Final destination.
1. printf(“Goodbye for now, world!\n”);
Well then, here we are. After an 8 week journey through the depths of Windows userland and the occasional day trip to C2 frameworks and communication channels, we’ve reached our final destination. This is where we’ll part ways.
All jokes aside, I’ve had a fantastic internship experience. When I initially started my search for potential internship opportunities, my hopes weren’t very high. Red Teaming is quite daunting and hard to get into and usually requires past experience in a security related position, especially in a niche subcategory like malware development or exploit development.
I discovered NVISO a while ago through the Cyber Security Challenge Belgium which they co-organize and noticed they had open internship positions for IoT related topics. Needless to say I was pleasantly surprised when I got in contact with NVISO and they offered an internship position in a Red Team where I’d be working on research for new tooling.
When I first met my mentors Jonas and Jean-François, they came up with a variety of topics that would directly contribute to the daily operations of the different Red Teams. This allowed me to choose topics I’d like to work on which would be inline with my skills, experience and interests. Little did I know I picked one of the toughest of them all.
I’ve always had a secret love for coding and recently ventured into malware analysis, which turned out to be a great stepping stone towards writing malware. During the 8 weeks I would be working on custom process injection techniques and look into alternative methods to exfiltrate C2 traffic since Domain Fronting is no longer a viable option.
With the ongoing COVID-19 pandemic, the internship would evidently be fully remote. This meant that meeting colleagues would be slightly more difficult and it required a high degree of autonomy. Regardless, I felt very welcome from the start. I had a kickoff meeting with my mentors where I could ask any questions I had and received a nudge in the right direction to get me started. The overall atmosphere is very pleasant and light-hearted (with the occasional meme), but serious when required. They encouraged me to ask questions, but also made sure I did my own research first.
As my project developed over time I got the opportunity to present my work during lunch to colleagues from different divisions and even from different countries! NVISO regularly organizes brown-bag sessions for anybody to attend, where an NVISO expert presents his/her insights into a currently hot topic. This enables people to acquire an insight into a different field or area of expertise and stay current. My presentation was met with great feedback and opened up discussion on the presented techniques, their strengths and possible short comings.
On my final day I went to the office to meet with some colleagues in person and have a coffee. During a tour of the office I finally got to meet more people outside of the Red Team I was interning for, which was followed by a couple hours of work and then lunch together. After lunch I demoed my project and discussed my findings on the different C2 frameworks and protocols.
Overall I had a great time and got to know some very cool people. I got to explore the highly technical concepts behind malware and at the same time translate this into an easily understandable format so a less technical audience could still understand my work. I’m excited to keep developing these skills and hopefully return for a second internship very soon.
NtClose(hInternship); return 0;