I am interested in making malware...
#1
I am interested in developing malware and have some experience with c++ and python. I have a basic understanding of networks and stuff but I just don't know where to take my hacking to the next level. I haven't done anything practical yet but I hope to soon and hope some of my questions can be answered here. Does anyone have any advice on ways to practice exploitation? Best programming languages for malware development? And, where are the best resources that are going to help me along the way? Always happy to network so message me for my discord :)
Reply
#2
This has been my interpretation/experience:

assembly
reverse engineering (personally I've had some exposure to IDA and Ollydbg, but I prefer Radare2)
how compilers work
file formats (especially ELF and PE)

Books:
Practical Malware Analysis
Art of Memory Forensics
Malware Analyst's Cookbook
The Art of Computer Virus Research and Defense (more historical, but a great resource)

Getting samples from online repositories (such as vx-underground.org)


Setup:
Two laptops. One has the network card physically removed and acts as the malware analysis machine. The other is a "normal" laptop for internet access. Both have a good amount of RAM for running virtual machines. An external drive with said VMs (primarily Remnux and Flare VM, but also versions of Windows)


Again this is just my experience, but hopefully it helps. I am by no means a master at any of this, but then again increasingly I feel that one could work in this area forever and be constantly exposed to totally new things, which is part of the appeal.

Let me know if you have any other questions.
Reply
#3
Before going into Assembly, I recommend that you create your first tests with high-level languages. Python itself is a good gateway. In this area of the forum there are several threads with very good content, you can also start with them.

Now, an exercise I usually do is try to replicate the functionality of certain malware. For example, if you hear about a virus that collects email addresses when they are copied to the clipboard, before you see its code, try redoing it your way. As you figure out how to make things work, then you turn to the more technical aspects like AV evasion, obfuscation and the like.
Reply
#4
Actually I couldn't agree more with this. Assembly can be daunting at first. I'm still just beginning to understand it myself. Also - yes, replicating specific features is a great way to learn in addition to RE etc.
Reply
#5
(08-22-2021, 05:02 PM)shmoeke Wrote: I am interested in developing malware and have some experience with c++ and python. I have a basic understanding of networks and stuff but I just don't know where to take my hacking to the next level. I haven't done anything practical yet but I hope to soon and hope some of my questions can be answered here. Does anyone have any advice on ways to practice exploitation? Best programming languages for malware development? And, where are the best resources that are going to help me along the way? Always happy to network so message me for my discord Smile

1. Does anyone have any advice on ways to practice exploitation?
> The best way to do this is to write one yourself or test exploits out and try to enhance them in to something more malicious than ever before. Best example would be how EternalBlue was enhanced my malware authors and was used as a spreading vector by WannaCry ransomware few days (unsure) after it was leaked by ShadowBrokers.
2. Best programming languages for malware development?
> Before, most malwares were written using Assembly, C, C++, VBScript, JavaScript and such but nowadays modern malware authors use C++, C# or .NET related languages. Haven't seen much more advance though I have seen POS malware which sniffs credit card information from POS terminals written using PureBasic. Try to check that one out.
3. Where are the best resources that are going to help me along the way?
> You can google it though I don't wanna be vague. This forum looks nice for a best resource, check out other forums as well similar to this. There are lots of resources though there is no such thing as a best resource as if I suggest, I might get trolled. Lol.
Reply
#6
Here you have a collection of alot of famous malwares which you can reverse engineer. NOTE: USE IN VIRTUAL MACHINE!!!
and check if your network connection is cut off if you run these malwares!!!

Github The Zoo:
https://github.com/ytisf/theZoo

The password to open encrypted files is: infected

You should not run these malwares if you don't know what you are doing, Always close off your internet connection.

Credits: ytisf = TheZoo

You can use DNSpy to reverse .NET malwares

List of Decompilers and Debuggers / Reverse engineering.

