Go to file
2023-04-08 17:32:09 +10:00
README.md Update README.md 2023-04-08 17:32:09 +10:00

Awesome Malware Techniques Awesome

A curated list of resources to analyse and study malware techniques.

  • Unprotect: Unprotect is an open malware evasion techniques database that provides code snippet and detection rules.
  • LolBas: Living Off The Land Binaries, Scripts and Libraries.
  • ORKL: Search engine for Threat Intelligence reports.
  • HijackLibs: A curated list of DLL Hijacking candidates. A mapping between DLLs and vulnerable executables is kept and can be searched via this website.
  • Living Off Trusted Sites: Attackers are using popular legitimate domains when conducting phishing, C&C, exfiltration and downloading tools to evade detection.
  • MalApi: Collection of API used by malware.
  • FileSec: Collection of file extensions being used by attackers.
  • GTOFBin: GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems.
  • Malware Persistence: Collection of malware persistence techniques.
  • Malware Event ID: Collection of EventID triggered by malware.
  • Malware Privilege Escalation: Collection of privilege escalation techniques.
  • Various Malware Techniques: Several malware techniques listed on Vx-Underground.
  • Malware Museum: A database of old malware samples.
  • KernelMode.Info: Interesting low level resources, the forum is no more active since few years.
  • UnknownCheats Anti-Cheat Bypass: UnknownCheats is a cheats developers forum, the Anti-Cheat Bypass section is probably the most interesting part on this forum because the bypasses can be used also for red-teaming or by bad actors.
  • formats_vs_techniques: This table shows the various techniques that can be used in malicious documents to trigger code execution, and the file formats in which they can be embedded.
  • CheckPoint Malware Evasion Techniques: Collection of malware evasion techniques.
  • LolDrivers: Living Off The Land Drivers is a curated list of Windows drivers used by adversaries to bypass security controls and carry out attacks.
  • AMSI Bypass: This repo contains some Antimalware Scan Interface (AMSI) bypass / avoidance methods i found on different Blog Posts.