I thought the CIA’s “best practices” for coding malware were interesting.
It’s basically a list of things you have to consider when dealing with a sophisticated attacker. Basic audit features aren’t enough if your data and systems present an attractive target.
