← all papers

An Introduction to Modern Malware Development for Red Teams

Sp1d3rM June 25, 2026

#malware #computer-architecture #programing #red-team #reverse-engineering


Kiwi diving, Cyberpunk: Edgerunners.

You can select the chapters in the menu on the very beginning of this post, right below the title but above the text. It is represented by a directory tree. Just click the chapter and you will be redirect to the material. The series is in-development, some chapters might still be unavailable yet!

This post will be updated with new chapters every time I finish one, up until I think I covered everything I want to cover. Stay tuned at ANTEIKU and my own X account for updates.

WHAT IT IS

Greetings, strangers. I decided to write a series for our blog related to malware development. There are many, many free sources out there and in the age of AI, it shouldn’t be that hard get enough working knowledge of malware development mostly free (considering you probably have to pay some AI vendor). The problem with free content usually is structure. They lack it. After finishing one content, a blog post for instance, you might genuinely have learned something new but you also might end up not knowing what are the next steps immediately. This short series aims to fix it while also connecting all the basic knowledge needed for the modern tradecraft landscape.

The content of this course will be largely based on my own experiences and notes from labs, courses and certifications, which means there might be content here you will find somewhere else and, honestly, that’s expected.

This series is aimed at Red Teamers. This means we will be mostly focusing on C2 agents, loaders and etc. I might touch on other malware types for educational purposes but I will mostly cover topics with ample focus on the development of authorized Red Team tooling. I will not teach you how to build ransomware, but as with anything in this godforsaken industry many things you will learn here do apply (with modifications) to the development of any offensive tooling.

FOR WHO IS IT FOR

This short series will eventually get to a medium-level difficulty once we start digging a little deeper with system calls, call stack spoofing and what not but fundamentally this is a beginners-oriented resource. If you have any experience with malware development, you might already know some or even all of this. Perhaps you forgot some basic stuff and this helps you remind it, but it probably isn’t for you.

This doesn’t mean it is for complete beginners either. I will do my best in the start to introduce you to computer architecture, Windows internals and programming concepts needed to develop modern malware, but you will need to read about things yourself too. Fundamentally, I will assume you know general penetration testing and some scripting language like Python or JavaScript, so we can share some common ground. If you are pwning medium to hard HTB machines, you should be fine but the more the better.

This might also be useful for blue teamers wanting to understand a little bit more about malware, how it is used to evade defenses and what a threat actor might think while creating new tooling. Understanding the enemy is very important.

Keep Hacking,
Sp1d3rM_*^!

← all papers