Getting Started with Windows Implant Development

This talk will cover the basics of building custom Windows malware, from constructing your environment to achieving code execution. Unfortunately, content around the Windows API is often relatively inaccessible to those new to the industry. Security talks in this area are often directed towards experienced practitioners rather that novices. The intent of this talk is to demonstrate that, with a little bit of C and some Windows API documentation, you can do some real damage. Specific techniques covered will include AppCertDLLs (T1546.009), droppers, and Process Injection (T1055.002). This talk will also attempt to present custom malware development as a software engineering process that has very real challenges and real costs to adversaries. The target audience is one that is familiar with C, memory management, and concepts typically taught in an Operating Systems course.