arrow-right-down binary-offensive.com


Home Software Trainings Subscribe Blog Contact


  1. » Want to practice many Initial Access vectors and see which still work?
  2. » In need to write your own Red Team malware and you're seeking for hints on coding it safely?
  3. » Interested in delving into Containers, MOTW bypasses and advanced Office weaponization strategies?

Then this Training might be just for you!

Overview

This intermediate level, 3-days long course dives deep into Modern Initial Access and Evasion tactics, that were found effective on numerous engagements delivered in tightly monitored environments. Author will share his insights regarding strategies that made his malware acomplish engagement objectives, side by side with agressively configured AVs & EDRs.

Designing modern Red Team malware carriers smuggled in scripts, executables and HTML websites are only some of the areas the course focuses on. We will explore numerous technical concepts, file formats, craft advanced malicious Office documents, shellcode loaders, smuggling payloads and other infected scripts that will help us breach target systems effectively.

By applying modern AV & EDR evasion techniques into custom crafted Red Team weaponry, capable teams will be equipped with knowledge to succeed during adversary simulations even in the rapidly changing threat surface landscape.

This course focuses just on that - telling effective techniques apart from ones that doesn't work any longer.
1

Course Content

Day 1 - Initial Access vectors

  1. » Modern Cyberdefence Stack
  2. » Initial Access and Evasion Tactics
  3. » Phishing aspects
  4. » Classic file infection vectors
    1. » Windows Script Host files: VBS/VBE, JS/JSE, HTA, WSF
    2. » Executables
    3. » Maldocs
    4. » LNKs, Polyglot LNKs
    5. » CHM
  5. » MSI Shenanigans
    1. » MSI weaponization strategies
    2. » Backdooring MSIs
    3. » MSIX, APPX
  6. » Arcanes of HTML & SVG Smuggling
  7. » Hosting Red Team payloads - Cloud Angle
1

Day 2 - Containers, MOTW & Maldocs

  1. » VBA Macros in 2023
  2. » Containerized Malware & MOTW Bypasses
  3. » A guide through VBA infection strategies
  4. » Various means to execute implants in VBA - .NET Reflection, XSL Deserialization, XLAM Droppers, and more
  5. » "Lures" – how to entice user into enabling macros
  6. » Hiding Payloads in Office structures
  7. » Alternative Macro autorun techniques
  8. » Exotic VBA carriers
  9. » VBA Stream manipulation: VBA Purging, Stomping, VBAProject.bin trickery
  10. » Evasion Tactics
    1. » Sandbox Evasion
    2. » Office Trusted Paths + AMSI
    3. » Code obfuscation
    4. » File Encryption
    5. » Defender ASR rules & bypasses
1

Day 3 - Executables & Shellcode Loaders

  1. » Protectors, Obfuscators
  2. » PE Backdooring
  3. » Implant Watermarking
  4. » Meet Shellcode Loader
  5. » Hiding shellcodes in PE sections, overlay, resources
  6. » Various executable formats
  7. » Basic Evasions
    1. » Strings obfuscation
    2. » Entropy, File Bloating, Pumping
    3. » Time-Delayed Execution, Beating Emulators
    4. » Controlled Decryption
    5. » Fooling ImpHash
    6. » AMSI, ETW - get off my lawn
    7. » Attacking EDR's design
  8. » Calling WinAPI Safely
    1. » EDR is Hooking, API Address Resolution
    2. » Modules Refreshing
    3. » Direct Syscalls
    4. » Indirect Direct Syscalls
    5. » Asynchronous execution - FOLIAGE style
  9. » Call Stack Obfuscation
    1. » Problem Analysis
    2. » Return Address overwrite
    3. » Spoofing
  10. » Other exotic evasions
    1. » Evading Kernel Module Load callbacks
    2. » Queing LoadLibrary
    3. » Others...

Get Certified!

Prove your Initial Access skills by snatching unique certificate!
1

Target Audience

This training is designed to supply with practical knowledge variety of IT specialists, including:


  1. » Penetration Testers
  2. » Red Team operators, Purple Team members
  3. » SOC analysts, Threat Hunters, Detection Engineers
  4. » Security Professionals
  5. » IT Support, administrative and network personnel

About Author

1
1
Mariusz is an active security researcher, pentester and red team operator currently involved in advanced adversary simulations for an international Bank.

With the 8+ years long experience gained as a malware analyst and AV engine developer, penetration tester who performed tens of assessments of egzotic networks and systems and finally as a red team operator - he now teaches, helps analyze and devises new Threat Tactics, Techniques and Procedures (TTPs).

