BEGIN:VCALENDAR PRODID:-//vBulletin 6//EN VERSION:2.0 CALSCALE:GREGORIAN BEGIN:VEVENT UID:65f8bc81-dfc9-44d5-bd46-99f42af55bfb DTSTAMP:20260529T162046Z SUMMARY:Yoann DEQUEKER - Malware development on secured environment - Write \, adapt\, overcome DESCRIPTION:Title: Yoann DEQUEKER - Malware development on secured environm ent - Write\, adapt\, overcome\n\nScheduled Date and Time (Pacific Standar d): Friday\, August 11\, 2023\, at 1400 PDT\n\nEventBrite Link: https://ww w.eventbrite.com/e/yoann-dequeker-malware-development-on-secured-environme nt-tickets-668374595407?aff=oddtdtcreator\n\nMax Class Size: 35\n\n\n\n\nA bstract:\n\nThis workshop will give an initiation to offensive malware dev elopment in C/C++ and how it is possible to adapt the approach depending o n the security solution that must be tackled down. Different methods such as ModuleStomping\, DLL Injection\, Threadless Injection and Hardware Brea kpoint for dehooking will be seen.\n\nThe idea is to start with a basic ma lware performing process injection and apply additional techniques to star t evading EDR. At each step\, some analysis on the malware will be perform ed to understand the differences at the system level and the IOC detected by the EDR.\n\nAt the end of this workshop\, you will have all the knowled ge needed to develop your own malware and adapt it to the targeted environ ment to escape from the basic pattern and spawn your beacons as if EDR did n't exist.\n\n\n\n\nSkill Level: Intermediate\n\nPrerequisites for student s: Some basic C/C++ knowledge and an entry level skills on Windows OS.\n\n \n\n\nMaterials or Equipment students will need to bring to participate: A Computer with VisualStudio Community or an equivalent compiler\, WinDBG a nd a Windows System (Virtual machine might be better)\n\n\n\n\nBio:\n\nYoa nn Dequeker is a red team operator at Wavestone for 4 years entitled with OSCP certification and several HTB RedTeam Prolabs. Aside from his differe nt RedTeam operations against CAC40 companies leading him to develop sever al custom malware to evade EDR to ease C2 beacon deployment or phishing ca mpaigns\, he speaks at conferences such as LeHack as a Malware Development speaker and is actively sharing his knowledge on social media under the O tterHacker pseudonym.\n\nBeside his contribution to opensource project suc h as the implementation of TDO secret extraction on Impacket\, he spends t ime playing with several EDR to understand the pros and cons of the differ ent malware development techniques in order to craft and use the payload t he most adapted to the targeted environment.\n​ URL:https://forum.defcon.org/node/246036 DTSTART:20230811T220000Z DTEND:20230812T020001Z LOCATION:Las Vegas\, NV\, DEF CON 31 END:VEVENT END:VCALENDAR