⚠️ Malware Development<img width="30%" src="https://user-images.githubusercontent.com/59679082/220690535-7516365f-3383-4385-b7b2-d511d8fb1d17.png">
This repository was created to archive and document all of my attempts to learn and develop malware. I'm brand new to all of this. We'll start from the absolute beginning and see how far we can get. This repository houses the code (often updated to reflect my current "skills" — or lack thereof) from my videos on YouTube or my blog.
[!Important] I can't believe this has to be said but I am not a professional developer... at all. I will be making a lot of mistakes (as a consequence of my being green to the scene) and I will never claim that any of my code is the best/most efficient or that any of these techniques are things that I've created/discovered. My repeated cringing at my old code has conditioned me to be rather self-conscious of my code and abilities as a whole, but as time progresses, I hope that my coding skills get better and better and that it reflects in this repository. But again, I'm new and learning like all of you were at some point.
The techniques I'd love to learn are:
🟢 Shellcode Injection 🟢 DLL Injection 🟢 Using NTDLL 🟢 Full NTDLL Implementation🟢 Using Direct System Calls 🟢 Indirect Syscalls[!Note] As I come across more stuff, I'll add more to the list. Moreover, as I complete the techniques above, I'll also update this list. My goal is to populate this repository with a variety of techniques related to process injection, thread hijacking, token-related stuff, kernel-related stuff, evasion-related stuff, etc. etc.
📚 PrerequisitesWe're going to be dealing with a lot of low-level stuff. As such, it's important to familiarize yourself with languages like C, C++, Assembly, etc. I might create another repository solely for documenting my progression with the aforementioned topics, but that's far back in the pipeline for now.
👨💻 CompilationIf a technique specifically does not contain a Makefile, then it's meant to be compiled using Visual Studio. Otherwise, you can just compile the program(s) with make. I'm sure all of these can be compiled with a Makefile, but I haven't had the time to give it much attention yet.
[!Warning] Obviously, the stuff in this repository is explicitly for educational purposes. Not that you'll be able to run this in a patched environment (especially with the shellcode generated with
msfvenomthrown into the mix) without getting the absolute sh*t flagged out of it. Regardless, I do not condone the use of these programs for any malicious activities.
🛑 Common PitfallsSince there has been a lot of attention on the videos and thus, a ton of people trying out the techniques for themselves, a lot of problems have been encountered. However, they're all (mostly) very easy to diagnose and remedy.
EXITFUNC=thread during your msfvenom generation which will allow the process to exit gracefully instead of shredding the process and killing it. The included shellcode already has this set, so if you're facing the crashing issue, that would need further investigation.msfvenom | metasploit) payloads, listeners, handlers, etc. are. Encrypt your traffic or use something less signatured. A reverse shell by itself is almost always suspicious so more techniques are going to be needed in conjunction with what we've learned above.🫂 ContributingI'm only going to be accepting bug fixes or typo fixes. Since this repository was created to document my personal growth with malware development, I don't want to cheat myself by having you contribute a technique which I myself am not currently capable of implementing. If I'm doing something super inefficently (which most of the time I am), then depending on what it is, it might get accepted as a pull request. Either way, contributions are accepted based on those two (2) conditions. Thank you very much to everyone who helps out!
💖 AcknowledgementsI'd be nothing without the support and research of my incredible (and insanely smart) friends who've pretty much taught me everything I know — in some way or another, as well as directly influenced me on this ongoing and amazing journey. In no particular order, thanks to:
- Lavender, Zetty, Xor, Spider, Rektsu, Bakki, Nigerald, Snow, Aqua, Geistmeister, Urien, and many many more.
$ claude mcp add maldev \
-- python -m otcore.mcp_server <graph>