This repository serves to collect and organize resources that are made by the Malware Research community. Every once in a while, a routine check will be performed to remove outdated content, fix broken links, and add new resources. If you would like to have your submission added, feel free to open an issue or send a pull-request.
The resources are based upon the combined efforts of the members of the Malware Research group on Telegram.
Note that the resources are not listed in a particular order. This list is not an exhaustive resource.
This list is curated by Megabeets and Libra.
-
Unable to locate new malware samples to analyze? You can use Megabeets’ Fantastic Malware And Where To Find Them, or Libra's Searching Samples, or filescan.io.
-
Are you interested in assembly language and/or are you unsure what a specific instruction does? Refer to the Intel manual for the x86 and x86_64 architectures.
-
Are you interested to learn reverse engineering from scratch? Then refer to Reverse Engineering for Beginner
-
Do you want to analyze malware (or binaries in general), but are you unsure how to? Check Libra's Binary Analysis Course.
-
Have you been struck with ransomware and do you want to know what type it is? Check ID Ransomware and No More Ransom.
-
Have you started reversing Windows executables but is the PE file format unknown to you? - Find out more on Aldeid.
-
Do you want to set-up your own lab? You can set up an automated Cuckoo server using this Ansible script.
-
A page that links to all kinds of Awesome pages related to IT security.
-
Do you want to analyze an Android application? You can use AndroidProjectCreator to convert an APK to an Android Studio project.
-
Malware analysis tutorials by MalwareUnicorn.
-
Malware Analysis course developed by Rensselaer Polytechnic Institute
-
If you want to know more about analysis of artifact then take a look here Enisa Common Framework for analysis
-
If you know First community then for sure you'll appreciate this collection of resources
-
Want to know more about Process Injection, anti-analysis techniques, packers, and how to unpack them? Check out OALabs’ YouTube channel.
-
Want to know more about file formats or hash collisions? Check Corkami’s GitHub repositories.
-
A list of popular APT groups and details about them: APT Groups and Operations Spreadsheet
-
Looking for a set of Yara rules to enrich your detection? Check out this collection of Yara rules by Florian Roth: Neo23x0 Yara Repo
-
A platform to collect useful information about APT groups, IOCs, and more: OpenCti
-
A platform to extract info about IoC and samples: IntelOwl
-
Finding and exploiting vulnerable Malware malvuln
-
Looking for samples/paperss vx-underground
- Max Kersten (Libra) blog
- Itay Cohen (Megabeets) blog
- Jacob Pimental’s malware analysis blog
- Bellingcat’s research methods for OSINT
- Danus Minimus’ malware analysis blog
- Arnau Gàmez i Montolio’s reverse engineering blog
- Nikhil Hegde's malware analysis blog
- 0xlsd's malware analysis blog
- (Spanish) Rubén Revuelta’s malware analysis blog
- (Spanish) W4nn4die’s malware analysis blog
- (Turkish) Fatih Şensoy’s malware analysis blog