{"id":19075248,"url":"https://github.com/0xvpr/malicious-software-research","last_synced_at":"2025-04-29T23:28:50.256Z","repository":{"id":43741822,"uuid":"396199034","full_name":"0xvpr/Malicious-Software-Research","owner":"0xvpr","description":"A repository dedicated to researching, documenting, developing, and ultimately, defending against various strains of malicious software.","archived":false,"fork":false,"pushed_at":"2025-03-21T06:27:36.000Z","size":783,"stargazers_count":31,"open_issues_count":0,"forks_count":4,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-18T19:41:52.376Z","etag":null,"topics":["c2","evasion","injection","keylogger","living-off-the-land","obfuscation","ransomware","research","server","shellcode","socket"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/0xvpr.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2021-08-15T03:10:50.000Z","updated_at":"2025-04-02T17:33:42.000Z","dependencies_parsed_at":"2025-04-18T07:43:34.797Z","dependency_job_id":"f815f104-9cc7-4995-86bb-c8b592d85a56","html_url":"https://github.com/0xvpr/Malicious-Software-Research","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xvpr%2FMalicious-Software-Research","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xvpr%2FMalicious-Software-Research/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xvpr%2FMalicious-Software-Research/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xvpr%2FMalicious-Software-Research/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/0xvpr","download_url":"https://codeload.github.com/0xvpr/Malicious-Software-Research/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":251599027,"owners_count":21615457,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["c2","evasion","injection","keylogger","living-off-the-land","obfuscation","ransomware","research","server","shellcode","socket"],"created_at":"2024-11-09T01:54:07.582Z","updated_at":"2025-04-29T23:28:50.231Z","avatar_url":"https://github.com/0xvpr.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003ch1 align=\"center\"\u003eMalicious Software Research\u003c/h1\u003e\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://mit-license.org/\"\u003e\n    \u003cimg src=\"https://img.shields.io/github/license/0xvpr/Malicious-Software-Research?style=flat-square\"\u003e\n  \u003c/a\u003e\n  \u003cbr\u003e\n  \u003ch3 align=\"left\"\u003eA repository dedicated to researching, analyzing, documenting,\nand ultimately, \u003ci\u003edefending\u003c/i\u003e against various strains of malicious software and their behaviors.\u003c/h3\u003e\n  \u003cbr\u003e\n\u003c/p\u003e\n\n## Table of Contents\n- [Environment](#environment)\n- [Code Examples](#code-examples)\n    01. [Shellcode Crafting](#shellcode-crafting)\n    02. [Storage Techniques](#storage-techniques)\n    03. [Injection Techniques](#injection-techniques)\n    04. [Obfuscation Techniques](#obfuscation-techniques)\n    05. [Ransomware](#ransomware)\n    06. [Evasion](#evasion)\n    07. [Living Off The Land](#living-off-the-land)\n    08. [Socket](#socket)\n    09. [Keyloggers](#keyloggers)\n    10. [Droppers](#droppers)\n    11. [Hooking Techniques](#hooking-techniques)\n- [Credits \u0026 Learning Resources](#credits--learning-resources)\n- [Disclaimer](#disclaimer)\n- [License](#license)\n\n---\n\n### Environment\n```bash\ngit clone https://github.com/0xvpr/Malicious-Software-Research\ncd Malicious-Software-Research\nchmod +x build-image.sh run-image.sh\n./build-image.sh\n./run-image.sh\n```\n\n---\n\n### Code Examples\n01. \u003ca name='shellcode-crafting'\u003eShellcode Crafting\u003c/a\u003e\n    - \u003ca href='https://github.com/0xvpr/Malicious-Software-Research/blob/main/01.shellcode-crafting/01.independent-shellcode'\u003eIndependent Shellcode\u003c/a\u003e\n    - \u003ca href='https://github.com/0xvpr/Malicious-Software-Research/blob/main/01.shellcode-crafting/02.adv-independent-shellcode'\u003eAdv Independent Shellcode\u003c/a\u003e\n    - \u003ca href='https://github.com/0xvpr/Malicious-Software-Research/blob/main/01.shellcode-crafting/03.pure-assembly-syscall'\u003ePure Assembly Syscall\u003c/a\u003e\n02. \u003ca name='storage-techniques'\u003eStorage Techniques\u003c/a\u003e\n    - \u003ca href='https://github.com/0xvpr/Malicious-Software-Research/blob/main/02.storage-techniques/01.data'\u003eData\u003c/a\u003e\n    - \u003ca href='https://github.com/0xvpr/Malicious-Software-Research/blob/main/02.storage-techniques/02.text'\u003eText\u003c/a\u003e\n    - \u003ca href='https://github.com/0xvpr/Malicious-Software-Research/blob/main/02.storage-techniques/03.rsc'\u003eRsc\u003c/a\u003e\n03. \u003ca name='injection-techniques'\u003eInjection Techniques\u003c/a\u003e\n    - \u003ca href='https://github.com/0xvpr/Malicious-Software-Research/blob/main/03.injection-techniques/01.crt'\u003eCrt\u003c/a\u003e\n04. \u003ca name='obfuscation-techniques'\u003eObfuscation Techniques\u003c/a\u003e\n    - \u003ca href='https://github.com/0xvpr/Malicious-Software-Research/blob/main/04.obfuscation-techniques/01.simple-template-metaprogramming'\u003eSimple Template