The Malware Mega Thread.
#21
Sharing this talk because I think it's great for starting out:
https://youtu.be/EMJr_B0mWUY

It's done by a famous annalist called Amanda Rousseau, you might have heard of her by the handle @Malwareunicorn
If you want to follow along the talk you can find his materials here:
https://sites.google.com/secured.org/mal...ring/re101


This other talk from her looks actually really good, I've only watched half of it and it is looking promising:
https://youtu.be/rX7lIfQlqOo
Reply
#22
Very cool, now just to find the time to work through all of this Big Grin
Reply
#23
I will definitely look into this. Thanks ! Big Grin
Reply
#24
Some links I found while coding my open source POC malware for windows:

Windows Vuln modules: http://www.itsecdb.com/oval/definitions/family-windows/
Win priv esc: https://github.com/api0cradle/BeRoot/tre...er/Windows
VM Detection: https://github.com/LordNoteworthy/al-kha...ualBox.cpp
Generating smart trash code for anti signature detection: http://83.133.184.251/virensimulation.or...vpo01.html
Malware self defence - Fake VM: https://securingtomorrow.mcafee.com/mcaf...l-machine/

Unprotect:
http://unprotect.tdgt.org/index.php/Unprotect_Project
Spoiler(Show)
[Image: 900px-Unprotect-MAP-44.png]
Reply
#25
(09-30-2018, 09:50 PM)Insider Wrote: Some links I found while coding my open source POC malware for windows:

Windows Vuln modules: http://www.itsecdb.com/oval/definitions/family-windows/
Win priv esc: https://github.com/api0cradle/BeRoot/tre...er/Windows
VM Detection: https://github.com/LordNoteworthy/al-kha...ualBox.cpp
Generating smart trash code for anti signature detection: http://83.133.184.251/virensimulation.or...vpo01.html
Malware self defence - Fake VM: https://securingtomorrow.mcafee.com/mcaf...l-machine/

Unprotect:
http://unprotect.tdgt.org/index.php/Unprotect_Project
Spoiler(Show)
[Image: 900px-Unprotect-MAP-44.png]

Some very nice resources there. Having some way in which your malware protects itself from detection is essential.
Reply
#26
Wikileaks CIA documents.

Bypass Antivirus Dynamic Analysis
Limitations of the AV model and how to exploit them

https://wikileaks.org/ciav7p1/cms/files/...namics.pdf
Reply
#27
Malware Repository:
https://malshare.com/
https://malware.lu/
Reply
#28
Random malware-related documents I've saved.
[Image: CjRuL67s7bMnaH8B.png]
https://share.dmca.gripe/h9ZKpahdWpwEv7Oj.7z

Reupload of Crypters Handbook: https://share.dmca.gripe/rhKi8YOAzm3AckNz.pdf

Reupload of Bypass-Antivirus-Dynamics: https://share.dmca.gripe/Z1Vy8VkxOpxcrJ9A.pdf
Reply
#29
Recently got myself more interested in malware lately. Would be cool if we could get ourself a malware section. Like Trojanforge used to have (before it went private).

Malware development part 1: https://0xpat.github.io/Malware_development_part_1/
Malware development part 2: https://0xpat.github.io/Malware_development_part_2/
Malware development part 3: https://0xpat.github.io/Malware_development_part_3/
Reply
#30
Anti-reverse engineering: https://mega.nz/folder/eEkwUIbC#QJuN18nD...e/GR0QCK5Q
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Malware dev advice OSCNET 6 6,996 04-22-2021, 12:11 AM
Last Post: Vector
  How to persist malware in Windows without tripping runtime AV? God Himself 2 3,567 04-21-2021, 10:25 PM
Last Post: Vector
  Don't Connect Back - Beaconing Malware deviant 3 5,336 02-10-2021, 02:12 AM
Last Post: Insider
  [QUESTION] What are the different ways malware becomes persistant for Windows? ueax 8 7,228 02-08-2021, 10:32 PM
Last Post: ueax