awesome-malware-development
Organized list of my malware development resources
https://github.com/rootkit-io/awesome-malware-development
Last synced: 14 days ago
JSON representation
-
Articles & Writeups
-
Evasion & Obfuscation
-
Injection & Hooking Techniques
-
Malware Development Fundamentals & Series
- Malware Development – Welcome to the Dark Side: Part 1
- Art of Malware
- Malware Development Part 1
- Basic Ransomware guide
- Master of RATs - How to create your own Tracker
- Amazing article to read with some good resources (Personal Tale and the Road to Malware Development, Resources)
- Best series i will say if you wanna get into programming/malware dev recommended series to follow it will start with learn programming thats needed asm and stuff after that getting into maldev
- Filess malware
- Examining the Morris Worm Source Code
- IOT Malware
- Roadmap for Malware Development and Evasion
-
Rootkits (Userland & Kernel)
- PT_NOTE -> PT_LOAD x64 ELF virus written in Assembly
- (Recommended Read) if you want to creat your first userland rootkit and you just know C you can go for this blog if you wanna start into rootkit development
- Becoming-rat-your-system
- The magic of LD_PRELOAD for Userland Rootkits (good read if you wanna get into rootkits this blog is for userland rootkits)
- Complete guide on LKM hacking
-
Specific Malware & APT Analysis
-
-
Blogs
-
x86/x64 Assembly
- Vitali Kremez
- 0xPat
- zerosum0x0
- Guitmz - quality maldev content
- TheXcellerator
- cocomelonc
- captmeelo - Excellent writeups check this out!!!
- iRedTeam - red team notes
-
-
Books
-
Free Books / PDFs
-
-
Courses
-
Essentials
-
C Programming
-
x86/x64 Assembly
-
-
Free books
- The magic of LD_PRELOAD for Userland Rootkits(good read if you wanna get into rootkits this blog is for userland rootkits)
- Function Hooking Part I: Hooking Shared Library Function Calls in Linux
- Complete guide on LKM hacking
- Eset Turla Outlook backdoor report
- Writing a custom encoder
- Engineering antivirus evasion
- Analysis of Project Sauron APT
- Detailed analysis of Zloader
- BendyBear shellcode malware
- A Basic Windows DKOM Rootkit
- Loading Kernel Shellcode
- Windows Kernel Shellcode on Windows 10 – Part 2
- Introduction to Shellcode Development
- Autochk Rootkit Analysis
- pierogi backdoor
- Pay2Kitten
- STEELCORGI
- Lebanese Cedar APT
- LazyScripter
- Maze deobfuscation
- Darkside overview
- Code obfuscation techniques
- SideCopy APT tooling
- Hiding in PEB sight: Custom loader
- Zloader: New infection technique
- FinFisher exposed: A researcher’s tale of defeating traps, tricks, and complex virtual machines
- A tale of EDR bypass methods
- In-depth dive into the security features of the Intel/Windows platform secure boot process
- Process Injection Techniques
- Adventures with KernelCallbackTable Injection
- Useful Libraries for Malware Development
- Parent Process ID (PPID) Spoofing
- OffensiVe Security with V - Process Hollowing
- Looking for Remote Code Execution bugs in the Linux kernel
- memory-analysis-evasion
- SideCopy APT tooling
- 100% evasion - Write a crypter in any language to bypass AV
- Underground
- MalShare
- SideCopy APT tooling
- SideCopy APT tooling
- SideCopy APT tooling
- SideCopy APT tooling
- SideCopy APT tooling
- SideCopy APT tooling
- SideCopy APT tooling
- SideCopy APT tooling
- SideCopy APT tooling
- SideCopy APT tooling
- SideCopy APT tooling
- SideCopy APT tooling
- Loading Kernel Shellcode
