Skip to content

The projects im more confident in while learning Malware Development

Notifications You must be signed in to change notification settings

kyle41111/MalwareDevelopment

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

The projects i'm more confident in while learning MalDev

Loaders:

NtCreateThreadEx: This loader is nothing special. Its testing out the usage of NtCreateThreadEx to execute shellcode in a remote process. It also hides the thread creation from debuggers.

Chunk Loader: practicing the chunking/drip allocation methods founded by Filip Olszak: https://github.com/xuanxuan0/. "Evasive shellcode loader for bypassing event-based injection detection, without necessarily suppressing event collection." note There are quite a few opsec blunders here, and things left in or out on purpose. The point of this was to practice the allocation techniques, not create a great loader.

Threadless Inject: Threadless Process Injection using remote function hooking. Inspired by Cobbs Threadless inject presentation. Also known as a hook loader. We hook a function in a remote process, overwrite it with shellcode, either a trampoline or payload, and wait for the process to call that function naturally.

Xll: Practicing dll hijacking/ghosting and function exports to create different payload types.

KCT: Testing Kernel Callback Table execution with enumdisplaymonitors.The wininet library is loaded dynamically just to practice another method of using libraries. This also uses chunking allocation and was compiled WITHOUT the CRT.

NodeADDon Node allows cpp add-ons. the two here are tests at shellcode execution, exporting functions, and usage of WINApis with these add-ons.

Shellcodes:

Currently dont have much publicly. Both sleep and PIC sleep are available.

Important!! There are obvious opsec blunders here. That, or I used a less than preferred method for things. This is on purpose. Each project is to practice a very specific implementation.

Examples of things I do, but arent present here:

I do not user syswhispers for any kind of syscalls

I do not leave the the CRT in any projects

I do add encryption/compression to projects

I pick injection targets more wisely

I do not overwrite function prologues without restoring original functionality

Multiple individuals helped me out,continue to push me to be better, or had their code directly used in some of these implementations, or have incredible research that was used.

@0xTriboulet @Cracked5pider @mrd0x @xiulan @0prrr

Additionally, if you ever need help, motivation, or a second eye on your projects, come join maldev academy and enter the discord!

About

The projects im more confident in while learning Malware Development

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published