Personal Tale and the Road to Malware Development, Resources

Hi long time lurker, I have used this forum quite a lot in the last months so I suppose it makes sense that I post this here, I’m opening this post to share the findings I have made and aslo to share the road so far that I have made down the rabbit hole that is computer science or hacking as some call it.

First I started being serious about this about 4 month ago the classical way I suppose, the skid way, by flashing Kali to a usb key and failing to install it, suceeding and messing around with the scrolling menus to endup in metasploit, sqlmap wifite and all of the rest but that dosen’t really matter it took me quite a while to realize that, anyway at first I was influenced by mrRobot and exepcted to find some secret and with some persistence would end up unlocking the l33t skills that everyone talks about, of course it wasn’t the case it still isn’t, so I watched every videos on youtube I could find about every possible tools under the sun , you know these “hacking” channels that just gather whatver they can find on Github and throw around the words Pentest, Exploit, MemoryInjection and FUD around them, did some “live” “testing” on what I could call was unauthorised bare metal, it didn’t work and every metasploit module I would use would fail and the payloads would get burned by AV, still I didn’t know why but I had enough self doubt to understand that I was doing something wrong so I searched more and somehow ended up here on this two channels :

youtube/channel/UCVakgfsqxUDo2uTmv9MV_cA/videos
youtube/channel/UC5cYIPFXFc5BuRBGV1P0WnA

(Breaking them links Palo/Alto %sEye Style, sorry for placeholder don’t wana invite the devil in Supertisious even in the 5th domain :slightly_smiling_face:)

Which had a playlist on python for hackers and malware dev that led me for the next month to try to and make my own “reverse shell” but it ended in a failure, I didn’t understand what was going on I was able to copy paste and replicate what the “teachers” but not why , what’s an import where do you put it what does parsing mean where do I establish a connection do I use metasploit what the fuck is a stager…

Same problems different names… So I did what any decent skid that respect Herself/Himself would do and
I watched every Defcon and BackHat talk I could find and yet still was not further in my objective… Then came the realisation that I didn’t know the culture in which I wanted to be a part of but more than that I didn’t know why I wanted to be a part of it so searched more and eventually I landed I think were we all end up we we want to get serious… Phrack, I mean if you have a good idea Phrack made an article about it… and it was the one about Stack profit smashing etc… and I understood one thing, I wanted to be a “hacker” but I didn’t know a single thing about what a machine was (I still don’t, tbh now I don’t think anybody does in full really… Maybe Mr.Turing but even that I doubt it) and it led me to this channels:
youtube[/channel/UClcE-kVhqyiHCcjYwcpfj9w
youtube/watch?v=zEuvNYe7WG0
youtube/user/WhatsACreel/videos
youtube/watch?v=K0g-twyhmQ4
youtube/watch?v=7VGKeB32f0Y

Most of them are about assembly, It just clicked and I took a paper and a pen and started follwoing slowly taking notes trying to understand what the fuck was going on, eventually I was able to make a hello in x_86 nasm 32bit, learned the registers by heart finally I was out of the nested loop of which I was stuck in, so immidiately I jumped into trying to solve CTF hackTheBox ect… but I failed again more failure, seems to be a pattern here heh?? Trying to develop exploits but the problem is that I still couldn’t code to save my life so even tho I was back in a goto start situation and forced to use metasploit of which I understood nothing about… but more than that I found exploit and everything exploit related very boring then I found my way to BrianKrebbs website, his article about Mirai and the mirai author, I think that was the turning point
MALWARES : rootkit, bots, trojans, RAT, Bootkit, firmkit, UEFI based backdoor, smm backdoor, worm, botnet, webSkimmer, virus, appenders Finnally I had found my way, my discipline, not Exploit, not Rf, not WebApplication testing, not “red teaming”,but Malwares theses little non-sentient Automatas that roams the system and the net I wanted to learn all about them so I tried, and eventually I wanted to make my own but still I didn’t know how to programm so I decided to learn for real this time, then came the problem of choosing a language, Assembly wasn’t the right choice and then came the classical of “C or C++ is the only choice anything else is useless or won’t be able to do anything blha blah blah” but It quiclky became apparent that making both a server and remote client in C or C++ wasn’t a trivial task for a first program especially for a skid so I kept looking and python was what most others were suggesting and well this isnt /rprogramming hummor or /rprogrammingCircleJerk and I don"t want to talk badly of something I can only use to make print statements but… It sucks I don’t like it, idk dosen’t compile weird env shit not convenient in my humble opinion… So the final choice came Bewteen C#, Rust or Go, Rust didn’t look too welcoming for a firstimer and C# well, .NET isn’t a trivial thing to understand or use “crossPlatformy” so I guess Go won, the fact that it was Garbage collected helped even tho I didn’t know what it was back then, and I started looking at source code:

github/SaturnsVoid/GoBot2/tree/master/components
github/Ne0nd0g/merlin/blob/1b0ce52d71da62da21cc8f90b97191308e6fe7a9/pkg/agent/exec_windows.go

espescially the works of SaturnsVoid and NeonDog on their respective C2/Malwares but still I knew nothing of concurency, web request, sycalls ect…, so I understood somehow that the awnser was not in defcon Talks or “HACKING FUD TUTORIALS” the awnser was in classical programming learning, and thus I took freeCourses here
]freecodecamp/news/free-online-programming-cs-courses/
[youtube/user/toddmcleod/videos
youtube/channel/UC_BzFbxG2za3bp5NRRRXJSw/videos
chai2010/advanced-go-programming-book/ch2-cgo/ch2-08-class.html
github[./GoBootcamp

