CaptMag/MalDev

# 恶意软件开发

嘿！欢迎来到我的仓库 :)))) 我是 Captain Magma，一个热衷于网络安全、恶意软件开发与分析的人。 这个仓库的目的是管理我的 MalDev 学习路线，我将随着学习的进展用我的笔记和代码不断更新这个仓库。 ## 当前项目与进展 目前，这是一个正在不断扩充的仓库，因此这里所有的代码都会有大量更新，以确保它们按预期运行。 在撰写本文时，以下是目前已完成且可正常运行的程序： - 加密 - [RC4](https://github.com/CaptMag/MalDev/tree/main/Encryption/RC4_Encryption) - [XOR](https://github.com/CaptMag/MalDev/tree/main/Encryption/XOR_Encryption) - [AES-256-GCM](https://github.com/CaptMag/MalDev/tree/main/Encryption/Aes256GCM) - 哈希 - [DJB2](https://github.com/CaptMag/MalDev/tree/main/Hashing/djb2) - [SDBM](https://github.com/CaptMag/MalDev/tree/main/Hashing/sdbm) - [SDBMROL16](https://github.com/CaptMag/MalDev/tree/main/Hashing/sdbm/sdbmrol16) - 混淆 - [GetModuleHandle](https://github.com/CaptMag/MalDev/tree/main/Obfuscation/Cusstom%20GetModuleHandle) - [GetProcAddress](https://github.com/CaptMag/MalDev/tree/main/Obfuscation/Custom%20GetProcAddress) - [Api Hashing](https://github.com/CaptMag/MalDev/tree/main/Obfuscation/ApiHashing) - [PPID Spoofing](https://github.com/CaptMag/MalDev/tree/main/Obfuscation/PPID%20Spoofing) - [双重混淆 (GetProcAddress + GetModuleHandle)](https://github.com/CaptMag/MalDev/tree/main/Obfuscation/DoubleObfs) - [Memcpy + Strcpy + Strcmp](https://github.com/CaptMag/MalDev/tree/main/Obfuscation/Mem_StrCpy) - Native API - [NT Shellcode 注入](https://github.com/CaptMag/MalDev/tree/main/NTAPI/NT_Shellcode_Injection) - Ntdll Unhooking - [从磁盘映射](https://github.com/CaptMag/MalDev/tree/main/NTDLL%20Unhooking/MapFromDisk) - [从文件读取](https://github.com/CaptMag/MalDev/tree/main/NTDLL%20Unhooking/ReadFromFile) - [挂起进程](https://github.com/CaptMag/MalDev/tree/main/NTDLL%20Unhooking/SuspendedProc) - 系统调用 - [APC Syscalls](https://github.com/CaptMag/MalDev/tree/main/Syscalls/APC) - [Direct Syscalls](https://github.com/CaptMag/MalDev/tree/main/Syscalls/Direct_Syscalls) - [Indirect Syscalls](https://github.com/CaptMag/MalDev/tree/main/Syscalls/Indirect_Syscalls) - Thread Hijacking - [本地](https://github.com/CaptMag/MalDev/tree/main/Thread%20Hijacking/Local) - [WinApi](https://github.com/CaptMag/MalDev/tree/main/Thread%20Hijacking/Local/WinAPI) - [Syscalls](https://github.com/CaptMag/MalDev/tree/main/Thread%20Hijacking/Local/Indirect%20Syscall) - [远程](https://github.com/CaptMag/MalDev/tree/main/Thread%20Hijacking/Remote) - [WinApi](https://github.com/CaptMag/MalDev/tree/main/Thread%20Hijacking/Remote/WinAPI) - [Syscalls](https://github.com/CaptMag/MalDev/tree/main/Thread%20Hijacking/Remote/Indirect%20Syscalls) - Mapping Injection - [本地](https://github.com/CaptMag/MalDev/tree/main/Mapping%20Injection/Local) - [WinApi](https://github.com/CaptMag/MalDev/tree/main/Mapping%20Injection/Local/WinAPI) - [Syscalls](https://github.com/CaptMag/MalDev/tree/main/Mapping%20Injection/Local/Indirect%20Syscall) - [远程](https://github.com/CaptMag/MalDev/tree/main/Mapping%20Injection/Remote) - [WinApi](https://github.com/CaptMag/MalDev/tree/main/Mapping%20Injection/Remote/WinAPI) - [Syscalls](https://github.com/CaptMag/MalDev/tree/main/Mapping%20Injection/Remote/Indirect%20Syscalls) - 反分析 - [正在被调试](https://github.com/CaptMag/MalDev/tree/main/Anti-Analysis/beingdebugged) - [查询性能](https://github.com/CaptMag/MalDev/tree/main/Anti-Analysis/QueryPerformance) - [RDTSC](https://github.com/CaptMag/MalDev/tree/main/Anti-Analysis/RDTSC) - [自我删除](https://github.com/CaptMag/MalDev/tree/main/Anti-Analysis/SelfDelete) - 