This course will teach you how to become a better ethical hacker, pentester and red teamer by learning malware development. It covers developing droppers, trojans and payload/DLL injectors using some basic C and Intel assembly skills.

RED TEAM Operator: Malware Development Intermediate course

Advanced malware development techniques in Windows, including: API hooking, 32-/64-bit migrations, reflective binaries and more.

RingZerø: Windows Kernel Rootkits: Techniques and Analysis

Key Learnings:

Machine architecture for kernel programmers
Virtual memory management
Interrupts and exceptions
CPU security features
Windows kernel architecture
Kernel components (Ps, Io, Mm, Ob, Se, Cm, etc.)
System mechanisms
Debugging with WinDbg
Rootkit techniques
Driver development

CodeMachine: Windows Kernel Rootkits

Topics:

Kernel Attacks
Kernel Shellcoding
Kernel Hooking and Injection
Kernel Callbacks
Kernel Filtering
Kernel Networking
Virtualization Based Security

书籍

The Art of Computer Virus Research and Defense
The Giant Black Book of Computer Viruses
Designing BSD Rootkits: An Introduction to Kernel Hacking
Rootkits and Bootkits
The Antivirus Hackers' Handbook

免费电子书

Make your own first fud crypter

文章/帖子

Malware Development – Welcome to the Dark Side: Part 1
Art of Malware
Malware Development Part 1
Basic Ransomware guide
Understanding TRITON and the Missing Final Stage of the Attack good read.
Master of RATs - How to create your own Tracker
Amazing article to read with some good resources (Personal Tale and the Road to Malware Development, Resources)
PT_NOTE -> PT_LOAD x64 ELF virus written in Assembly
The magic of LD_PRELOAD for Userland Rootkits(good read if you wanna get into rootkits this blog is for userland rootkits)
(Recommended Read) if you want to creat your first userland rootkit and you just know C you can go for this blog if you wanna start into rootkit development
Function Hooking Part I: Hooking Shared Library Function Calls in Linux
Inline Hooking for Programmers (Part 1: Introduction)
Inline Hooking for Programmers (Part 2: Writing a Hooking Engine)
PE injection for beginners
Becoming-rat-your-system
Complete guide on LKM hacking
Best series i will say if you wanna get into programming/malware dev recommended series to follow it will start with learn programming thats needed asm and stuff after that getting into maldev
Filess malware
Examining the Morris Worm Source Code
IOT Malware
DoublePulsar SMB backdoor analysis
Eset Turla Outlook backdoor report
Writing a custom encoder
Engineering antivirus evasion
Analysis of Project Sauron APT
WastedLocker analysis
Lazarus shellcode execution
Detailed analysis of Zloader
BendyBear shellcode malware
A Basic Windows DKOM Rootkit
Loading Kernel Shellcode
Windows Kernel Shellcode on Windows 10 – Part 1
Windows Kernel Shellcode on Windows 10 – Part 2
Windows Kernel Shellcode on Windows 10 – Part 3
Introduction to Shellcode Development
Autochk Rootkit Analysis
pierogi backdoor
Pay2Kitten
STEELCORGI
Lebanese Cedar APT
LazyScripter
Maze deobfuscation
Darkside overview
SunBurst backdoor - FireEye analysis
Code obfuscation techniques
SideCopy APT tooling
Hiding in PEB sight: Custom loader
Zloader: New infection technique
FinFisher exposed: A researcher’s tale of defeating traps, tricks, and complex virtual machines
A tale of EDR bypass methods
In-depth dive into the security features of the Intel/Windows platform secure boot process
Process Injection Techniques
Adventures with KernelCallbackTable Injection
Useful Libraries for Malware Development
Parent Process ID (PPID) Spoofing
Mutants Sessions Self Deletion
OffensiVe Security with V - Process Hollowing
Looking for Remote Code Execution bugs in the Linux kernel
memory-analysis-evasion
100% evasion - Write a crypter in any language to bypass AV

论坛

https://0x00sec.org/

最好的恶意软件开发论坛之一，对我帮助很大。

样本分享

一些有趣的Github Repos（杂项）

TL-TROJAN

收集了各种RATs、窃取者和其他木马的源代码。

Linker_preloading_virus

一个用自定义解释器劫持动态链接器的例子，该解释器加载和执行模块化病毒。

Awesome-linux-rootkits

在GitHub上发布的Linux rootkits摘要。

Virii

收集古老的计算机病毒源代码。

Flare-floss

FLARE混淆字符串求解器 - 自动从恶意软件中提取混淆字符串。

Ebpfkit

Ebpfkit是一个由eBPF驱动的rootkit。

Al-Khaser

在野外使用的公共恶意软件技术。虚拟机、仿真、调试器、沙盒检测。

Evasions

Evasions百科全书收集了恶意软件在虚拟环境中运行时用来逃避检测的方法。

loonix_syscall_hook

通过各种方法在arm64 linux上进行系统调用挂钩。

awesome-executable-packing

一个精心策划的与可执行包装有关的出色资源列表。

标签：工具分享, 学习路线, 安全研发, 病毒开发