The Malware Mega Thread.
#11
(01-07-2018, 08:19 AM)Insider Wrote: Additional Resource!

Newbie guide/article on how to become a Malware Analyst:

So You Want To Be A Malware Analyst?: https://blog.malwarebytes.com/security-w...e-analyst/

Archive: http://archive.is/pjF9c

Sweet, thanks Insider. With everyone providing additional resources i think this thread is starting to look like one of the more extensive resource hubs on anything to do with malware out there.

What i would like to see more of is additional malware development oriented resources. I've been looking around but i haven't really found a book or online resource that deals with malware development exclusively. If anyone has something like that i'd love to see it.
Reply
#12
I posted a minor revision to the OP. At some point i mentioned that Covertutils was a lot like msfvenom. And while msfvenom certainly is a backdoor generating framework Covertutils is a backdoor development framework. A small difference, but a significant one as one implies full automation while the other simply consists of one or more libraries that will help you writing backdoors in Python.

As such i have updated the OP appropriately.
Reply
#13
Some cool links I found :

MalwareDynamicAnalysis - http://opensecuritytraining.info/Malware...ndFine.pdf

Program Analysis Reading List - http://www.msreverseengineering.com/prog...ading-list

Unpacking Tutorials - http://index-of.es/Tools/Various-Tools/B...Tutorials/

Edit:

RE for beginners - http://index-of.es/Tools/Various-Tools/B...20Newbies/



Also a classic!

vxHeaven Virus collection:

Dos Viruses: https://archive.org/details/vxheaven-dos...collection

Windows Viruses: https://archive.org/details/vxheaven-win...collection
Reply
#14
Insider, thanks so much for the Archive links to VXHeaven! :-)

Just in case you haven't seen these links before, I have three other VXHeaven archives bookmarked:

http://83.133.184.251/virensimulation.or...index.html

http://83.133.184.251/virensimulation.org/

http://download.adamas.ai/dlbase/Stuff/V...index.html
Reply
#15
If anyone is curious or wants something to decompile here's eternalblue and eternalchampion's source with the XML and .fb files https://danwin1210.me/uploads/Eternals/?C=N&O=A&G=0

Note: don't run this on your system, use a sandbox and a dedicated malware OS
Reply
#16
I was recently introduced to bashware, running windows malware via bash in windows to bypass avs. The concept is amazing and it provides a ton of possibilities. Will try to write a thread if I can soon Tongue

Here you can read some about this topic: https://research.checkpoint.com/beware-b...solutions/
Reply
#17
Web Malware Collection: https://code.google.com/archive/p/web-ma.../downloads
Reply
#18
Malware repository: https://malshare.com/
Malware-Traffic-Analysis: http://www.malware-traffic-analysis.net/
Reply
#19
This is really amazing, thank you for sharing all these resources. I am trying to do more of this sort of work, now that I am moving to C++.

The main problem I have (and speaking both professionally and personally) is access to malware binaries. Whilst it's not too difficult to pay someone from Deloitte for instance to give us their threat report, it seems like the only way to get your own sample is to know someone who know's someone who has a compromised machine.
Reply
#20
(03-22-2018, 08:37 AM)EnigmaCookie Wrote: This is really amazing, thank you for sharing all these resources. I am trying to do more of this sort of work, now that I am moving to C++.

The main problem I have (and speaking both professionally and personally) is access to malware binaries. Whilst it's not too difficult to pay someone from Deloitte for instance to give us their threat report, it seems like the only way to get your own sample is to know someone who know's someone who has a compromised machine.

You're welcome. Also, i find that being a part of security communities helps with getting access to malware binaries. Also, the filesystem on one of my boxes recently got corrupted, which is pretty shitty because i had a lot of my samples on there.(I know, i know, backup all the things, learned that the hard way haha) Until that's fixed i'll reach out to other malware peeps if i need a sample of something.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Don't Connect Back - Beaconing Malware deviant 5 8,130 Yesterday, 10:04 PM
Last Post: jean_valjean
  How do malware builder interfaces work? cold 12 6,618 06-29-2021, 09:17 AM
Last Post: Vector
  Malware dev advice OSCNET 6 9,845 04-22-2021, 12:11 AM
Last Post: Vector
  How to persist malware in Windows without tripping runtime AV? God Himself 2 5,610 04-21-2021, 10:25 PM
Last Post: Vector