Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/jstrosch/learning-malware-analysis
This repository contains sample programs that mimick behavior found in real-world malware. The goal is to provide source code that can be compiled and used for learning purposes, without having to worry about handling live malware.
https://github.com/jstrosch/learning-malware-analysis
c learning malware-analysis reverse-engineering windows-api
Last synced: 3 days ago
JSON representation
This repository contains sample programs that mimick behavior found in real-world malware. The goal is to provide source code that can be compiled and used for learning purposes, without having to worry about handling live malware.
- Host: GitHub
- URL: https://github.com/jstrosch/learning-malware-analysis
- Owner: jstrosch
- Created: 2019-09-25T18:52:48.000Z (about 5 years ago)
- Default Branch: master
- Last Pushed: 2024-07-06T14:42:58.000Z (6 months ago)
- Last Synced: 2024-12-13T21:05:36.766Z (10 days ago)
- Topics: c, learning, malware-analysis, reverse-engineering, windows-api
- Language: C
- Homepage: https://thecyberyeti.com
- Size: 8.32 MB
- Stars: 609
- Watchers: 19
- Forks: 73
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
Awesome Lists containing this project
README
# Learning Malware Analysis
This repository contains sample programs that mimick behavior found in real-world malware. The goal is to provide source code that can be compiled and used for learning purposes, without having to worry about handling live malware or causing real damage to any system. The type of program is organized by concept it is focused on, you can see this through the root folder structure.I discuss many of these programs through online videos and courses and you may find the following helpful:
- Various topics in malware analysis - [YouTube Playlist](https://www.youtube.com/playlist?list=PLHJns8WZXCdueUdUTn-xw-eiBZuqSUGPG)
- Getting Started with Reverse Engineering - [YouTube Playlist](https://www.youtube.com/playlist?list=PLHJns8WZXCdvaD7-xR7e5FJNW_6H9w-wC) and full courses on [Pluralsight](https://www.pluralsight.com/courses/reverse-engineering-getting-started)
- Essential Malware Analysis on Pluralsight:
- [Initial File Triage](https://www.pluralsight.com/courses/initial-file-triage-malware-analysis)
- [Initial Access Techniques](https://www.pluralsight.com/courses/initial-access-techniques-malware-analysis)
- [Basics of IDA Pro](https://www.pluralsight.com/courses/ida-pro-concepts-basic-functionality)
- [Basics of Ghidra](https://www.pluralsight.com/courses/ghidra-concepts-basic-functionality)- Yara for Malware Research - [YouTube playlist](https://www.youtube.com/playlist?list=PLHJns8WZXCdsG809U-N3tGuf_665Ox3Q8)
- Essential Elements of the Portable Executable (PE) file - [YouTube playlist](https://www.youtube.com/playlist?list=PLHJns8WZXCdstHnLaxcz-CO74fO4Q88_8)
## Other Tools You May Find Helpful
- [Learning Reverse Engineering Github repo](https://github.com/jstrosch/learning-reverse-engineering/tree/master): A similar repository with source code and resources for learning reverse engineering.
- [sclauncher](https://github.com/jstrosch/sclauncher): A shellcode launcher and debugging tool## Compiling the Source Code
These programs are intended to be compiled with the C/C++ compiler from Microsoft. You can use the `Developer Command Prompt` after installing the free/community version to compile using `cl`. An example of this command would be:
```cl ```
This should produce two files: `.obj` and `.exe` using the name of the input file. You can typically ignore the `.obj` file, the `.exe` is what you will analyze. Please note, occassionally specific compiler flags are used to obtain desired affects in the resulting binary. These compiler flags will be identified in the related videos or noted in the README in the specific folder.
If you're looking for real world malware or other interesting artifacts, please check out my repo [malware-samples](https://github.com/jstrosch/malware-samples).