(5 months ago)Sauron Wrote: ![[Image: Screenshot-from-2025-09-18-16-24-40.png]](https://i.postimg.cc/BQWN9RqD/Screenshot-from-2025-09-18-16-24-40.png)
Course OverviewSEC670 equips cybersecurity professionals to engineer purpose-built offensive tools for Windows environments. The industry faces a critical talent deficit in this specialized domain, as traditional academic institutions fail to address the nuanced requirements for modern tool development. Students engage in intensive hands-on lab experiences, creating custom-compiled programs that navigate contemporary defenses. Hands-on exercises introduce techniques employed by sophisticated threat actors, strengthening students’ expertise in leveraging Windows APIs, process injection, and persistence mechanisms. Through strategic application of C++ programming, analysts develop the capacity to craft tailored implants, manipulate shellcode, and establish covert command channels—skills that fundamentally elevate organizational security posture.
Weaponized Windows Development: Advanced Red Team ArsenalThe vital skillset to develop custom-compiled tools for Windows is not being taught by universities or other academic organizations and, as a result, the cybersecurity industry has a severe skills deficit, limiting the overall capability of red team operations. Defense contractors and industries looking to hire Windows tools developers are facing a severe shortage of talent and are unable to further hone their defenses.
SEC670: Red Team Operations - Developing Custom Tools for Windows is the first course of its kind, giving students hands-on lab experience creating custom-compiled programs specifically for Windows using the C/C++ programming languages. Students will learn the internal workings of existing offensive tools that offer capabilities such as privilege escalation, persistence, and collection by creating their own tools using Windows APIs. Windows defenses have become more robust, and cloud-connected AV solutions are making it more challenging to operate under the radar. In response, this course introduces students to techniques that real nation-state malware authors are currently implementing in their implants.
The course starts with an introduction to developing Windows Computer Network Operations (CNO) tools. We will explore current offensive and defensive tools like Moneta and PE-Sieve that are designed to detect malicious actions. Students will then quickly ramp up to create their first compiled program. Students will move through the course learning how to obtain target information, what operational actions (such as injection and privilege escalation) can be carried out using this information, and how to take advantage and maintain system access through persistence. They will also learn how to take shellcode, encrypted or otherwise, and execute it in a process using the C programming language and leveraging compiler tricks. Finally, they will learn how to evade AV solutions by bypassing their function-hooking engine, patching key functions like AmsiScanBuffer and code caves. Additionally, students will make their own custom loader, a feature that will get implemented into their final implant. For the finishing touches, students will leverage HTTP libraries to learn how to beacon out to a custom Python C2 server for proper command and control.
SEC670 culminates with an immersive Capture-the-Flag event that will challenge students like no other event ever has. Students must leverage the tools and capabilities they have built during the week to solve complex challenges like getting information from a remote process memory. By the end of the course, students will have built a lightweight Windows implant that can enumerate the Windows Registry, files, folders, network connections, users, and processes; bypass UAC and AV products; escalate privileges; persist across reboots; inject into other processes; and hide from users and other tools.
Author Statement"Penetration testers, red team operators (RTO), exploit developers, and those in the Intel Community (IC) have all used amazing tools and frameworks to get their jobs done. These amazing tools have one thing in common: they were developed by an effective team or by one dedicated individual. The developers are the enablers of operations, and without them we would not be where we are today. Creating offensive tools is a broad task and can have many areas of focus. One particularly important area is building implants or agents that are dropped on a victim computer to establish that shell with an operator. This course will focus on building implants for Windows targets using the C/C++ programming languages. The course is heavy on labs and hands-on development, giving you ample time to fully grasp how Windows does things differently than other operating systems. By the end of the week, you should have a fully functioning Windows implant that you can continue to tweak well beyond the course."
- Jonathan Reiter
What You'll Learn- Craft stealthy custom offensive tools for Windows
- Implement advanced capabilities leveraging Win32 APIs
- Leverage Visual Studio project settings to generate shellcode
- Understand EDR user mode hooks and various techniques to restore them
- Customize communication protocols to be compatible with several C2 frameworks
Business Takeaways- Enhance defense validation through custom tool development
- Reduce security blind spots via custom tools tailored to your organizational needs
- Identify evasion techniques exploited by sophisticated actors
- Strengthen security team capabilities against advanced threats
- Support detection engineering with adversary tradecraft insights
- Validate security controls with authentic attack techniques
- Bridge the technical skills gap in offensive security teams
Amazing thank you !
