Awesome Malware Techniques

A curated list of resources to analyse and study malware techniques.

• Unprotect: Unprotect is an open malware evasion techniques database that provides code snippet and detection rules.
• LolBas: Living Off The Land Binaries, Scripts and Libraries.
• ORKL: Search engine for Threat Intelligence reports.
• HijackLibs: A curated list of DLL Hijacking candidates. A mapping between DLLs and vulnerable executables is kept and can be searched via this website.
• Living Off Trusted Sites: Attackers are using popular legitimate domains when conducting phishing, C&C, exfiltration and downloading tools to evade detection.
• MalApi: Collection of API used by malware.
• FileSec: Collection of file extensions being used by attackers.
• GTOFBin: GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems.
• Malware Persistence: Collection of malware persistence techniques.
• Malware Event ID: Collection of EventID triggered by malware.
• Malware Privilege Escalation: Collection of privilege escalation techniques.
• Various Malware Techniques: Several malware techniques listed on Vx-Underground.
• Malware Museum: A database of old malware samples.
• KernelMode.Info: Interesting low level resources, the forum is no more active since few years.
• UnknownCheats Anti-Cheat Bypass: UnknownCheats is a cheats developers forum, the Anti-Cheat Bypass section is probably the most interesting part on this forum because the bypasses can be used also for red-teaming or by bad actors.
• formats_vs_techniques: This table shows the various techniques that can be used in malicious documents to trigger code execution, and the file formats in which they can be embedded.
• CheckPoint Malware Evasion Techniques: Collection of malware evasion techniques.