.NET Foundations for Security Engineers
This course teaches C# from scratch for offensive security work. You build real Windows tools in every module. The course closes with a File Reconnaissance Tool and a bonus reverse TCP shell.
.NET Foundations for Security Engineers
Description
# Why This Course
C# is the standard language for Windows offensive tooling. It compiles to real executables, calls Windows APIs directly, and runs on every modern Windows host without extra dependencies. This course teaches you how to write it.
## How .NET Works
You start with how .NET works. The first module covers MSIL, the CLR, and JIT compilation. You learn what your compiled binary exposes to any analyst with a decompiler. That knowledge shapes how you write code from the start.
## The Language
The bulk of the course is the C# language itself. Data types, string parsing, operators, functions, control flow, collections, classes, file I/O, and exception handling. Each topic builds on the last and connects directly to tooling work.
## Final Project: File Reconnaissance Tool
The course ends with a final project: a File Reconnaissance Tool. The program walks a directory tree, filters files by type, groups findings, and writes a report to disk. You publish the finished tool as a self-contained Windows executable.
## Bonus Lab: Reverse TCP Shell
A bonus lab goes further. You build a reverse TCP shell in C#: a listener and a client connected over loopback, with a live `cmd.exe` session routed through the socket. Every component traces back to language concepts from the course.
## Requirements
No prior programming experience is required. The course runs on Windows Server 2025.
## Platform and Toolchain
The course opens with the .NET platform and the development toolchain. You learn how C# compiles to MSIL, what the CLR does at runtime, and how to read a compiled binary in dnSpy. From there, the course covers the build environment and project structure.
## Core Language
The next block covers the core language. The labs build a network target parser, an XOR encoder, and a reusable parsing library. Topics include data types, byte arrays, string methods, operators, and functions.
## Control Flow and Collections
Control flow and collections come next. You write programs that scan port ranges, break on conditions, and track results in lists, sets, and dictionaries.
## Object-Oriented Programming and File I/O
The course then moves into object-oriented programming and file I/O. You build a scanner class with a constructor and typed properties. You handle user input, command-line arguments, file reads and writes, and exception handling.
## LINQ and Async/Await
LINQ and async/await follow. You write queries over collections and see how asynchronous I/O works in C#.
## Final Project
The course closes with the final project. You build a File Reconnaissance Tool that scans a directory tree, filters by file extension, groups the output, and writes a timestamped report to disk. The finished program publishes as a self-contained Windows executable.
## Bonus Lab: Reverse TCP Shell
The bonus lab sits outside the graded modules. You build a reverse TCP shell. A listener accepts one TCP connection and relays bytes. A client starts `cmd.exe` and routes its stdin, stdout, and stderr through the socket. Both programs run on the same machine over loopback. Every concept in the lab maps back to something from the course.
## Requirements
The course runs on Windows Server 2025. Students bring their own machine or use the WKL-managed AWS lab environment, which provisions a ready-to-use machine in your own AWS account. No prior programming experience is required.
Assembly Programming Basics for Security Engineers
Assembly Programming Basics for Security Engineers
Description
Learn Windows x64/x86 assembly from zero to shellcode-ready. NASM labs, x64dbg, Win32 APIs, position-independent code, PE format, direct syscalls, and stack overflows. The prerequisite course for serious offensive development on Windows. One high-level language required; no prior ASM needed.
.NET for Malware Development
This course teaches C# from scratch for offensive security work. You build real Windows tools in every module. The course closes with a File Reconnaissance Tool and a bonus reverse TCP shell.
.NET for Malware Development
Description
C# is the standard language for Windows offensive tooling. It compiles to real executables, calls Windows APIs directly, and runs on every modern Windows host without extra dependencies. This course teaches you how to write it.
You start with how .NET works. The first module covers MSIL, the CLR, and JIT compilation. You learn what your compiled binary exposes to any analyst with a decompiler. That knowledge shapes how you write code from the start.
The bulk of the course is the C# language itself. Data types, string parsing, operators, functions, control flow, collections, classes, file I/O, and exception handling. Each topic builds on the last and connects directly to tooling work.
The course ends with a final project: a File Reconnaissance Tool. The program walks a directory tree, filters files by type, groups findings, and writes a report to disk. You publish the finished tool as a self-contained Windows executable.
A bonus lab goes further. You build a reverse TCP shell in C#: a listener and a client connected over loopback, with a live cmd.exe session routed through the socket. Every component traces back to language concepts from the course.
No prior programming experience is required. The course runs on Windows Server 2025.
The course opens with the .NET platform and the development toolchain. You learn how C# compiles to MSIL, what the CLR does at runtime, and how to read a compiled binary in dnSpy. From there, the course covers the build environment and project structure.
The next block covers the core language. The labs build a network target parser, an XOR encoder, and a reusable parsing library. Topics include data types, byte arrays, string methods, operators, and functions.
Control flow and collections come next. You write programs that scan port ranges, break on conditions, and track results in lists, sets, and dictionaries.
The course then moves into object-oriented programming and file I/O. You build a scanner class with a constructor and typed properties. You handle user input, command-line arguments, file reads and writes, and exception handling.
LINQ and async/await follow. You write queries over collections and see how asynchronous I/O works in C#.
The course closes with the final project. You build a File Reconnaissance Tool that scans a directory tree, filters by file extension, groups the output, and writes a timestamped report to disk. The finished program publishes as a self-contained Windows executable.
The bonus lab sits outside the graded modules. You build a reverse TCP shell. A listener accepts one TCP connection and relays bytes. A client starts cmd.exe and routes its stdin, stdout, and stderr through the socket. Both programs run on the same machine over loopback. Every concept in the lab maps back to something from the course.
The course runs on Windows Server 2025. Students bring their own machine or use the WKL-managed AWS lab environment, which provisions a ready-to-use machine in your own AWS account. No prior programming experience is required.
Assembly Programming for Malware Development
Assembly Programming for Malware Development
Assembly Programming for Malware Development
Description
Golang Programming Basics
Golang Programming Basics
