fr0gger/Awesome_Malware_Techniques fr0gger/Awesome_Malware_Techniques

  • Stars
    star
    622
  • Rank 72,195 (Top 2 %)
  • Language
  • Created about 2 years ago
  • Updated over 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
fr0gger/Awesome_Malware_Techniques
github

fr0gger

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

This is a repository of resource about Malware techniques

Awesome Malware Techniques Awesome

A curated list of resources to analyse and study malware techniques.

  • Unprotect: Unprotect is an open malware evasion techniques database that provides code snippet and detection rules.
  • LolBas: Living Off The Land Binaries, Scripts and Libraries.
  • ORKL: Search engine for Threat Intelligence reports.
  • HijackLibs: A curated list of DLL Hijacking candidates. A mapping between DLLs and vulnerable executables is kept and can be searched via this website.
  • Living Off Trusted Sites: Attackers are using popular legitimate domains when conducting phishing, C&C, exfiltration and downloading tools to evade detection.
  • MalApi: Collection of API used by malware.
  • FileSec: Collection of file extensions being used by attackers.
  • GTOFBin: GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems.
  • Malware Persistence: Collection of malware persistence techniques.
  • Malware Event ID: Collection of EventID triggered by malware.
  • Malware Privilege Escalation: Collection of privilege escalation techniques.
  • Various Malware Techniques: Several malware techniques listed on Vx-Underground.
  • Malware Museum: A database of old malware samples.
  • KernelMode.Info: Interesting low level resources, the forum is no more active since few years.
  • UnknownCheats Anti-Cheat Bypass: UnknownCheats is a cheats developers forum, the Anti-Cheat Bypass section is probably the most interesting part on this forum because the bypasses can be used also for red-teaming or by bad actors.
  • formats_vs_techniques: This table shows the various techniques that can be used in malicious documents to trigger code execution, and the file formats in which they can be embedded.
  • CheckPoint Malware Evasion Techniques: Collection of malware evasion techniques.
  • LolDrivers: Living Off The Land Drivers is a curated list of Windows drivers used by adversaries to bypass security controls and carry out attacks.
  • AMSI Bypass: This repo contains some Antimalware Scan Interface (AMSI) bypass / avoidance methods i found on different Blog Posts.

More Repositories

1

Awesome-GPT-Agents

A curated list of GPT agents for cybersecurity
4,833
star
2

awesome-ida-x64-olly-plugin

A curated list of IDA x64DBG, Ghidra and OllyDBG plugins.
1,123
star
3

IATelligence

IATelligence is a Python script that will extract the IAT of a PE file and request GPT to get more information about the API and the ATT&CK matrix related
Python
342
star
4

vthunting

Vthunting is a tiny script used to generate report about Virus Total hunting and send it by email, slack or telegram.
Python
156
star
5

jupyter-collection

Collection of Jupyter Notebooks by @fr0gger_
HTML
127
star
6

Unprotect_Submission

Repository to publish your evasion techniques and contribute to the project
C++
121
star
7

unprotect

Unprotect is a python tool for parsing PE malware and extract evasion techniques.
Python
107
star
8

RocProtect-V1

Emulating Virtual Environment to stay protected against advanced malware
C++
98
star
9

MalwareMuncher

Malware Muncher is a proof-of-concept Python script that utilizes the Frida framework for binary instrumentation and API hooking, enabling users to conduct malware analysis.
JavaScript
40
star
10

SuperPeHasher

SuperPeHasher is a wrapper for several hash algorithms dedicated to PE file.
Python
27
star
11

Yara-Unprotect

This repository regroups the Yara Rules for the Unprotect Project
YARA
25
star
12

JupyterUniverse

Jupyter Univere is a search engine for all infosec jupyter notebooks
18
star
13

hash.py

hash.py is a python script that calculates a fingerprint (MD5, SHA256, SHA512). The script also allows you to compare two fingerprints to check if it is consistent. It can be used in digital forensics.
Python
10
star
14

Check-Domain-Availability

Tiny script to verify if a domain or a list of domain is available.
Python
9
star
15

shellcode2exe_package

x64 Windows package of the shellcode2exe tool
7
star
16

strings_similarity

This is a short Jupyter Notebook to demonstrate Strings extraction to generate a graph.
Jupyter Notebook
6
star
17

fr0gger

5
star
18

Scripts_and_Snippets

Scripts and Snippets
Python
5
star
19

scapside.py

A scapside.py is a pretty little tool to perform basic network attacks using Scapy
Python
5
star
20

Timer

Gym Timer
C++
2
star
21

Jupyter-Universe

A repository to centralise Jupyter Notebook about Cybersecurity
1
star