Metaprogramming\u003c/a\u003e\n    - \u003ca href='https://github.com/0xvpr/Malicious-Software-Research/blob/main/04.obfuscation-techniques/02.intermediate-template-metaprogramming'\u003eIntermediate Template Metaprogramming\u003c/a\u003e\n    - \u003ca href='https://github.com/0xvpr/Malicious-Software-Research/blob/main/04.obfuscation-techniques/03.advanced-template-metaprogramming'\u003eAdvanced Template Metaprogramming\u003c/a\u003e\n    - \u003ca href='https://github.com/0xvpr/Malicious-Software-Research/blob/main/04.obfuscation-techniques/04.xor'\u003eXor\u003c/a\u003e\n05. \u003ca name='ransomware'\u003eRansomware\u003c/a\u003e\n    - \u003ca href='https://github.com/0xvpr/Malicious-Software-Research/blob/main/05.ransomware/01.simple-recursive-encryptor'\u003eSimple Recursive Encryptor\u003c/a\u003e\n06. \u003ca name='evasion'\u003eEvasion\u003c/a\u003e\n    - \u003ca href='https://github.com/0xvpr/Malicious-Software-Research/blob/main/06.evasion/01.anti-dynamic-analysis-techniques'\u003eAnti Dynamic Analysis Techniques\u003c/a\u003e\n07. \u003ca name='living-off-the-land'\u003eLiving Off The Land\u003c/a\u003e\n08. \u003ca name='socket'\u003eSocket\u003c/a\u003e\n    - \u003ca href='https://github.com/0xvpr/Malicious-Software-Research/blob/main/08.socket/1.linux-server'\u003eLinux Server\u003c/a\u003e\n    - \u003ca href='https://github.com/0xvpr/Malicious-Software-Research/blob/main/08.socket/2.python-c2-server'\u003ePython C2 Server\u003c/a\u003e\n09. \u003ca name='keyloggers'\u003eKeyloggers\u003c/a\u003e\n    - \u003ca href='https://github.com/0xvpr/Malicious-Software-Research/blob/main/09.keyloggers/01.simple-keylogger'\u003eSimple Keylogger\u003c/a\u003e\n10. \u003ca name='droppers'\u003eDroppers\u003c/a\u003e\n    - \u003ca href='https://github.com/0xvpr/Malicious-Software-Research/blob/main/10.droppers/01.simple-dropper'\u003eSimple Dropper\u003c/a\u003e\n    - \u003ca href='https://github.com/0xvpr/Malicious-Software-Research/blob/main/10.droppers/02.intermediate-dropper'\u003eIntermediate Dropper\u003c/a\u003e\n11. \u003ca name='hooking-techniques'\u003eHooking Techniques\u003c/a\u003e\n    - \u003ca href='https://github.com/0xvpr/Malicious-Software-Research/blob/main/11.hooking-techniques/01.absolute-jmp-detour'\u003eAbsolute Jmp Detour\u003c/a\u003e\n    - \u003ca href='https://github.com/0xvpr/Malicious-Software-Research/blob/main/11.hooking-techniques/02.absolute-jmp-detour-once'\u003eAbsolute Jmp Detour Once\u003c/a\u003e\n    - \u003ca href='https://github.com/0xvpr/Malicious-Software-Research/blob/main/11.hooking-techniques/03.relative-jmp-detour'\u003eRelative Jmp Detour\u003c/a\u003e\n\n### Credits \u0026 Learning Resources\n- Reversing C++ Classes and Structures\n  - \u003ca href=\"https://www.blackhat.com/presentations/bh-dc-07/Sabanal_Yason/Paper/bh-dc-07-Sabanal_Yason-WP.pdf\"\u003ePaul Vincent Sabanal \u0026 Mark Vincent Yason\u003c/a\u003e\n- Reflective DLL Injection  \n  - \u003ca href=\"https://github.com/rapid7/metasploit-framework/wiki/Using-ReflectiveDll-Injection\"\u003eMSF Explanation\u003c/a\u003e  \n- Executing Position Independent Shellcode from Object Files in Memory\n  - \u003ca href=\"https://bruteratel.com/research/feature-update/2021/01/30/OBJEXEC/\"\u003eDark VortEx\u003c/a\u003e  \n- Shellcode Crafting  \n  - \u003ca href=\"https://www.exploit-db.com/docs/english/13610-building-your-own-ud-shellcodes-part-1.pdf\"\u003efb1h2s\u003c/a\u003e\n- Getting Familiar with Sockets\n  - \u003ca href=\"https://www.youtube.com/watch?v=xCEKzqLTvqg\u0026t=1185s\"\u003eActiveXSploit\u003c/a\u003e\n- Anti Dynamic Analysis \u0026 Sandboxes\n  - \u003ca href=\"https://0xpat.github.io/Malware_development_part_2/\"\u003e0xPat\u003c/a\u003e\n- Anti Debugging\n  - \u003ca href=\"https://0xpat.github.io/Malware_development_part_3/\"\u003e0xPat\u003c/a\u003e\n- Anti Static Analysis Tricks\n  - \u003ca href=\"https://0xpat.github.io/Malware_development_part_4/\"\u003e0xPat\u003c/a\u003e\n### \u003ca href=\"DISCLAIMER.md\"\u003eDisclaimer\u003c/a\u003e\n- Educational Use Only: All examples and code herein are for educational and research purposes only.\n- No Warranty: The repository is provided “as is”, without warranty of any kind, express or implied.\n- Legal Responsibility: You are solely responsible for ensuring that your use of these materials complies with all applicable laws and regulations.\n\nIf you have any doubts regarding the legality or ethics of using these examples, do not proceed.\n\n### \u003ca href=\"LICENSE\"\u003eLicense\u003c/a\u003e\nThis repository is released under the MIT License. In short:\n- You are free to use, modify, and distribute this code for personal or commercial purposes.\n- Please include credit where credit is due.\n- The authors/contributors are not liable for any misuse or damage caused by this code.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0xvpr%2Fmalicious-software-research","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F0xvpr%2Fmalicious-software-research","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0xvpr%2Fmalicious-software-research/lists"}