environment on your own to produce your agents, exes, and DLL files. This should be considered the first step in the journey. If you can’t figure out the lab part first, it may not be the best time to start this course.
That being said, we do have VMs for your convenience, but you should still know how to set this up.
WMD 6 contains 6.5 hours of video, an option to use your own dedicated virtual lab to play and quizzes to test your understanding. Of course, the ultimate test is… DOES YOUR CODE WORK!?!?
Course Goal
- Developing, Building, and Testing Post-Exploit Tooling
- To have fun…lol jk… we suffer here. 🥲
Prerequisites for WMD 6
You don’t have to buy all of the previous WMD courses, but this course assumes that students have the knowledge presented in the WMD Intro Path (WMD Courses 1 – 3). Therefore, having basic coding skills, experience with shellcode and AV evasion are highly recommended. It also assumes you have knowledge from WMD 4 & 5.
This course gives students the option to play on their own or utilize a dedicated virtual environment. Because everything is provided for you, you need nothing other than a computer, Internet access and your brain!