[font][font]谢谢? [/font][/font]
(5 months ago)Sauron Wrote:
Course OverviewSEC670 equips cybersecurity professionals to engineer purpose-built offensive tools for Windows environments. The industry faces a critical talent deficit in this specialized domain, as traditional academic institutions fail to address the nuanced requirements for modern tool development. Students engage in intensive hands-on lab experiences, creating custom-compiled programs that navigate contemporary defenses. Hands-on exercises introduce techniques employed by sophisticated threat actors, strengthening students’ expertise in leveraging Windows APIs, process injection, and persistence mechanisms. Through strategic application of C++ programming, analysts develop the capacity to craft tailored implants, manipulate shellcode, and establish covert command channels—skills that fundamentally elevate organizational security posture.
Weaponized Windows Development: Advanced Red Team ArsenalThe vital skillset to develop custom-compiled tools for Windows is not being taught by universities or other academic organizations and, as a result, the cybersecurity industry has a severe skills deficit, limiting the overall capability of red team operations. Defense contractors and industries looking to hire Windows tools developers are facing a severe shortage of talent and are unable to further hone their defenses.
SEC670: Red Team Operations - Developing Custom Tools for Windows is the first course of its kind, giving students hands-on lab experience creating custom-compiled programs specifically for Windows using the C/C++ programming languages. Students will learn the internal workings of existing offensive tools that offer capabilities such as privilege escalation, persistence, and collection by creating their own tools using Windows APIs. Windows defenses have become more robust, and cloud-connected AV solutions are making it more challenging to operate under the radar. In response, this course introduces students to techniques that real nation-state malware authors are currently implementing in their implants.
The course starts with an introduction to developing Windows Computer Network Operations (CNO) tools. We will explore current offensive and defensive tools like Moneta and PE-Sieve that are designed to detect malicious actions. Students will then quickly ramp up to create their first compiled program. Students will move through the course learning how to obtain target information, what operational actions (such as injection and privilege escalation) can be carried out using this information, and how to take advantage and maintain system access through persistence. They will also learn how to take shellcode, encrypted or otherwise, and execute it in a process using the C programming language and leveraging compiler tricks. Finally, they will learn how to evade AV solutions by bypassing their function-hooking engine, patching key functions like AmsiScanBuffer and code caves. Additionally, students will make their own custom loader, a feature that will get implemented into their final implant. For the finishing touches, students will leverage HTTP libraries to learn how to beacon out to a custom Python C2 server for proper command and control.
SEC670 culminates with an immersive Capture-the-Flag event that will challenge students like no other event ever has. Students must leverage the tools and capabilities they have built during the week to solve complex challenges like getting information from a remote process memory. By the end of the course, students will have built a lightweight Windows implant that can enumerate the Windows Registry, files, folders, network connections, users, and processes; bypass UAC and AV products; escalate privileges; persist across reboots; inject into other processes; and hide from users and other tools.
Author Statement"Penetration testers, red team operators (RTO), exploit developers, and those in the Intel Community (IC) have all used amazing tools and frameworks to get their jobs done. These amazing tools have one thing in common: they were developed by an effective team or by one dedicated individual. The developers are the enablers of operations, and without them we would not be where we are today. Creating offensive tools is a broad task and can have many areas of focus. One particularly important area is building implants or agents that are dropped on a victim computer to establish that shell with an operator. This course will focus on building implants for Windows targets using the C/C++ programming languages. The course is heavy on labs and hands-on development, giving you ample time to fully grasp how Windows does things differently than other operating systems. By the end of the week, you should have a fully functioning Windows implant that you can continue to tweak well beyond the course."
- Jonathan Reiter
What You'll Learn- Craft stealthy custom offensive tools for Windows
- Implement advanced capabilities leveraging Win32 APIs
- Leverage Visual Studio project settings to generate shellcode
- Understand EDR user mode hooks and various techniques to restore them
- Customize communication protocols to be compatible with several C2 frameworks
Business Takeaways- Enhance defense validation through custom tool development
- Reduce security blind spots via custom tools tailored to your organizational needs
- Identify evasion techniques exploited by sophisticated actors
- Strengthen security team capabilities against advanced threats
- Support detection engineering with adversary tradecraft insights
- Validate security controls with authentic attack techniques
- Bridge the technical skills gap in offensive security teams
|
