>>50385
Obviously BS requirements. Advanced Mathematics? really? No one says this job requires "Advanced Mathematics" on a list of requirements because "Advanced Mathematics" isn't a thing. It literally could mean anything. To the uninitiated calculus is advanced mathematics, to the college non-math major, Real Analysis might be advanced. To a mathematician all kinds of hyper specific stuff might constitute advanced.
How this is related to malware at all is questionable. Cyber-criminals might be a starting point for looking at how to run an APT organization with political targets. Whale Fishing has been particularly successful for the Chinese, with macros in office documents. Why would anyone roll their own cryptography? Knowledge of how to use rather than implement or even god forbid create crypto is all thats necessary. Why python would be nessasry is also beyond me: Are you creating a scriptable framework for malware ? Developing exploits might be useful, and is probably part of what distinuighes an APT from a cybercriminal.
My list of requirements would be more shorter and much more specific:
To write exploits:
——————
* Microsoft Windows Internals, WIN32 API , Driver Model, Kernel Internals
* Microsoft Office Macros / Office Document Iternals/ PDF Internals / Flash Internals
* C Programming (Included in above obvious)
* PC Assembly with Microsoft Windows Calling Convention
* Reverse Engineering
To Persist / Escalate Access:
—————————–
* Experience USING (not implementing, not designing) cryptos systems via C
* Obfuscation techniques for binaries
* Experience Pen-testing
* Devops for Cybercirminals (hosting etc.)
to use exploits:
—————-
* Experience Whale Fishing
* Serious OPSec / Trade Craft
* Humint collection and recruitment / Social Engineering
You could probably buy exploits/ kits , penetrate low levels of organiztions persist and escalate access from there if your acting on a budget.
A large budget would look like dedicated devops teams securing anonymous hosting (probably by exploiting vulnerable boxen), a modular malware system with pluggable payloads and exploit vectors. You would probably have decidated teams working on exploits, and decicated teams working on payloads (reverse shell, exflitration etc.) You would probably have a dedicate team that handles entry points (whale fishing, humint), and a team that handles escallation. NSA (TAO) leaks are probably a good place to look for what a large budget APT looks like.
"Advanced Mathematics" is probably non-sense. What would you do with it?