ILSpy decompiler engine (C# and Visual Basic decompilers) - https://github.com/icsharpcode/ILSpy
Roslyn (C# and Visual Basic compilers) - https://github.com/dotnet/roslyn
dnlib (.NET metadata reader/writer which can also read obfuscated assemblies) - https://github.com/0xd4d/dnlib
VS MEF (Faster MEF equals faster startup) - https://github.com/microsoft/vs-mef
ClrMD (Access to lower level debugging info not provided by the CorDebug API) - https://github.com/microsoft/clrmd
Iced (x86/x64 disassembler) https://github.com/icedland/iced
dnSpy is a debugger and .NET assembly editor. You can use it to edit and debug assemblies even if you don't have any source code available. Main features: - https://github.com/dnSpy/dnSpy

Use Virtual Machine. Download and exluce TheZoo-Master map (Don't run these malwares, install decompilers and visual studio) create snapshot and start your engines.. With the help from the books and courses from the previous reactions from the GreySec Members you should get along with it! Good Luck Happy Hacking. Stay safe.
Reply
#7
(08-24-2021, 03:22 PM)neftis Wrote: This has been my interpretation/experience:

assembly
reverse engineering (personally I've had some exposure to IDA and Ollydbg, but I prefer Radare2)
how compilers work
file formats (especially ELF and PE)

Books:
Practical Malware Analysis
Art of Memory Forensics
Malware Analyst's Cookbook
The Art of Computer Virus Research and Defense (more historical, but a great resource)

Getting samples from online repositories (such as vx-underground.org)


Setup:
Two laptops. One has the network card physically removed and acts as the malware analysis machine. The other is a "normal" laptop for internet access. Both have a good amount of RAM for running virtual machines. An external drive with said VMs (primarily Remnux and Flare VM, but also versions of Windows)


Again this is just my experience, but hopefully it helps. I am by no means a master at any of this, but then again increasingly I feel that one could work in this area forever and be constantly exposed to totally new things, which is part of the appeal.

Let me know if you have any other questions.


Actually this is a pretty good set up for beginners. If you'd like to Neftis we can collab on a project that provides all these things in an automated matter. Like an aspiring MalDev's toolkit. Minus the hardware of course. But we can automate almost everything about making such a set up easy to run, maintain and make sure it's safe.

Custom VM's and or containerization solutions come to mind.

Let me know.
Reply
#8
Vector - I am actually in the same boat as Neftis. If open, I would welcome an opportunity to collaborate for set up, etc. Thx!
Reply
#9
(08-24-2021, 03:22 PM)neftis Wrote: This has been my interpretation/experience:

assembly
reverse engineering (personally I've had some exposure to IDA and Ollydbg, but I prefer Radare2)
how compilers work
file formats (especially ELF and PE)

Books:
Practical Malware Analysis
Art of Memory Forensics
Malware Analyst's Cookbook
The Art of Computer Virus Research and Defense (more historical, but a great resource)

Getting samples from online repositories (such as vx-underground.org)


Setup:
Two laptops. One has the network card physically removed and acts as the malware analysis machine. The other is a "normal" laptop for internet access. Both have a good amount of RAM for running virtual machines. An external drive with said VMs (primarily Remnux and Flare VM, but also versions of Windows)


Again this is just my experience, but hopefully it helps. I am by no means a master at any of this, but then again increasingly I feel that one could work in this area forever and be constantly exposed to totally new things, which is part of the appeal.

Let me know if you have any other questions.

I have just started learning how to write code in assembly. And then should I go onto reverse engineering, compilers and then file formats. (just to clarify)
Reply
#10
(09-02-2021, 04:58 PM)ironman0x23 Wrote: Vector - I am actually in the same boat as Neftis.  If open, I would welcome an opportunity to collaborate for set up, etc.  Thx!

Cool. I run multiple Github Organizations. Most notably our official community, research and development organization on Github. Which you can find here if you're interested.

However i recently created a personal R&D Org, basically it's a more casual version of our main Org where we can collaborate on projects such as i mentioned above. The general focus is on software engineering, security research and collaborative development. I am also trying to foster a climate of learning from each other in order to advance our individual understanding of the concepts we are exploring.

PM me your GH handle and i'll send you an invite if you'd like.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  The Malware Mega Thread. Vector 70 159,932 09-21-2021, 02:31 AM
Last Post: Vector
  I want to be a Malware Developer. TheCodeGirl 3 2,938 09-06-2021, 12:45 AM
Last Post: neftis
  experimental malware neftis 0 2,683 08-22-2021, 08:26 PM
Last Post: neftis
  Don't Connect Back - Beaconing Malware deviant 6 13,068 08-03-2021, 10:19 AM
Last Post: Vector