Book review || Malware development for ethical hackers
It took a while before I posted something on my blog again. This was partly because after obtaining OSWA, I fully committed myself to OSEP in addition to my work and a holiday was planned. Currently I am having fun with the OSEP course from Offensive Security. The course covers topics such as social engineering with Office, Active Directory exploitation, advanced Windows and Linux exploitation, including antivirus (AV) bypassing with custom created malware. Developing custom malware is mostly done with C# in the OSEP course. Some topics are well explained in developing malware for OSEP and other things are missing just that little bit, which leaves you with some questions. You are then expected to do research and delve deeper into the subject.
This brought me to the book ‘Malware development for ethical hackers’ by Zhassulan Zhussupov. The book had only just been published. Personally, I often like a hard copy of the book to read or to make some notes in it. Buying the book via Packt itself with the additional costs for shipping I find very expensive. Fortunately I had found an alternative that was cheaper. The best option for me was buying this book on amazon.de. If you purchased the book elsewhere and have an invoice for it, you can show it to Pack and receive a digital version. I received the book in a few days and that is why I decided to take the book with me during my vacation. Almost every evening I sat at the dining table at my vacation address with a notebook and the study book ‘Malware development for ethical hackers’. Now you are probably wondering why I did that every evening during my vacation. Well that’s pretty easy to answer, I like to learn new things. And in the evening I have some time for myself to learn new things that I can use later (for example during the OSEP course or in my work).
My experience with the book
The book is written for ethical hackers who are (just) starting to develop their own malware. The book takes you step by step and explains the basics of writing malware well. It mainly uses a message box that shows a Meow
message. Just a simple message box is not shocking as malware of course, but it is more about the concept of how malware should be developed. In a number of examples a reverse shell is used as an example. Various techniques are explained such as process hollowing, DLL injection, an introduction to antivirus bypassing and bypassing techniques such as detecting debuggers. But also techniques for privilege escalation and various encryptions.
In contrast to the malware developed during the OSEP course (in c#), you will as a reader get introduced in developing malware in C. Although I have not developed with C before, it is quite readable with some experience. Developing malware without resources can then be quite a challenge in C, so I’m happy that examples are well explained. In some cases, a reference is made to a source code on Github of Packt. Each chapter is shared with example codes here. You can download and use these freely. However, I recommend that you try to write the code yourself. You may encounter typos that you then have to solve. This can be an educational process so that you learn to recognize and solve errors more easily.
Sometimes I was annoyed that was reffered to a piece of code on Github. This was mainly because I only had the book with me and no computer to look up the code on the internet. It makes sense that a piece of code on Github is referred to regularly, especially if there are many lines of code. In my opinion, The Book is written in a good order, with some code snippets as examples or to clarify some parts. The book is divided into 4 parts:
- Part 1: Malware Behavior: Injection, Persistence, and Privilege Escalation Techniques
- Part 2: Evasion Techniques
- Part 3: Math and Cryptography in Malware
- Part 4: Real-World Malware Examples
A number of people have asked me if I think the book is worth buying. For ethical hackers who are just starting to develop malware, this is certainly a good introduction and reference. If you already have experience with developing malware, this is not the right book for you. However, I do want to tell you that if you buy the first book, support Zhassulan Zhussupov and his daughter (Munira Zhassulankyzy) as well. In the end, I can say that I am glad I bought this book and can use it as a reference.
My experience with Zhassulan Zhussupov
As soon as I received the book I posted a message on Twitter that I would have some fun with the book. Soon I got in touch with Zhassulan Zhussupov via Twitter. A friendly meeting in which he offered me to definitely contact him if I had any questions. This happened faster than I thought. In the first chapter I ran into some things while compiling the code. He explained a few things and also referred me to his website. I experienced the contact with him very helpful and friendly. In one of the conversations he told me that he is working on a second book. Curious as I am about this book, I hope that it is a good book that I can have it as a reference at home later.