
Zhassulan Zhussupov
Malware Researcher, Threat Hunter, Buttefly Effect Team
Istanbul, Turkey
Actions
cybersecurity enthusiast, author, speaker and mathematician. Author of popular books:
MD MZ Malware Development Book (2022, 2024)
MALWILD: Malware in the Wild Book (2023)
Malware Development for Ethical Hackers Book: https://www.amazon.com/dp/1801810176 (2024)
Author and tech reviewer at Packt. Co founder of MSSP Research LAB, author of many cybersecurity blogs, HVCK magazine
Malpedia contributor
Speaker at BlackHat, Security BSides, Arab Security Conference, Hack.lu, Standoff, etc conferences
Links
Area of Expertise
Topics
Malware and Hunting for Persistence: how adversaries hacking your Windows?
The story of how I discovered several non-standard and unusual methods for malware persistence using the registry
modifications and DLL hijacking vulnerability: Windows Internet Explorer, Win32API Cryptography features, Windows
Troubleshooting Feature and Process Hacker 2.
Research in the field of hunting new persistence techniques for malware.
Also a comparison of these methods with classical tricks and techniques that are used by various APT groups and
Ransomware's authors.
Malware, Persistence and Cryptography
Whether you are a Red Team or Blue Team specialist, learning the techniques
and tricks of malware development gives you the most complete picture of
advanced attacks. Also, due to the fact that most (classic) malwares are written
under Windows, as a rule, this gives you tangible knowledge of developing under Windows.
The course will teach you how to develop malware, including classic tricks and tricks of modern ransomware found in the wild. Everything is supported by real examples.
The course is intended for Red Team specialists to learn in more detail the tricks of malware development (also persistence and AV bypass) and will also be useful to Blue Team specialists when conducting investigations and analyzing malware.
The course is divided into four logical sections:
- Malware development tricks and techniques (classic injection tricks, DLL injection tricks, shellcode running)
- AV evasion tricks (Anti-VM, Anti-Sandbox, Anti-disassembling)
- Persistence techniques
- Cryptographic functions in malware development (exclusive)
Most of the example in this course require a deep understanding of the Python
and C/C++ programming languages.
Knowledge of assembly language basics is not required but will be an advantage
Malware, Cats and Cryptography
Research in the field of reimplementation of ransomware and the role of cryptography in malware development. Application of classical
cryptographic algorithms for payload and ransomware encryption. Practical research has been carried out: the results of
using Skipjack, TEA, Madryga, RC5, A5/1, Z85, DES, mmb, Kuznechik, etc. encryption algorithms have been analysed. The
application of cryptography based on elliptic curves is also being researched. How does all this affect the VirusTotal detection score and how applicable is it for bypassing AV solutions (AV bypass). In some researched practical cases, we get FUD malware.
Bypass AV Kaspersky, Windows Defender. ESET NOD32 in some practical cases.
Reverse engineering and code reconstruction with malware development tricks from ransomware and malware like Conti, Snowyamber, Paradise Ransomware, CopyKittens, Hello Kitty etc. Discovered new tricks from Russian APT29 related malware.
BSides Tirana 2024 Sessionize Event
BSides Kraków 2024 Sessionize Event
BSides Prishtina 2024 Sessionize Event
Security BSides Sofia 2024 Sessionize Event

Zhassulan Zhussupov
Malware Researcher, Threat Hunter, Buttefly Effect Team
Istanbul, Turkey
Links
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top