Pafish is a demonstration tool that employs several techniques to detect sandboxes and analysis environments in the same way as malware families do.

https://github.com/a0rtega/pafish

Malware Configuration And Payload Extraction

https://github.com/ctxis/CAPE

NEW URSNIF VARIANT TARGETS JAPAN PACKED WITH NEW FEATURES

https://www.cybereason.com/blog/new-ursnif-variant-targets-japan-packed-with-new-features

Auto-renaming dummy-named functions, which have one API call or jump to the imported API

https://github.com/a1ext/auto_re

Indicators of Compromise vs. Tactics, Techniques, and Procedures

https://azeria-labs.com/iocs-vs-ttps/

Embed and hide any file in HTML:
https://github.com/Arno0x/EmbedInHTML

Corona DDoS bot

In this article, multiple phases will be described using the usual step-by-step approach. Firstly, the main function is analysed in order to get an overview of the malware’s lay-out. Secondly, the local address is obtained. Thirdly, the mutex that is used by the malware is described. Fourthly, the decryption routine for the encrypted strings will be analysed and rewritten in Java. Using this decryptor, the actual values of the encrypted strings can be obtained. Fifthly, the bot’s registration at the command & control server will be analysed, including a connectivity check. Sixthly, the process of dispatching incoming commands will be analysed. Lastly, a conclusion is made based upon the findings

https://maxkersten.nl/binary-analysis-course/malware-analysis/corona-ddos-bot/

Reverse Engineering Gootkit with Ghidra Part I

https://dannyquist.github.io/gootkit-reversing-ghidra/

Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files) and Zeek logs.

https://github.com/idaholab/Malcolm

A Deep Dive into the Emotet Malware

Emotet is a trojan that is primarily spread through spam emails. During its lifecycle, it has gone through a few iterations. Early versions were delivered as a malicious JavaScript file. Later versions evolved to use macro-enabled Office documents to retrieve a malicious payload from a C2 server.

https://www.fortinet.com/blog/threat-research/deep-dive-into-emotet-malware.html

Learn regex the easy way.

Regular expression is a group of characters or symbols which is used to find a specific pattern from a text.

https://github.com/ziishaned/learn-regex/blob/master/README.md

Online regex tester, debugger with highlighting for PHP, PCRE, Python, Golang and JavaScript.
https://regex101.com/

PE Section Header Injection using Code Cave
https://link.medium.com/RJy2Yazks1

[ExpDev] Weaponizing Your Favorite PE — Portable Executable Exploit
https://link.medium.com/fF6Sdvdls1

Malware on Steroids

Part 1: Simple CMD Reverse Shell
https://0xdarkvortex.dev/index.php/2018/09/04/malware-on-steroids-part-1-simple-cmd-reverse-shell/

Part 2: Evading Antivirus in a Simulated Organizational Environment
https://0xdarkvortex.dev/index.php/2018/09/17/malware-on-steroids-part-2-evading-antivirus-in-a-simulated-organizational-environment/

Part 3: Machine Learning & Sandbox Evasion
https://0xdarkvortex.dev/index.php/2018/10/27/malware-on-steroids-part-3-machine-learning-sandbox-evasion/

Part 4: Defender and Symantec Endpoint Protection Evasion
https://0xdarkvortex.dev/index.php/2018/11/01/malware-on-steroids-part-4-defender-and-symantec-endpoint-protection-evasion/

Code that allows running another windows PE in the same address space as the host process.

https://github.com/Zer0Mem0ry/RunPE

Converts PE so that it can be then injected just like a normal shellcode.
(At the same time, the output file remains to be a valid PE).
Supports both 32 and 64 bit PEs

https://github.com/hasherezade/pe_to_shellcode

Portable Executable (P.E.) Code Injection: Injecting an Entire C Compiled Application

https://www.codeproject.com/Articles/24417/Portable-Executable-P-E-Code-Injection-Injecting-a