A curated list of resources to analyse and study malware techniques.
- Unprotect: Unprotect is an open malware evasion techniques database that provides code snippet and detection rules.
- LolBas: Living Off The Land Binaries, Scripts and Libraries.
- ORKL: Search engine for Threat Intelligence reports.
- HijackLibs: A curated list of DLL Hijacking candidates. A mapping between DLLs and vulnerable executables is kept and can be searched via this website.
- Living Off Trusted Sites: Attackers are using popular legitimate domains when conducting phishing, C&C, exfiltration and downloading tools to evade detection.
- MalApi: Collection of API used by malware.
- FileSec: Collection of file extensions being used by attackers.
- GTOFBin: GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems.
- Malware Persistence: Collection of malware persistence techniques.
- Malware Event ID: Collection of EventID triggered by malware.
- Malware Privilege Escalation: Collection of privilege escalation techniques.
- Various Malware Techniques: Several malware techniques listed on Vx-Underground.
- Malware Museum: A database of old malware samples.
- KernelMode.Info: Interesting low level resources, the forum is no more active since few years.
- UnknownCheats Anti-Cheat Bypass: UnknownCheats is a cheats developers forum, the Anti-Cheat Bypass section is probably the most interesting part on this forum because the bypasses can be used also for red-teaming or by bad actors.
- formats_vs_techniques: This table shows the various techniques that can be used in malicious documents to trigger code execution, and the file formats in which they can be embedded.
- CheckPoint Malware Evasion Techniques: Collection of malware evasion techniques.