Get updated

Search Evasion Techniques by Names, Techniques, Definitions, Keywords

[ 01 ] https://unprotect.it/

[ 02 ] https://search.maldevacademy.com/

Kimsucky Apt Analysis
https://somedieyoungzz.github.io/posts/kimsucky-apt-analysis/

If you've ever wanted to live debug user mode Linux processes (e.g.: in WSL) from WinDbg, with 1.2402.24001.0, you can! Start up a gdbserver in WSL (e.g.: gdbserver localhost:1234 ./vim) and connect to it via WinDbg's "Connect to remote debugger"
Documentation for live Linux debugging with WinDbg can be found at:

https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/linux-live-remote-process-debugging

And

https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/linux-dwarf-symbols


#tweet
Credit : William R. Messmer

Unveiling custom packers: A comprehensive guide

https://estr3llas.github.io/unveiling-custom-packers-a-comprehensive-guide/

This write-up covers the basics of working with Native Applications and some interesting things you can do with them.

https://www.protexity.com/post/going-native-malicious-native-applications


#tweet
Credit: Steve S.

Lost in Transaction: Process Doppelgänging
Tal Liberman
Eugene Kogan

https://docs.google.com/viewerng/viewer?url=https://www.blackhat.com/docs/eu-17/materials/eu-17-Liberman-Lost-In-Transaction-Process-Doppelganging.pdf


hasherezade's PoC for doppleganging:
LINK

Dissecting SnakeKeyLogger Macros

https://farghlymal.github.io/Dissecting-SnakeKeyLogger-Macros/

#malware_analysis

Organized list of my malware development resources
https://github.com/rootkit-io/awesome-malware-development



#malware_dev

MALWARE TECHNIQUES FROM AGGRESSOR'S PERSPECTIVE
PATRYK CZECZKO
PAWEŁ KORDOS

#malware_dev

Event Tracing for Windows (ETW): Your Friendly Neighborhood IPC Mechanism

https://www.preludesecurity.com/blog/event-tracing-for-windows-etw-your-friendly-neighborhood-ipc-mechanism

credit : @jsecurity101