/Packer_Development

Slides & Code snippets for a workshop held @ x33fcon 2024

Primary LanguageCBSD 3-Clause "New" or "Revised" LicenseBSD-3-Clause

Offensive Packer Development

Language - Nim Language - Rust Language - C

This repository was created in conjunction with a Packer Development Workshop held at x33fcon 2024 by S3cur3Th1sSh1t and eversinc33. It contains the Slides of the presentation plus code snippets in different programming languages for offensive Packer Development.



The goal of the workshop is to show participants the concept of packed malware. How does a Packer work technically? Using public toolings without modifications from Github (including this repo's examples ;-)) will nowadays lead to Red Teams or Threat Actors getting caught real quick. To avoid detections, it's therefore needed to build custom tooling and/or to learn about Malware Development in general. Automating the process of taking an input payload, encrypting it, building loader code and compiling that afterward saves a lot of time for operators.

How does a Packer work technically? How to load/execute C# assemblies, PE's or Shellcode from memory on runtime? How to get rid of entropy based detections? Which evasion techniques should be integrated? How about Sandbox evasion and Anti-Debugging techniques or environmental keying? Answers to these questions are included within this repository.

Getting started

You can choose a guideline in one of the following languages to get started building your packer: