DEF CON Forum Site Header Art


No announcement yet.

Mauricio Velazco, Olaf Hartong - The Purple Malware Development Approach

  • Filter
  • Time
  • Show
Clear All
new posts

  • Mauricio Velazco, Olaf Hartong - The Purple Malware Development Approach


    Thursday from 0900 to 1300
    EventBrite Link:

    This workshop merges offensive and defensive lab exercises to provide attendees hands-on experience on custom malware development as well as live malware analysis and response. The workshop has a total of 5 hands-on exercises and each contains a Red and a Blue section. In the Red section attendees write custom payloads using C# and C++ with different techniques to obtain a reverse shell on a Windows victim endpoint. In the Blue section attendees investigate the infection by reviewing events and logs using open source static and dynamic malware analysis tools like CFFExplorer, Pe-Studio, dnSpy, Process Explorer, Process Monitor, Sysmon, Frida, Velociraptor, etc..

    Skill Level: Beginner to Intermediate
    Materials Needed:
    Laptop with virtualization software.
    A Windows virtual machine.
    A Kali Linux Virtual Machine.

    Mauricio Velazco (@mvelazco) is a Principal Threat Research Engineer at Splunk. Prior to Splunk, he led the Threat Management team at a Fortune 500 organization. Mauricio has presented and hosted workshops at conferences like Defcon, BlackHat, Derbycon, BSides and SANS. His main areas of focus include detection engineering, threat hunting and adversary simulation.

    Olaf Hartong is a Defensive Specialist and security researcher at FalconForce. He specializes in understanding the attacker tradecraft and thereby improving detection. He has a varied background in blue and purple team operations, network engineering, and security transformation projects.
    Olaf has presented at many industry conferences including WWHF, Black Hat, DEF CON, DerbyCon, Splunk .conf, FIRST, MITRE ATT&CKcon, and various other conferences. Olaf is the author of various tools including ThreatHunting for Splunk, ATTACKdatamap and Sysmon-modular.


    Max Class Size: 30
    Last edited by number6; July 4, 2022, 15:59.

  • #2
    Trying to make sure I'm adequately prepared for this workshop. Would you recommend brushing up on C++ or C#? Is one used more than the other for this workshop?


    • number6
      number6 commented
      Editing a comment
      If you get no response from the people leading this workshop on the forums, try reaching out to them on twitter.

  • #3
    Hello Snipeyx. A high level overview of both languages would help. However, you will still be able to follow the exercises as a beginner in these languages. We will use both for each lab.

    The most important task to prepare for the workshop is the set up your environment. You will receive a link with details in the next couple of days.

    Looking forward to it !