Teams is for C2: Building & Reversing a Backdoor
06-28, 16:00–17:30 (America/Los_Angeles), Volleyball Court - NightMrkt After Dark

Want to get started in malware analysis or development? Never compiled code or read assembly language before? No problem! This workshop will have you building 32-bit and 64-bit DLLs from scratch, understanding Windows API calls and some basics of assembly language.


In this workshop, we’ll give you a Virtual Machine (you just need a laptop with a 64-bit Intel or AMD CPU, and VMWare player or Workstation/Fusion installed). We will write a very simple DLL from scratch and compile it in Visual Studio, then reverse engineer it in IDA free and x64dbg. Then you will get source code and a builder for a full featured backdoor that uses Teams to send commands and receive results (working demo only if we have Internet connectivity) and we’ll start reverse engineering that to show how to get started. You can take these home to continue learning.

I love Detection Engineering and Threat Hunting (DEaTH!)
I’m one of the co-organizers for DEATHCon, and an analyst with The DFIR Report.