He is best known for his researches on malware development and frequent releases of offensive tools that help red teams bolster their game against cybersecurity criminals. Most of his work is published on github.com/mgeeky .

Passionately provides his Partners unique advisory, learning and detection opportunities by sharing security expertise ranging from applications, through corporate infrastructures, domain environments, clouds - ending on Windows low-level. Over the years, he has acquired a number of certifications.

Training Dates

Here are the next dates planned:

Venue Training Title Dates Days Seats Taken Confirmed? * Sign Up
x33fcon Gdynia Modern Red Team Malware Development Strategies Jun 18 - Jun 20 3 100 Yes
x33fcon Online Modern Red Team Malware Development Strategies Nov 30 - Dec 02 3 100 Yes
Online Modern Initial Access and Evasion Tactics Feb 01 - Feb 03 3 100 Yes
Online Modern Initial Access and Evasion Tactics Feb 22 - Feb 24 3 100 Yes
Online Modern Initial Access and Evasion Tactics Apr 26 - Apr 28 3 100 % Yes FULL
* Training is considered confirmed when there's at least 40% seats taken.


Pricing

Prices are for 3 days Online training organised by myself. To check the current training price, click on the Sign Up button.
For a private offer, contact me.

Type Price
Early-Bird - First Two weeks after announcing training slot 1500 EUR
Regular 1700 EUR
Last Minute - last two weeks before training's start date 2000 EUR


By registering for the Training, you give your consent to all of the registration terms and conditions

Stay up to date with Binary-Offensive newsletter


Want to stay informed on my future training sessions, software releases, blog posts and other Red Team related goodies?

Consider signing up to the newsletter. I promise not to send more than 1-2 emails per month.

Whenever you wish to unsubscribe, there'll be unsubscribe-me link attached to each message sent, so don't worry about changing your mind.


Didn't receive any email from me? Try checking in Spam & whitelisting binary-offensive.com domain.
Some mail servers (like Office365) consider my domain as suspicious.
That's what I get for publishing open source offensive tooling ¯\_(ツ)_/¯

What others
think about my trainings?



Posted on LinkedIn

Posted on LinkedIn

Posted on LinkedIn

Posted on LinkedIn

Posted on LinkedIn

Posted on LinkedIn

Posted on LinkedIn
Image

Ivan Da Silva @humble_desser
Mariusz Banach is a red team operator and former malware analyst that has poured his heart and knowledge into his Malware Development training.
I was lucky enough to take his training and I was impressed with his research and knowledge of the subject(s).
I would recommend this training to anyone interest into getting familiar with malware development.

Also mentioned on LinkedIn

Image

Jakub Dzieciątko @aol1306
Mariusz created the best training on malware development I have ever attended and has great teaching skills. He's clearly an expert on the topic and he enjoys sharing his own research. I'm going to recommend his work to anyone interested in red teaming. The things I liked the most about it:
- the amount of useful content
- the materials created in a way I can easily use them later
- inspiring methods of tool creation
- good organization - infection divided into stages, each stage well explained and multiple techniques presented
- going together with the exercises so I could see how you work
- presenting methods to find our own evasion etc techniques

Image

Olivier Lamotte @olamotte33
Throughout the fast-paced training Mariusz took the time to engage with students to make sure every topic became clear. Mariusz's contributions to the offensive security community are always mindful of the impact on the defensive side, which is too rare these days. Thank you for a great training with a ton of actionable content.

Today was the last day of @mariuszbit's training. I can honestly recommend it to anyone, who is interested in Red Teaming. Content is great and I can't wait to deploy some novel initial access techniques. Wanna decrease detection rate of your implants? Then,this is a no-brainer👍

— Jan Kopecky (@rnmx123) October 21, 2022
Image

anonymized @anonymized
Hey guys, I can confirm that me and other guys from our team had a training from Mariusz last week. The framework looks pretty l33t, but I still haven't explored most of it... it is actually pretty big 😄 so, I'm still discovering all the possibilities. The training was amazing and as far as initial access and all kind of tactics to keep your malware undetected are concerned, it was even better than [CUT] or [CUT] 👍🏻

Contact

If you have any questions, concerns or doubts about the training, session dates available or you're interested in arranging a private session tailored specifically to your Team's needs and calendar - let me know!

I'm always open for a collaboration and brainstorming.

  1. » Mail me on mb[at]binary-offensive.com


  • Mail me
  • Reach me out on LinkedIn
  • Follow me on Twitter
  • Check out my Github


Copyright © 2022 binary-offensive.com | designed by www.ombre.tech