learn about malware and vaccine
- malware samples for testing is provided through .zip files
- text is provided in Korean only
- malware materials should be used only educational purpose only.
- if link does not work, please wait for few days... (the post is scheduled)
| chapter | about | text |
|---|---|---|
| 1_EICAR | famous malware test file, EICAR | https://verybigsilver.tistory.com/227 |
| 2_EICAR_new | detecting EICAR's variety | https://verybigsilver.tistory.com/228 |
| 3_malware_db | making & managing malware data (pandas) | https://verybigsilver.tistory.com/229 |
| 4_signature | detect malware with signature | https://verybigsilver.tistory.com/235 |
| 5_import_table | by using Import table, detect suspicious API | https://verybigsilver.tistory.com/237 |
| 6_registry_cure | restore polluted registry by malware | https://verybigsilver.tistory.com/240 |
| chapter | about | text |
|---|---|---|
| 1_malware basis | make environment for malware developement | https://verybigsilver.tistory.com/221 |
| 2_windows basis | learn about windows architecture for malware development | windows architecture: https://verybigsilver.tistory.com/223 API: https://verybigsilver.tistory.com/224 DLL: https://verybigsilver.tistory.com/225 process&thread: https://verybigsilver.tistory.com/226 |
| 3_saving payload | save payload in various section of PE | https://verybigsilver.tistory.com/230 |
| 4_metasploit | make payload by using metasploit | https://verybigsilver.tistory.com/231 |
| 5_payload obfuscation/encryption | obfuscate&encrpyt payload | obfuscation: https://verybigsilver.tistory.com/232 encryption: https://verybigsilver.tistory.com/233 |
| 6_local payload injection | execute payload in your own malware file | https://verybigsilver.tistory.com/234 https://verybigsilver.tistory.com/236 |
| 7_persistancy | persist malware by using registry key | https://verybigsilver.tistory.com/238 |
| 8_manipulate registry | hide malware from user by manipulating registry | https://verybigsilver.tistory.com/239 |
| 9_shellcode injection | injecting payload to other process | https://verybigsilver.tistory.com/253 |
| 10_dll injection | injecting dll to other process | https://verybigsilver.tistory.com/254 |
| 11_payload staging | staging payload with web server | https://verybigsilver.tistory.com/255 |
| 12_thread hijacking | to avoid detection, use other process's existing thread | local: https://verybigsilver.tistory.com/257 remote: https://verybigsilver.tistory.com/258 |