Malware on Steroids

Part 1: Simple CMD Reverse Shell
https://0xdarkvortex.dev/index.php/2018/09/04/malware-on-steroids-part-1-simple-cmd-reverse-shell/

Part 2: Evading Antivirus in a Simulated Organizational Environment
https://0xdarkvortex.dev/index.php/2018/09/17/malware-on-steroids-part-2-evading-antivirus-in-a-simulated-organizational-environment/

Part 3: Machine Learning & Sandbox Evasion
https://0xdarkvortex.dev/index.php/2018/10/27/malware-on-steroids-part-3-machine-learning-sandbox-evasion/

Part 4: Defender and Symantec Endpoint Protection Evasion
https://0xdarkvortex.dev/index.php/2018/11/01/malware-on-steroids-part-4-defender-and-symantec-endpoint-protection-evasion/

Code that allows running another windows PE in the same address space as the host process.

https://github.com/Zer0Mem0ry/RunPE

Converts PE so that it can be then injected just like a normal shellcode.
(At the same time, the output file remains to be a valid PE).
Supports both 32 and 64 bit PEs

https://github.com/hasherezade/pe_to_shellcode

Portable Executable (P.E.) Code Injection: Injecting an Entire C Compiled Application

https://www.codeproject.com/Articles/24417/Portable-Executable-P-E-Code-Injection-Injecting-a

Using Run-Time Dynamic Linking

https://docs.microsoft.com/en-us/windows/win32/dlls/using-run-time-dynamic-linking

Fully undetectable backdooring PE file

https://haiderm.com/fully-undetectable-backdooring-pe-file/

Using OOAnalyzer to Reverse Engineer Object Oriented Code with Ghidra

https://insights.sei.cmu.edu/sei_blog/2019/07/using-ooanalyzer-to-reverse-engineer-object-oriented-code-with-ghidra.html

ROPGenerator is a tool that helps you building ROP exploits by finding and chaining gadgets together

https://github.com/Boyan-MILANOV/ropgenerator

Debugging Windows Services For Malware Analysis / Reverse Engineering

https://secrary.com/Random/WindowsServiceDebugging/

claripy Solver Engine. A frontend to z3.

http://angr.io/api-doc/claripy.html

SMUC: Simplified MITRE Use Cases, it describes the Attack and Detection

https://github.com/karemfaisal/SMUC

Get a reverse shell within 15 seconds on both Windows or Unix based systems, using the Digispark developement board.

https://github.com/HassanShehata/KeySpark

A realtime assembler and disassembler  
https://disasm.pro/

HiddenWasp Malware Stings Targeted Linux Systems

https://www.intezer.com/blog-hiddenwasp-malware-targeting-linux-systems/

Analysis of New Agent Tesla Spyware Variant

https://www.fortinet.com/blog/threat-research/analysis-of-new-agent-tesla-spyware-variant.html

Hi everyone! We are so happy to announce that we finally implemented a debugger in Cutter! 🎉
The beta version of the debugger is available NOW on the Master branch so you can build the recent version of Cutter or download the precompiled executable from Appveyor (if you're on Windows).

We will release the debugger officially in about a week, until then - we are looking forward to your feedback so please make sure to try it and report us any issue or feature requests you have. 🍻

https://github.com/radareorg/cutter

AgentTesla: Deep analysis of a visual basic spyware Trojan

https://www.reb311ion.com/MalwareAnalysisReports/AgentTesla/