Software Development : Security : Malware
Never, EVER, use software that You self developed, for any malware based attacks, unless there is a huge amount of people that conduct attacks by using that malware and You are mad enough to believe that You are an academic "security researcher" that the super-mafiosi will not kill or detain simply to reduce market supply outside of their own royal hierarchies.
As of 2016_09 there exists even an online collection of software for storing the relations between software authors and their creations. The collection is called National Software Reference Library, which publicly declares that it is assembled to serve the various U.S. spying, targeting, agencies.
That being said, that does not mean that You should not develop Your own malware, because that's a tool for working on Your own defenses. Just, try to avoid dumb, manual, labor, let the AI based techniques do the dumb part. Just like a canon that is being used for testing armor does not need to be light, portable, easily manufacturable, it only needs to be more powerful than the canons used by enemy deployments, the malware that is used for studying and testing defensive measures does not need to be deployable and, depending on application, does not need to hide itself. As a matter of fact, a non-deployable attack software that only works in a single machine or a virtual environment might be even preferable, because then the malware can not accidentally get loose.