The tools that criminals use look indeed shiny at first for a few reasons:
- You can’t have them(Or can you?)
- It looks cool to be the bad guy and manage all these bots
- You want to do things you’re not allowed too.
Let me first begin by informing you something I wish I knew 3 years ago, you can get all these tools - for free and view their source code on github.
You can just search for malware on github and find anything you need. do that today, start hosting your very own botnet and do what ever you want with it. Go ahead, do it right today and then you’ll find out there is nothing special about owning one of these tools or using them because you’re not a criminal, at best you can install these clients on your virtual machine and play around with them.
This brings me to the next subject, the quest for knowledge and passion. I was also passionate about these tools, and making them is not that hard. There is a pretty much straight forward line to getting this done. Malware just like Software are just programs which you can program. You choose any programming language you want and you just roll with it, when you become content with your programming skills you can dive into looking at these malware source codes and making things yourself.
Although it is not rocket science, the linear line going towards what you want is not easy to master to learn and it will take time. By the time you’ll be ready to make your own tools you probably wont be interested in simple keyloggers and botnets because well they’re just not that special, most of them that is. they are very straight forward to implement. what will become interesting is how the threat actors leverage these tools and use special methods to deploy or create these tools to bypass operating system security.
I would start learning C, why? because its the closest you’ll get to the operating system internals(besides assembly that is) and it will teach you some computer science and system memory concepts and perhaps operating system internals.
https://www.amazon.com/Primer-Plus-_p6-Developers-Library-ebook/dp/B005OR9MWQ/ref=sr_1_2?dchild=1&keywords=C%2B%2B+Primer&qid=1586957534&sr=8-2
You can use this book to learn C and C++ and that should be enough for you to make any of the above tools. Once you have the language you’ll just have to google to search for malware source code and make code yourself. You’ll quickly find that these tools are not that special, and what becomes interesting is, how it all works, why modern security systems stop most of these tools and why modern security systems cannot stop the more advanced tools. For a person that much like you is into malware that is where the juice is at for me… not in another HTTP based botnet or a C# based RAT, they’re a dime a dozen.
Hope this helps.