A little while ago I read both Gray Hat Python and Black Hat python by Justin Seitz. Both were fantastic. I found Gray Hat Python to be a little more “advanced” in that it went into topics such as debugging (and how debuggers worked and what could be done with them), as well as hooking and code injection in quite some depth. On the other hand, Black Hat Python went over some more classic “hacker” things, such as networking and playing around with some Windows services.
However, the main takeaway from Black Hat Python for me was the chapter on using GitHub as a command and control for malware. Presenting only the bare bones of the framework and messing around with pythons import functionality I decided to use the ideas as a base to make the concept my own through the wendigo framework. I’ve since fully adapted and extended the ideas presented into what wendigo is now, a fully functioning (hopefully), extensible malware framework using GitHub for C2. That single chapter served as the inspiration for the first project I’ve decided to take on of my own free will, which has been the catalyst for so much that I’ve learned along the way.
Finally, while were here, I thought I’d mention the origin of the name wendigo. I had had the idea to start this project, but before I could put code to vim, I knew it needed a cool name, as all projects (especially those in the security world) do. I had the concept of a stealthy, unassuming trojan, that once introduced could mutate and change into what it needed to be, to transform into a monster, that was once just a man. So I started looking around the old myths of shape changing beasts and spirits. A werewolf seemed like a good fit, but just didn’t quite roll off the tongue. And then I came across the Northern American Indian’s version of a werewolf. An evil spirit that would possess a man and transform him, giving him monstrous characteristics and an insatiable thirst for blood. The wendigo.
My Portfolio 