Hi, I’m a bit of a script kiddie and I dont want to keep relying on tools like msfvenom and that, I want to be able to develop my own rootkits, bitcoin miners, keyloggers and botnets. But i don’t know where to look for help or where to learn about this. If anybody can hold my hand through this or point me in the right direction to where I can go from 0 to 100 hackerman.
And no I’m not a complete noob don’t worry I have a decent amount of experience, just don’t know what language to use or how to even write it.
Start simple and be creative. Any language is okay if you are proficient with it. You could make malware in python if you like. Some languages are better tho, like C/C++, smaller program size, using Windows Api directly without wrappers, etc.
Basic keylogger should be simple. Capture the keystrokes, then try to hide the program somewhere to work in the background, then figure out how to send target’s input to your pc, etc.
You could look for malware source codes online, there are plenty of them, open source.
You could go through malware analysis and learn that way. There are some great books.
If you are interested in rootkits, read “Bootkits and Rootkits” book, 1-2 years old, good read.
The Rootkit Arsenal is also good read.
There are some great guys here, so i’m sure they will help too.
Don’t do anything stupid. Jail is scary, and if you try something, you will be there in a sec. You wont get away with it. Stay safe.
The tools that criminals use look indeed shiny at first for a few reasons:
You can’t have them(Or can you?)
It looks cool to be the bad guy and manage all these bots
You want to do things you’re not allowed too.
Let me first begin by informing you something I wish I knew 3 years ago, you can get all these tools - for free and view their source code on github.
You can just search for malware on github and find anything you need. do that today, start hosting your very own botnet and do what ever you want with it. Go ahead, do it right today and then you’ll find out there is nothing special about owning one of these tools or using them because you’re not a criminal, at best you can install these clients on your virtual machine and play around with them.
This brings me to the next subject, the quest for knowledge and passion. I was also passionate about these tools, and making them is not that hard. There is a pretty much straight forward line to getting this done. Malware just like Software are just programs which you can program. You choose any programming language you want and you just roll with it, when you become content with your programming skills you can dive into looking at these malware source codes and making things yourself.
Although it is not rocket science, the linear line going towards what you want is not easy to master to learn and it will take time. By the time you’ll be ready to make your own tools you probably wont be interested in simple keyloggers and botnets because well they’re just not that special, most of them that is. they are very straight forward to implement. what will become interesting is how the threat actors leverage these tools and use special methods to deploy or create these tools to bypass operating system security.
I would start learning C, why? because its the closest you’ll get to the operating system internals(besides assembly that is) and it will teach you some computer science and system memory concepts and perhaps operating system internals.
You can use this book to learn C and C++ and that should be enough for you to make any of the above tools. Once you have the language you’ll just have to google to search for malware source code and make code yourself. You’ll quickly find that these tools are not that special, and what becomes interesting is, how it all works, why modern security systems stop most of these tools and why modern security systems cannot stop the more advanced tools. For a person that much like you is into malware that is where the juice is at for me… not in another HTTP based botnet or a C# based RAT, they’re a dime a dozen.