• Stars
    star
    1,353
  • Rank 34,729 (Top 0.7 %)
  • Language
  • Created over 2 years ago
  • Updated over 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Organized list of my malware development resources

Introduction

This Repo serves as a list of resources for malware development. Note: I am just a learner what i have im sharing some reources can be stupid, you can help me adding things.

Essentials

I would say having some experience with C and assembly going to be good. some resources for C and assmebly.

Blogs

Vitali Kremez blog

Lot's of Malware related content.

0xPat blog

Have an amazing malware development series i would recommend to take a look.

zerosum0x0 blog

Some good posts.

Guitmz blog

Dope Maldev Content.

TheXcellerator

Amazing LKM rookit series and maldev posts.


Talks

Horse Pill: A New Type of Linux Rootkit
Not a talk but good LKM rootkit series
Good talk on Creating and Countering the Next Generation of Linux Rootkits
Kernel Mode Threats and Practical Defenses
Alex Ionescu - Advancing the State of UEFI Bootkits
BlueHat v18 || Return of the kernel rootkit malware (on windows 10)


Youtube channels

AGDC Services

HQ Malware Content.

TheSphinx

Have an amazing series on Writing your Rat from Scratch.

Joey Abrams

Amazing Malware stuff, have a good code injection series, Linux stuff.

w3w3w3

Have a good LKM rootkit series.

Courses

There are some courses I would love to recommend.

RED TEAM Operator: Malware Development Essentials course | Sektor7

This course will teach you how to become a better ethical hacker, pentester and red teamer by learning malware development. It covers developing droppers, trojans and payload/DLL injectors using some basic C and Intel assembly skills.

RED TEAM Operator: Malware Development Intermediate course

Advanced malware development techniques in Windows, including: API hooking, 32-/64-bit migrations, reflective binaries and more.

RingZerø: Windows Kernel Rootkits: Techniques and Analysis

Key Learnings:

  • Machine architecture for kernel programmers
  • Virtual memory management
  • Interrupts and exceptions
  • CPU security features
  • Windows kernel architecture
  • Kernel components (Ps, Io, Mm, Ob, Se, Cm, etc.)
  • System mechanisms
  • Debugging with WinDbg
  • Rootkit techniques
  • Driver development

CodeMachine: Windows Kernel Rootkits

Topics:

  • Kernel Attacks
  • Kernel Shellcoding
  • Kernel Hooking and Injection
  • Kernel Callbacks
  • Kernel Filtering
  • Kernel Networking
  • Virtualization Based Security

Books

  • The Art of Computer Virus Research and Defense
  • The Giant Black Book of Computer Viruses
  • Designing BSD Rootkits: An Introduction to Kernel Hacking
  • Rootkits and Bootkits
  • The Antivirus Hackers' Handbook

Free books

Make your own first fud crypter


Articles/posts

Malware Development – Welcome to the Dark Side: Part 1
Art of Malware
Malware Development Part 1
Basic Ransomware guide
Understanding TRITON and the Missing Final Stage of the Attack good read.
Master of RATs - How to create your own Tracker
Amazing article to read with some good resources (Personal Tale and the Road to Malware Development, Resources)
PT_NOTE -> PT_LOAD x64 ELF virus written in Assembly
The magic of LD_PRELOAD for Userland Rootkits(good read if you wanna get into rootkits this blog is for userland rootkits)
(Recommended Read) if you want to creat your first userland rootkit and you just know C you can go for this blog if you wanna start into rootkit development
Function Hooking Part I: Hooking Shared Library Function Calls in Linux
Inline Hooking for Programmers (Part 1: Introduction)
Inline Hooking for Programmers (Part 2: Writing a Hooking Engine)
PE injection for beginners
Becoming-rat-your-system
Complete guide on LKM hacking
Best series i will say if you wanna get into programming/malware dev recommended series to follow it will start with learn programming thats needed asm and stuff after that getting into maldev
Filess malware
Examining the Morris Worm Source Code
IOT Malware
DoublePulsar SMB backdoor analysis
Eset Turla Outlook backdoor report
Writing a custom encoder
Engineering antivirus evasion
Analysis of Project Sauron APT
WastedLocker analysis
Lazarus shellcode execution
Detailed analysis of Zloader
BendyBear shellcode malware
A Basic Windows DKOM Rootkit
Loading Kernel Shellcode
Windows Kernel Shellcode on Windows 10 – Part 1
Windows Kernel Shellcode on Windows 10 – Part 2
Windows Kernel Shellcode on Windows 10 – Part 3
Introduction to Shellcode Development
Autochk Rootkit Analysis
pierogi backdoor
Pay2Kitten
STEELCORGI
Lebanese Cedar APT
LazyScripter
Maze deobfuscation
Darkside overview
SunBurst backdoor - FireEye analysis
Code obfuscation techniques
SideCopy APT tooling
Hiding in PEB sight: Custom loader
Zloader: New infection technique
FinFisher exposed: A researcher’s tale of defeating traps, tricks, and complex virtual machines
A tale of EDR bypass methods
In-depth dive into the security features of the Intel/Windows platform secure boot process
Process Injection Techniques
Adventures with KernelCallbackTable Injection
Useful Libraries for Malware Development
Parent Process ID (PPID) Spoofing
Mutants Sessions Self Deletion
OffensiVe Security with V - Process Hollowing
Looking for Remote Code Execution bugs in the Linux kernel
memory-analysis-evasion
100% evasion - Write a crypter in any language to bypass AV


Forums

One of the best Malware Development fourms that helped me a lot.


Sample Sharing


Some interesting Github Repos(miscellaneous)

TL-TROJAN

A collection of source code for various RATs, Stealers, and other Trojans.

Linker_preloading_virus

An example of hijacking the dynamic linker with a custom interpreter who loads and executes modular viruses.

Awesome-linux-rootkits

A summary of linux rootkits published on GitHub.

Virii

Collection of ancient computer virus source codes.

Flare-floss

FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.

Ebpfkit

Ebpfkit is a rootkit powered by eBPF.

Al-Khaser

Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.

Evasions

Evasions encyclopedia gathers methods used by malware to evade detection when run in virtualized environment.

loonix_syscall_hook

System call hooking on arm64 linux via a variety of methods.

awesome-executable-packing

A curated list of awesome resources related to executable packing.