{"id":13748272,"url":"https://github.com/hasherezade/malware_training_vol1","last_synced_at":"2025-05-15T14:06:10.597Z","repository":{"id":37475032,"uuid":"350366316","full_name":"hasherezade/malware_training_vol1","owner":"hasherezade","description":"Materials for Windows Malware Analysis training (volume 1)","archived":false,"fork":false,"pushed_at":"2024-07-01T21:59:06.000Z","size":11882,"stargazers_count":1977,"open_issues_count":10,"forks_count":194,"subscribers_count":151,"default_branch":"main","last_synced_at":"2025-04-11T22:38:07.326Z","etag":null,"topics":["malware-analysis","malware-research","windows-malware-analysis"],"latest_commit_sha":null,"homepage":"","language":"Assembly","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hasherezade.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-03-22T14:06:13.000Z","updated_at":"2025-04-10T12:47:24.000Z","dependencies_parsed_at":"2024-08-03T07:01:35.467Z","dependency_job_id":"325c7496-dd3e-4a09-8d28-fec93067ed0e","html_url":"https://github.com/hasherezade/malware_training_vol1","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hasherezade%2Fmalware_training_vol1","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hasherezade%2Fmalware_training_vol1/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hasherezade%2Fmalware_training_vol1/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hasherezade%2Fmalware_training_vol1/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hasherezade","download_url":"https://codeload.github.com/hasherezade/malware_training_vol1/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254355335,"owners_count":22057354,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["malware-analysis","malware-research","windows-malware-analysis"],"created_at":"2024-08-03T07:00:38.081Z","updated_at":"2025-05-15T14:06:05.570Z","avatar_url":"https://github.com/hasherezade.png","language":"Assembly","funding_links":[],"categories":["Malware Analysis","Github resources"],"sub_categories":["Courses","Posts from Hacker101 members on how to get started hacking","Hashing"],"readme":"# malware_training_vol1\n\nMaterials for Windows Malware Analysis training (volume 1)\n\n## *🚧 WARNING: work in progress! More material will be added gradually.*\n\n### Content\n\nThe goal of this training it to build understanding of various common techniques used by malware. It contains elements of programming as well as reverse engineering, and introduction to some Windows internals concepts. \n\nIt also showcases how various tools (including my own) can be used to achieve particular analysis goals.\n\n### Target audience\n\nThis material would fit best to people who already have technical knowledge from surrounding areas: basics of programming and reverse engineering - yet, who want to **enter into the field of Windows malware analysis**.\n\n### License\n\n![Creative Commons BY License](https://licensebuttons.net/l/by/3.0/88x31.png)\n\nThis material is published under the [Creative Commons BY License](https://creativecommons.org/licenses/by/4.0/), which means:\n\n\u003e This license lets others distribute, remix, adapt, and build upon your work, even commercially, as long as they credit you for the original creation.\n\u003e \n\n### Noticed an error?\n\nIf you noticed any error in this material, please report it in the [Issues](https://github.com/hasherezade/malware_training_vol1/issues)\n\n### Need help in a task?\n\nIf you need help in any of the exercises, or have additional questions, you can share it in [discussions](https://github.com/hasherezade/malware_training_vol1/discussions)\n\n## Covered topics vs planned\n\n#### Module 1\n\n| Slides  | Exercises | Topic\n|------------|------|---\n| :heavy_check_mark:      | :heavy_check_mark:  |  compilation\n| :heavy_check_mark:      | :heavy_check_mark:   |  PE\n| :heavy_check_mark:      | :heavy_check_mark:    |  Process\n| :heavy_check_mark:      | :white_medium_square:    |  WoW64\n| :heavy_check_mark:      | :heavy_check_mark:    |  shellcode\n| :white_medium_square:      | :white_medium_square:    |  code injection\n| :white_medium_square:/:heavy_check_mark:      | :white_medium_square:/:heavy_check_mark:   |  PE loaders\n\n\n#### Module 2\n\n| Slides  | Exercises | Topic\n|------------|------|---\n| :heavy_check_mark:      | :white_medium_square:    |  Malware missions \u0026 tactics (intro)\n| :heavy_check_mark:      | :white_medium_square:    |  hooking\n| :heavy_check_mark:      | :white_medium_square:    |  persistence\n| :white_medium_square:     | :white_medium_square:    |  UAC bypass\n| :heavy_check_mark:     | :white_medium_square:    |  Banking trojans\n| :white_medium_square:     | :white_medium_square:    |  RATs\n| :white_medium_square:     | :white_medium_square:    |  Ransomware\n| :white_medium_square:     | :white_medium_square:    |  Lateral movements\n\n#### Module 3\n\n| Slides  | Exercises | Topic\n|------------|------|---\n| :heavy_check_mark:     | :white_medium_square:    |  Evasion and self-defence (intro)\n| :white_medium_square:/:heavy_check_mark:     | :white_medium_square:    |  Fingerprinting\n| :white_medium_square:     | :white_medium_square:    |  String obfuscation\n| :white_medium_square:     | :white_medium_square:    |  Imports obfuscation\n| :white_medium_square:     | :white_medium_square:    |  Flow obfuscation\n| :white_medium_square:     | :white_medium_square:    |  Malware antihooking\n| :white_medium_square:     | :white_medium_square:    |  Review of approaches to deobfuscation\n| :white_medium_square:     | :white_medium_square:    |  Kernel-mode malware components\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhasherezade%2Fmalware_training_vol1","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhasherezade%2Fmalware_training_vol1","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhasherezade%2Fmalware_training_vol1/lists"}