Last day to save $150 off Offensive Operations courses during SANS Pen Test & Offensive Training 2021!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

SANS @MIC Talk - Self-Compiling Malware

  • Monday, April 20, 2020 at 3:30 PM EDT (2020-04-20 19:30:00 UTC)
  • Xavier Mertens

You can now attend the webcast using your mobile device!



While hunting, I recently found interesting malware samples that use Microsoft. NET commands to compile their second stage on-premise. This talk will review some of them and show you how they (ab)use the commands present on almost any modern Windows computer.

Speaker Bio

Xavier Mertens

Xavier Mertens is a freelance cybersecurity consultant based in Belgium. His daily job focuses on the “blue team” side to protect his customer’s assets (incident handling, forensics, log management, SIEM, security visualization, OSINT), but he likes to work on the “red team” side from time to time. Xavier is also a SANS Internet Storm Center Senior Handler (, security blogger ( and co-organizer of the BruCON security conference (

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.