反沙箱 - [检查内存](https://github.com/CaptMag/MalDev/tree/main/Anti-Sandbox/Check_Memory) - [CPUID](https://github.com/CaptMag/MalDev/tree/main/Anti-Sandbox/CPUID) - [SMBIOS](https://github.com/CaptMag/MalDev/tree/main/Anti-Sandbox/SMBIO) - 枚举 - [CreateToolhelp32Snapshot](https://github.com/CaptMag/MalDev/tree/main/Enumeration/CreateToolhelp32Snapshot) - [NtQuerySysInfo](https://github.com/CaptMag/MalDev/tree/main/Enumeration/NtQuerySysInfo/Normal) - [OS 元数据](https://github.com/CaptMag/MalDev/tree/main/Enumeration/OS%20Metadata) - 进程注入 - [Shellcode 注入](https://github.com/CaptMag/MalDev/tree/main/Process_Injection/Shellcode_Injection) - [APC 注入](https://github.com/CaptMag/MalDev/tree/main/Process_Injection/APC_Injection) - [Fiber 注入](https://github.com/CaptMag/MalDev/tree/main/Process_Injection/Fiber_Injection) - [Early Bird 注入](https://github.com/CaptMag/MalDev/tree/main/Process_Injection/EarlyBird) - [Portable Executable 注入](https://github.com/CaptMag/MalDev/tree/main/Process_Injection/PE_Injection) - Stomping - [本地](https://github.com/CaptMag/MalDev/tree/main/Stomping/Local) - [远程](https://github.com/CaptMag/MalDev/tree/main/Stomping/Remote) - 杂项 - [抓取 PE 头](https://github.com/CaptMag/MalDev/tree/main/Misc/GrabPeHeaders) - [挂起进程](https://github.com/CaptMag/MalDev/tree/main/Misc/SuspendedProc) - [读取目标文件](https://github.com/CaptMag/MalDev/tree/main/Misc/ReadTargetFile) - [修复 IAT](https://github.com/CaptMag/MalDev/tree/main/Misc/FixIAT) - [修复重定位表](https://github.com/CaptMag/MalDev/tree/main/Misc/FixRelocTable) - [蓝屏死机](https://github.com/CaptMag/MalDev/tree/main/Misc/BSOD) - Process Hollowing - [WinApi](https://github.com/CaptMag/MalDev/tree/main/Process%20Hollowing/WinApi) - [Syscall](https://github.com/CaptMag/MalDev/tree/main/Process%20Hollowing/Syscall) - ETW Bypass - [Etw 字节修补](https://github.com/CaptMag/MalDev/tree/main/EtwBypass/EtwPatch) - [NtTraceEvent SSN Patching](https://github.com/CaptMag/MalDev/tree/main/EtwBypass/NtTracePatch) - AMSI Bypass - [Amsi 字节修补](https://github.com/CaptMag/MalDev/tree/main/AmsiBypass/Amsi_Byte_Patch) - Magma Gate - [Magma Gate](https://github.com/CaptMag/MalDev/tree/main/MagmaGate) - Reflective Dll - [Reflective Dll](https://github.com/CaptMag/MalDev/tree/main/Reflective%20Dll) - Dll 注入 - [基础 DLL 注入](https://github.com/CaptMag/MalDev/tree/main/Dll%20Injection/WinApi) - [Syscall DLL 注入](https://github.com/CaptMag/MalDev/tree/main/Dll%20Injection/Syscall) - [DLL 劫持](https://github.com/CaptMag/MalDev/tree/main/Dll%20Injection/DllHijacking) - [DLL 侧载](https://github.com/CaptMag/MalDev/tree/main/Dll%20Injection/DllSideloading) - 持久化 - [Windows 注册表](https://github.com/CaptMag/MalDev/tree/main/Persistence/Windows%20Registry) - [Windows 服务](https://github.com/CaptMag/MalDev/tree/main/Persistence/Windows%20Services) - Sleep Obfuscation - [Sleep Obfuscation](https://github.com/CaptMag/MalDev/tree/main/Sleep%20Obfuscation) ## 错误 我不是什么编程大神，这在我的代码中体现得淋漓尽致。如果我的任何程序存在问题，请随时提交 pull request 或在错误部分指出来！ ## 感谢 话虽如此，感谢您查看我的仓库，希望您能在这里找到有趣的东西 :))))

标签：AES-256-GCM, API哈希, API接口, API混淆, C/C++, DNS 反向解析, Fail2ban, MalDev, NTAPI, Ntdll脱钩, RC4加密, Shellcode注入, UML, XOR加密, 中高交互蜜罐, 事务性I/O, 二进制分析, 云安全运维, 云资产清单, 代码混淆, 免杀技术, 动态API解析, 原生API, 哈希算法, 安全测试, 客户端加密, 恶意软件开发, 攻击性安全, 数据加密, 数据展示, 暴力破解检测, 沙箱逃逸, 端点可见性, 红队, 网络安全, 自定义GetModuleHandle, 自定义GetProcAddress, 蜜罐平台, 进程ID欺骗, 逆向工程, 隐私保护