Skip to main content

My personal thoughts about Maldev Academy Course

·3 mins
OffensiveSecurity Maldev ReverseEng debugger
Table of Contents

I haven’t written on my blog for a while, but it has been for a good cause balancing my regular work and focusing on the Malware Development course.

I signed up for MalDev Academy in July, but I only started studying the course after passing my OSED certification in August 2024.

I have been interested in how malware works since I was introduced to a hacking book in high school in 2003, but back then, things were not as evolved as they are today.

I remember malicious code using bind connections due to the lack of firewalls or simply using compression techniques like UPX to bypass antivirus solutions. As the years went by, security improved, and techniques to bypass security solutions became more complex.

After completing the OSEP certification by the way, it’s a really good course for learning evasion techniques you will gain knowledge of injection methods like Process and DLL Injection, Reflection via PowerShell, and obfuscation techniques using C#.

However, if you want to take your evasion skills to the next level, I can confidently say that completing all 91 modules of this course has significantly expanded my knowledge. It taught me concepts that are crucial when developing evasive droppers. The course not only improves your knowledge of C but also introduces more complex techniques for creating custom droppers.

I learned how to place payloads in different sections of a Microsoft PE file, discovered advanced injection techniques such as Thread Hijacking and APC Injection, and explored IAT Camouflage, String Obfuscation, and the impact of binary entropy on malware detection. I also learned how to sign binaries to increase stealth, how hooks work (userland hooks and unhooking techniques), and methods to bypass EDR, like NTDLL unhooking.

I had no idea before about how EDR hooks into your process to hijack functions and inspect their arguments. I also learned about Direct and Indirect Syscalls, which are techniques used by malware authors to bypass EDR. In the future, I might write a blog post about this to help others understand.

I am very grateful for this course and highly recommend it to others. I’ve learned a lot, and I will continue to learn as I dive deeper, especially into rootkits. I already have three books on rootkits that I bought a while ago. Although they’re older, I believe they’re some of the best resources available, and the most important thing is understanding the concepts.

What’s Next? #

I plan to take the EXP-401 (OSEE) course within the next three years. During this period, I want to focus more on reverse engineering malware and malware development to enhance my reverse engineering skills and deepen my understanding of Windows Internals.

Currently, I’m signed up for the IMBT (Introduction to Malware Binary Triage) course and the Zero2Automate course. My plan is to focus on IMBT first, and after completing it, move on to Zero2Automate. As you can see, I’ll be busy, especially since the only time I have to learn is at night and even then, not every night is available! 😄