https://www2.cs.arizona.edu/~collberg/Teaching/466-566/2012/Handouts/Handout-16.pdf This is the best resource in academia that I have found on #obfuscation via #OpaquePredicates and insertion of #boguscontrolflow Specifically, to describe #ControlFlowFlattening as employed by #Emotet malware, refer to slide 7 as presented by Chenxi Wang of #UniversityOfArizona, which she calls #Chenxification. #cybersecurity #malware #malwaredevelopment #codeobfuscation.

Been enjoying taking the Sektor7 malware development course (not sure if they’re on mastodon).

For those getting into malware analysis and aren’t fans of the “go learn C and build a hello world program” track, this course might pique your interest since it’s deliberately creating malware.

Particularly nice to learn first hand where payloads can get stored, how cryptography actually gets used, and then extrapolate how to detect those things.

This blog is a good read in general, and does a good job explaining some of what one can learn in the course: https://assume-breach.medium.com/home-grown-red-team-lets-make-some-malware-in-c-part-1-dc48fb360658?source=social.tw

#malwareanalysis #malware #malwaredevelopment

Course is here (note I’m not affiliated with Sektor7 and this is not an ad lol) https://institute.sektor7.net/red-team-operator-malware-development-essentials

I've been running around like a crazy person recently but this #golang malware dev presentation needs to join my question above.

"Offensive Golang Bonanza" by @awgh https://youtu.be/oCdaOLmKu6s

Sorry to anyone who isn't as interested in Go as I am. Please feel free to add other presentations because I will definitely watch them.

#malwaredevelopment #hacktheplanet