# Awesome Malware Techniques [![Awesome](https://awesome.re/badge.svg)](https://awesome.re)
A curated list of resources to analyse and study malware techniques. 

* [Unprotect](https://unprotect.it): Unprotect is an open malware evasion techniques database that provides code snippet and detection rules.
* [LolBas](https://lolbas-project.github.io/#ping.exe): Living Off The Land Binaries, Scripts and Libraries.
* [ORKL](https://orkl.eu/): Search engine for Threat Intelligence reports.
* [HijackLibs](https://hijacklibs.net/): A curated list of DLL Hijacking candidates. A mapping between DLLs and vulnerable executables is kept and can be searched via this website.
* [Living Off Trusted Sites](https://lots-project.com/): Attackers are using popular legitimate domains when conducting phishing, C&C, exfiltration and downloading tools to evade detection.
* [MalApi](https://malapi.io/): Collection of API used by malware.
* [FileSec](https://filesec.io/): Collection of file extensions being used by attackers.
* [GTOFBin](https://gtfobins.github.io/): GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems.
* [Malware Persistence](https://github.com/Karneades/awesome-malware-persistence): Collection of malware persistence techniques.
* [Malware Event ID](https://github.com/stuhli/awesome-event-ids): Collection of EventID triggered by malware.
* [Malware Privilege Escalation](https://github.com/m0nad/awesome-privilege-escalation): Collection of privilege escalation techniques.
* [Various Malware Techniques](https://www.vx-underground.org/windows.html#evasion_-_anti-debugging): Several malware techniques listed on Vx-Underground. 
* [Malware Museum](https://archive.org/details/malwaremuseum): A database of old malware samples.
* [KernelMode.Info](https://www.kernelmode.info/forum/): Interesting low level resources, the forum is no more active since few years.
* [UnknownCheats Anti-Cheat Bypass](https://www.unknowncheats.me/forum/anti-cheat-bypass/): UnknownCheats is a cheats developers forum, the Anti-Cheat Bypass section is probably the most interesting part on this forum because the bypasses can be used also for red-teaming or by bad actors.
* [formats_vs_techniques](https://github.com/decalage2/oletools/wiki/formats_vs_techniques): This table shows the various techniques that can be used in malicious documents to trigger code execution, and the file formats in which they can be embedded.
* [CheckPoint Malware Evasion Techniques](https://evasions.checkpoint.com/): Collection of malware evasion techniques.