- SideCopy APT tooling
- SideCopy APT tooling
- SideCopy APT tooling
- SideCopy APT tooling
- SideCopy APT tooling
- SideCopy APT tooling
- SideCopy APT tooling
- SideCopy APT tooling
- SideCopy APT tooling
- SideCopy APT tooling
- SideCopy APT tooling
- Introduction to Shellcode Development
- SideCopy APT tooling
- Introduction to Shellcode Development
- Introduction to Shellcode Development
- Introduction to Shellcode Development
- Introduction to Shellcode Development
- Introduction to Shellcode Development
- Introduction to Shellcode Development
- Introduction to Shellcode Development
- Introduction to Shellcode Development
- Mutants Sessions Self Deletion
- TL-TROJAN
- Linker_preloading_virus
- Awesome-linux-rootkits
- Virii
- Flare-floss
- Ebpfkit
- Evasions
- loonix_syscall_hook
- Introduction to Shellcode Development
- Introduction to Shellcode Development
- Introduction to Shellcode Development
- Introduction to Shellcode Development
- Introduction to Shellcode Development
- Introduction to Shellcode Development
- SideCopy APT tooling
- Al-Khaser
- awesome-executable-packing
- Introduction to Shellcode Development
- WastedLocker analysis
- Lazarus shellcode execution
- Introduction to Shellcode Development
- Introduction to Shellcode Development
- Introduction to Shellcode Development
- Introduction to Shellcode Development
- Introduction to Shellcode Development
- loonix_syscall_hook
- Loading Kernel Shellcode
-
Modern Topics (2025–2026) **← FRESH & HIGHLY RECOMMENDED**
-
EDR Evasion & Modern Techniques
-
Linux Kernel & Rootkits
-
Rust / Nim / Go for Malware Development
-
UEFI Bootkits & Advanced Kernel
-
-
Open-Source PoCs & Sample Projects
-
Talks
-
x86/x64 Assembly
- Horse Pill: A New Type of Linux Rootkit
- LKM Rootkit Series (playlist)
- Creating and Countering the Next Generation of Linux Rootkits
- Kernel Mode Threats and Practical Defenses
- Alex Ionescu – Advancing the State of UEFI Bootkits
- BlueHat v18: Return of the kernel rootkit malware (Windows 10)
- BlackAlps 2025: Level Up Your Malware – A Practical Journey Into EDR Evasion
-
-
Tools & Frameworks **(Updated 2026)**
-
x86/x64 Assembly
- Havoc
- Mythic - platform C2
- Sliver - platform implant framework
- Donut
- SysWhispers
- InlineWhispers
-
-
Uncategorized
-
Uncategorized
-
-
YouTube Channels
-
x86/x64 Assembly
- AGDC Services - quality malware content
- TheSphinx - from-scratch series
- Joey Abrams - injection & Linux maldev
- w3w3w3
-
Categories
Sub Categories
x86/x64 Assembly
34
Malware Development Fundamentals & Series
11
Rootkits (Userland & Kernel)
5
EDR Evasion & Modern Techniques
4
Injection & Hooking Techniques
3
UEFI Bootkits & Advanced Kernel
3
Rust / Nim / Go for Malware Development
3
C Programming
2
Linux Kernel & Rootkits
2
Evasion & Obfuscation
2
Specific Malware & APT Analysis
1
Uncategorized
1
Free Books / PDFs
1
Keywords
malware
5
linux
4
rootkit
4
kernel
2
malware-development
2
malware-research
2
strings
1
ebpf
1
linux-kernel
1
linux-kernel-hacking
1
runtime-security
1
security
1
anti-analysis
1
anti-emulation
1
anti-sandbox
1
anti-vm
1
evasions
1
sandbox-evasion
1
malware-analysis
1
gsoc-2025
1
flare
1
deobfuscation
1
x86
1
windows
1
win32
1
virus
1
dos
1
assembly
1
rootkits
1
awesome-list
1
syscall
1
poc
1
lkm
1
hooking
1
hidden
1
ftrace
1
training
1
maldev
1
documentation
1
malware-detection
1
sliver
1
security-tools
1
red-teaming
1
red-team-engagement
1
red-team
1
implant
1
http
1
gplv3
1
golang
1
dns-server
1