Malware On Steroids

What To Expect
Training Content
Certification
Prerequisites
System Requirements
Course Fees


Slots Available for this year:

16th February 2026 - 18th February 2026 - 7 AM UK 3 days 6-7 hours per day (Interactive/Online) 2500 US$

What To Expect

The Advanced Malware On Steroids is the first course which is dedicated to building your own C2 Infrastructure and Payload. There are a lot of courses which focus on exploitation, reversing and other offensive stuff, but none of them focus on how you can build your own Command & Control Infra. This course focuses on a brief introduction towards Windows Internals followed by a full hands-on course on building a Command & Control architecture with different types of Initial Access payloads.

During the course, you will learn the core fundamentals of a Malware Lifecycle such as initial access, in-memory evasions, different types of payload injections including but not limited to reflective DLLs, shellcode injection, COFF injections and more. You will learn to build different types of remote access tools running over different protocols which we will later convert to in-memory modules that can be injected to any process. We will also write dropper and stagers in x64 Assembly, C and different LOLbins which will connect back to our CnC to extract the second stage and load it into memory for execution.

The below figure highlights a brief overview on the focus area of the training session.


Training Content

The total course duration are 3 days Online Interactive training sessions over Google Meet. Virtual environments such as Active Directory Lab/C2 access/Domain access will be provided where necessary. A detailed information on the training content can be found below:

---------------------------------------
Day 1: Malware Development Fundamentals
---------------------------------------
- Development Environment Setup
  - Configuring a Windows malware development environment
  - Compilers and assemblers: overview and use cases
  - Optimization strategies, compiler flags, and Makefiles

- Windows Internals
  - Process and Thread Architecture
  - Process and thread lifecycle
  - Thread Environment Block (TEB)
  - Process Environment Block (PEB)
  - Windows loader internals
  - Debugging process internals
  - Process memory analysis and inspection

- System Programming Fundamentals
  - Windows Portable Executable (PE) format
  - Introduction to the Windows API (WinAPI)
  - System and resource enumeration using WinAPI
  - Windows access tokens and security contexts
  - Windows debugging with x64dbg
    - Debug symbols and symbol resolution
    - Debugging x64 Intel assembly
    - CPU registers and register classes
    - Stack frame analysis
      - Normal vs. abnormal stack frames
      - Stack frame manipulation and gadgets
    - Windows x64 calling conventions (fastcall)

- Lateral Movement and Pivoting
  - Designing pivot shells for lateral movement
  - TCP reverse shells
  - TCP bind shells
  - SMB-based reverse shells
    - Anonymous pipes
    - Named pipes

---------------------------------------
Day 2: Process Injection Techniques
---------------------------------------
- Core Injection Techniques
  - Overview of common process injection methods

- Advanced Injection Techniques
  - Local and remote shellcode injection
  - Asynchronous Procedure Call (APC) injection
  - Return-Oriented Programming (ROP) injection

- DLL and PE Injection Internals
  - DLL architecture and loading mechanisms
  - Static v/s dynamic linking
  - Building reflective DLL loaders
  - Building reflective PE (EXE) loaders
  - Writing x64 Windows shellcode

- Evasive Reflective Loaders
  - Designing stealthy reflective loaders
  - DLL load address spoofing
  - Thread start address spoofing

- Evasion Techniques
  - Windows System Calls
    - Direct system calls
    - Indirect system calls
    - Dynamic syscall discovery

---------------------------------------
Day 3: Advanced Evasion Techniques
---------------------------------------
- Evasion Techniques (continued from day 3)
  - Stack inspection and syscall evasion
  - Syscall detection and bypass techniques
  - Evading syscall monitoring using ROP gadgets

- WinAPI Hooking: Detection and Evasion
  - Syscall hooks
  - Process instrumentation callbacks
  - Trampoline hooks
  - Vectored Exception Handling (VEH) hooks
  - Hardware breakpoint hooks using debug registers
  - Reversing user-mode EDR hooks

- Advanced Shellcode Engineering
  - Writing x64 position-independent shellcode
  - PEB traversal for locating system DLLs
  - Extracting shellcode from executables
  - Return address spoofing
  - Thread stack spoofing via ROP gadgets
  - Building a full clean stack with ROP gadgets to execute shellcode

- Automated Stage Zero Command & Control
  - Writing a stage zero PIC implant
  - Writing a stage zero server in Python3
  - Evading ETW for HTTP requests


Certification

Dark Vortex provides Certificate Of Completion for every completed course. This certificate may be verified by contacting paranoidninja@0xdarkvortex.dev using the enrolment ID from the given certificate.


Prerequisites

The course is highly practical in nature and involves a lot of programming in C/C++ and Python3, reverse engineering in windbg/x64dbg. Its important to have a good grasp of the below fundamentals before approaching the course.

  • Basic Understanding of operating system architecture
  • Fundamental knowledge of programming with C/C++/Python3
  • Familiarity with programming concepts (pointers, referenceses, addresses, data structures, threads, processes)
  • Strong will to learn and creative mindset.


System Requirements

During the course, we will be working with different virtual machines which will involve cloning, creating, and snapshots and several other hands-on exercises. A properly configured system is extremely important to fully utilize the benefits of the training session. We strongly request you to have fully configured system which meets the below requirements for the course. All the requirements mentioned below are either freely available or open source.

  • Windows 10 (Virtual Machine)
    • A laptop with atleast 16GB RAM to support 2 VMs running at the same time.
    • VMware/VirtualBox installed
    • Good Internet Connectivity
    • Visual Studio with C/C++/C# packages installed
    • Visual Code/Editor of your choice
    • x64dbg
    • CFF Explorer
    • Sysinternals Tookit
    • Process Hacker
    • MS Office (Trial version is enough)
  • Kali Linux/Ubuntu 20.04 (Virtual Machine)
    • VS Code
    • Mingw-w64
    • Python3
    • Nasm
    • Wireshark

NOTE: Make sure you have a snapshot of each virtual machine before you start the class, just in case you have to revert everything back to stock if your Virtual Machine crashes during the training.


Course Fees

Malware On Steroids | 3 days (Interactive/Online)

At the end of the course, you will receive a Completion of Certificate and all the training materials including course PDFs/slides, content materials, source code for payloads and a python3 C2 built during your training program.

$2500 USD

*Inclusive of taxes and certification


We conduct live training sessions which are conducted remotely and do not contain pre-recorded videos. For enquiries on training programs or other services, reach us at paranoidninja@0xdarkvortex.dev