The Malware Mega Thread.
#71
For those interested i just added a massive list of resources to the public part of our Github organization. Mostly to do with Windows Kernel exploitation.

I added it to my personal Github and forked it over. As i think many of us that are interested in MalDev will benefit from having these materials readily available.

Find the relevant repository at our GH Org by clicking here.


If you have anything to add to that list, send me a message and i'll grant you write permissions to that repo.
Reply
#72
(02-27-2021, 11:07 AM)chios Wrote: I recently found out about https://www.hoppersroppers.org/rootkit.html , this is a website where multiple courses regarding low-level security in general are provided for free. The one I linked looked most promising to me, this is the description:
Quote:Fundamentals of Linux Implant Development
Learn C and Malware Analysis By Writing a Clone of Turla's Linux Backdoor

Clone a 20 year old rootkit to gain an in-depth understanding of Linux internals along with the basics of malware functionality, detection, counter-measures, and reverse-engineering.
I only skimmed through some parts so far but it looks interesting to me, maybe someone else will find a useful course on this website.

I'm amazed that I'd never seen https://www.roppers.org/ before! (The new URL for hoppersroppers.org). Seems like a great resource, thanks for sharing.
Reply
#73
Some older viruses/trojans:
Quote:download w9x-tiny.zip, ~54k
  win9X.132,133,134,140,142,148,149,150,151,152,159,161,162,166,170,180,a,182,184,185,
  187,189,190,a,197,200,204,b,206,209,218,223,230,242 virii (aka Win95.SillyWR.nnn)
download win95.Zombie virus, ~115k
download win9X.Z0MBiE-II (Twinny) virus, ~63k
download win9X.Z0MBiE-3 virus, ~5k
download win9X.Z0MBiE-4 (Zofo) virus, ~9k
download win9X.KME.Z0MBiE-4.b (ZMorph) virus, ~37k
download win9X.Z0MBiE-4.c (ZMorph) virus, ~37k
download win9X.Z0MBiE-4.d (Zom) virus, ~15k
download win9X.Hooy virus, ~38k
download Z0MBiE-5 (W95.Bistro) virus, ~95k
download win9X.RPME.Z0MBiE-6.a (ZPerm) virus (win9x permutating), ~42k
download win9X.Z0MBiE-7 (ZPerm) permutating virus, ~21k
download Z0MBiE-6.b virus (win9x polymorphic(CODEGEN)+permutating(RPME)), ~49k
download win98.Z0MBiE-8 (Damm) virus, ~16k
download win9X.Examplo (win32-example virus), ~21k
download win9X.LDE.Examplo (win32-example virus), ~9k
download win9X.Z0MBiE-10.a virus (==ZMyst; based on CODEGEN,ETG,LDE,RPME,MISTFALL), ~89k
download Mistfall.Z0MBiE-10.b virus, ~92k
download Mistfall.Z0MBiE-10.c virus + Mistfall engine 1.02, ~118k
download Mistfall.Z0MBiE-10.d virus, ~142k

download 007JB virus, ~25k
download M1 virus, ~61k
download ZHello virus, ~13k
download TP_COM virus, ~16k
download PGPMorph-1 virus, ~69k
download PGPMorph-2 virus, ~108k
download pascal HLL virus example, ~5k
download eicar.zip -- EICAR trojan, ~5k
view Z0MBiE.32 -- TSR, EXE-overwriter
view Trojan.18 -- non-TSR, MBR/BOOT/CMOS-overwriter ;-)
Source: https://z0mbie.dreamhosters.com
Reply
#74
The Undocumented Functions - Microsoft Windows NT/2000/XP/Win7

http://undocumented.ntinternals.net/
Reply
#75
ONLINE (FUD) METERPRETER PAYLOAD GENERATOR: https://metcrypter.com/
Reply
#76
Useful resources on LOLBins.

Quote:GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems.
The project collects legitimate functions of Unix binaries that can be abused to get the f**k break out restricted shells, escalate or maintain elevated privileges, transfer files, spawn bind and reverse shells, and facilitate the other post-exploitation tasks.
It is important to note that this is not a list of exploits, and the programs listed here are not vulnerable per se, rather, GTFOBins is a compendium about how to live off the land when you only have certain binaries available.
GTFOBins is a collaborative project created by Emilio Pinna and Andrea Cardaci where everyone can contribute with additional binaries and techniques.
If you are looking for Windows binaries you should visit LOLBAS.
- https://gtfobins.github.io/
- https://lolbas-project.github.io/

Edit: Useful info on file extensions for malware.
https://filesec.io/
Reply
#77
Hello, great resources but from what I've seen most of them are user-mode techniques. Are there any suggestions regarding Kernel stuff like rootkits and such? One resource I'm planning to take a read is on Rootkit Arsenal but I fear that it is fairly outdated, I'm hoping that someone is able to share a resource on said topic that is fairly up to date.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Bilateral treatise thread charcoal notes, prothrombin stillborn. ucezazmixew 0 10 9 hours ago
Last Post: ucezazmixew
  In brachialis consenting suggestive, thread-like circumcision. aagowudic 0 105 06-21-2022, 03:56 PM
Last Post: aagowudic
  Insertion calcis rigidity thread urine; settling hairs. ovihnabitaju 0 691 05-09-2022, 02:01 PM
Last Post: ovihnabitaju
  Guide For Malware Development Inessa_Fevre 13 15,753 04-26-2022, 11:03 AM
Last Post: Ayumi_Nkm