Red Team Tutorial: Open-source .NET malware development with AV evasion

Disclaimer

An important value that moves cyber security boundaries forward is the magnificent work done by researchers worldwide. Luckily for everyone in this industry, often this work is shared freely and publicly.

One of the research directions, offensive tradecraft, provides possibilities for security engineers and analysts to improve their defensive posture and understand techniques that malicious actors may use against them.

Recently there were fluctuations in Force whether publicly available offensive tools weaponize APT groups and are used maliciously. While this may be True to some extent, and I could share argumentation (for both sides) to provide some personal opinion, this is not the goal of this work.

I’ll just emphasize a few facts:

• if we look at the utilitarian value of shared offensive research in regards to whether it is used ethically or maliciously, there’s no doubt where the prevailing part of distribution resides;
• having access to these techniques, you know the enemy possibilities (almost all techniques released publicly have detailed descriptions of underlying mechanisms or source code available), without these researches, you (mostly) would be blind;
• without these techniques, I personally and the security community available to me directly couldn’t help improve the security posture for a lot of infrastructures…