and a lot of other Places, also downloaded the Go Programming Language official book and red it religiously, still do to this day, people say golang is a simple language, maybe this is true to print a few things but it becomes quite a challenge to master and understands as soon as you want to do more than that, anyway I had it finally a working Poc of a client that would connect to my server and ask for a command, execute it and send output, I was happy, then I made a cli with an autocomplete prompt straight out of /rUnixporn, discovered the joys of StackOverFlow crtlC crtlV, of discovering new libraries on github and importing them straight up to use their functions, got better at error handling, made it concurrent so It could accept multpile connections, fixed my prompt, because arrays kept running out of bounds and empty input wasn’t delt with, fixed bugs here and there, took me about a month and half, would wake up in the middle of the night to add features (Mostly powershell stuff and yes Ik it’s outdated) woudl spend 24/7 doing it and I was loving it I would read Unit42 write ups on what other people did and how they fell, TheEye for techinques, MITRE for details, and sooner than I toughts I was in it a so called VxAuthor, MalDev and all of that cool shit that I was aspiring to be for still an unkown reason, but then realty came back and it was time to increment the failure++ counter yet again, because the learning curve
got really steep when I saw a specific feature on a cobalt Strike demo vid that is called “execute-assembly” and try to implement it, I know now how naive that was but still I tried, what followed was a month of daily failures, because still I knew nothing of the world of MEMORY INJECTIONS… which in a way is a super misleading name, what followed was a discovery of the DLL/PE format, shellcode, Common Language Runtime and a lot of Microsof.docs to understand what the API is, eventually got it working by taking
github[.]/lesnuages/go-execute-assembly/blob/master/assembly/assembly_windows.go

that library and modifying it a slight and could from any url download an assembly and run it from memory, was very unreliable and works 1 times out of 5 but still got very happy when I saw that kwi(SafetyKatz from the GhostPack) print back to my C2 cli, anyway, I’m still in that stage of understanding Syscalls and how to make them properly, converting C/C++ data type/struct to golang seems to be a trial and error process for me,I am stuck at making my on the fly DONUT(Thank you the Wover, Alan turing and Stephen few I guess) generated shellcode not making process crash when calling createRemoteThread, I read

phrack[.]/issues/7/3[.]html

and
[.]ddosecrets[.]com/file/Sherwood/HackBack_EN.txt
and found it interesting but still I disagree but not the place here

anyway but now I have a goal, that goal is to make Libray of Malware from userland to Rootkits, to FirmKit and maybe a Hypervisor hook (it’s probably going to take me years, ready when ready) if I can in a multiple of langauge for a multiple of Platforms/OS and a C2 that has all of cobalt STrike functionalities and more and make it open source(Even got A gui libray to make look the same :slight_smile: ) , I’m not interested in money or some form of recognition ( this guy said it best https[:]//www.youtube[.]com/watch?v=gKUleWyfut0 )
this why I didn’t choose a “hacker” nickname or named my Program or C2, it’s just a client and server as far as I am concerned, weird that DataPirates can’t help to sign their work and name themselves for all to fingerprint them, but maybe I am a true Paranoiac after all, but again even the paranoiacs have real enemies…
Anyway I will links all the ressouces that I have used to get here, I think that I am still skid but I don’t mind being a child of the script we alll are I think, I just understand Abstratcion a little bit more than 6 months ago, and after all isn’t that what the machine is all about a land of abstraction, in a way a rabbit hole which only ends at the frontier of our own existence…

ressources : (Only two links allowed heh)
https://pastebin.com/FwkajgSx

There is more but I got tired of copy pasting after A while, anway on Net if take the right URI you will find what you are looking for.

PS: I won’t reply here and I am leaving this out here for someone to read it may get lost and never looked at but that doesen’t matter anyway I guess this is more me talking to a rubber duck than anything else )

10 Likes

Wouldn’t kill you to put a dot in the end of your sentences :sweat_smile:

I relate to this a lot, I’d recommend reading practical malware analysis and trying to read up on some malware source codes that sure opened my eyes.

Good luck brother

4 Likes

This was beautiful! If this is your last article, the world is missing out.

Your writing could definitely use some work but the way you conversationally just basically imported your entire learning journey into my brain was amazing :stuck_out_tongue:

I relate to you a lot, where you’re at, the path you took. Failure is a core part of being a hacker, it’s about failing again and again and again and trying new things and consistently adapt and then learning as a result, it’s the whole hacker philosophy around just “trying stuff till it works”, even if that requires years of time and grit to research and learn and better yourself.

Epic article dude, I really hope you hang around here and come say Hi on the Discord! You have huge potential, keep grinding!

3 Likes

Yes, come join the Discord to discuss some more advanced techniques.

3 Likes

Nice if think coding is hard you should try writing a metamorphic encoder.
That said programming should move to a visual design process and code
be dynamically generated. That way just design and fun, and hopefully secure
dynamically generated code. Good luck bro

I would offer you to look up Douglas Berdeaux’s life story through Raiding the Wireless Empire as his personal “fictitious” life account of the events that eventually landed him right into hacking several companies while dealing with severe depression and life events. It’s a perfect example of what life brings and what some people do when life happens. Of course the aftermath is that he’s a very successful information security whatever.

Might inspire you, who knows.