The Malware Mega Thread.
#31
Another good resource: Awesome Malware Analysis (Resource dump): https://github.com/rshipp/awesome-malware-analysis
Reply
#32
The Collection
Archive of Malware Leaks from around the internet
  • Botnets
  • Ebooks
  • Exploit Kits
  • Source Code's And others.
Git: https://github.com/Tlgyt/The-Collection
Reply
#33
Some more resources:
Reverse engineering focusing on x64 Windows: https://github.com/0xZ0F/Z0FCourse_ReverseEngineering
Introduction to Malware Analysis and Reverse Engineering: https://class.malware.re/


Malware sample: https://greysec.net/showthread.php?tid=7014
Reply
#34
Windows API tutorial: http://zetcode.com/gui/winapi/
Useful if you want to code malware.
Reply
#35
Here's some random and interesting whitepapers for malwaredev and analysis I thought was worth sharing:

Useful resource if you're using LolBins and want to keep your payload undetected from AVs.

DOS-Obfuscation: https://dl.packetstormsecurity.net/paper...niques.pdf


Useful resource for learning VBS/VBA. With this you can develop your own dropper payloads and implement it as macros in word/excel etc.

My VBA Bot: https://packetstormsecurity.com/files/13...A-Bot.html


Some docs on more AV evasion.

FUD Malware: https://dl.packetstormsecurity.net/paper...alware.pdf

Art of Antidection (Shellcode Alchemy) Part 1:https://dl.packetstormsecurity.net/papers/general/artofantidetection.pdf

Art of Antidection (Shellcode Alchemy): https://dl.packetstormsecurity.net/paper...tion-3.pdf

Analysis Of The Rcrypt Packer: https://dl.packetstormsecurity.net/paper...rcrypt.pdf

Running Encrypted ELF Binaries In Memory: https://dl.packetstormsecurity.net/paper...frieza.pdf


Others:

RSA ASYMMETRIC POLYMORPHIC SHELLCODE: https://dl.packetstormsecurity.net/paper...orphic.pdf

Metamorphic Worms: Can they remain hidden?: https://dl.packetstormsecurity.net/paper...ia_ppr.pdf

PE Injection Explained: https://packetstormsecurity.com/files/do...lained.pdf

Injecting .NET Ransomware Into Unmanaged Process: https://packetstormsecurity.com/files/15...ocess.html

Deep Dive Into .NET Malwares: https://dl.packetstormsecurity.net/paper...alware.pdf
Reply
#36
Big sheet on Ransomwares: https://docs.google.com/spreadsheets/u/2...1U/pubhtml#
Reply
#37
Big sheet on C2-malware: https://docs.google.com/spreadsheets/d/1...edit#gid=0
Questionarie on figuring out which C2 to use: http://ask.thec2matrix.com/
More: https://www.thec2matrix.com/
Reply
#38
[Image: DYVMhGd.png]
Malware-related whitepapers: https://vxug.fakedoma.in/papers.html

And also many other resources on the site. Huge gem. 20k malware source codes, 2.8 million malware samples and more...
Reply
#39
Some cool links worth reading.
Using mimikatz and bypassing AV: https://www.blackhillsinfosec.com/bypass...-mimikatz/
PeZor "an Open-Source PE Packer": https://iwantmore.pizza/posts/PEzor.html
HTTP(s) C2 Pivoting: https://medium.com/@rvrsh3ll/offensive-i...9b4b7e58d8
Reply
#40
Create malicious VBA macros (In excel, word, powerpoint) etc to act as dropper for your malware.
Using microsoft shapes. Will bypass AV (as of right now?).

"Inject Encrypted Commands Into EMF Shapes for C2 In VBA / Office Malware"

Part 1: https://medium.com/@laughing_mantis/mali...4efca74358
Part 2: https://medium.com/@laughing_mantis/mali...0375cd05f3

Tool: https://github.com/glinares/VBA-Stendhal
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Malware dev advice OSCNET 6 6,996 04-22-2021, 12:11 AM
Last Post: Vector
  How to persist malware in Windows without tripping runtime AV? God Himself 2 3,567 04-21-2021, 10:25 PM
Last Post: Vector
  Don't Connect Back - Beaconing Malware deviant 3 5,336 02-10-2021, 02:12 AM
Last Post: Insider
  [QUESTION] What are the different ways malware becomes persistant for Windows? ueax 8 7,227 02-08-2021, 10:32 PM
Last Post: ueax