Development

• https://threadreaderapp.com/thread/1520676600681209858.html

• https://www.mdsec.co.uk/2022/07/part-1-how-i-met-your-beacon-overview/

• https://www.mdsec.co.uk/2022/07/part-2-how-i-met-your-beacon-cobalt-strike/

• https://www.mdsec.co.uk/2022/08/part-3-how-i-met-your-beacon-brute-ratel/

EIKAR test file:

Blog Series / Books

PE Structure (+ PEB/LDR)

• https://alice.climent-pommeret.red/posts/direct-syscalls-hells-halos-syswhispers2/

• https://viuleeenz.github.io/posts/2024/02/understanding-peb-and-ldr-structures-using-ida-and-lummastealer/

• https://fareedfauzi.github.io/2024/07/13/PEB-Walk.html

• https://print3m.github.io/blog/x64-winapi-shellcoding

• https://habr.com/ru/articles/808787/

• https://nikhilh-20.github.io/blog/peb_phobos_ransomware/

• https://redops.at/en/blog/edr-analysis-leveraging-fake-dlls-guard-pages-and-veh-for-enhanced-detection

• https://onlyf8.com/pe-format

• https://synawk.com/blog/peb-obfuscation-malware-dev-0x4

A dive into the PE file format (0xRick)

• A dive into the PE file format - Introduction

• A dive into the PE file format - PE file structure - Part 1: Overview

• A dive into the PE file format - PE file structure - Part 2: DOS Header, DOS Stub and Rich Header

• A dive into the PE file format - PE file structure - Part 3: NT Headers

• A dive into the PE file format - PE file structure - Part 4: Data Directories, Section Headers and Sections

• A dive into the PE file format - PE file structure - Part 5: PE Imports (Import Directory Table, ILT, IAT)

• A dive into the PE file format - PE file structure - Part 6: PE Base Relocations

• A dive into the PE file format - LAB 1: Writing a PE Parser

Malware development (0xPat)

• Malware development part 1 - basics

• Malware development part 2 - anti dynamic analysis & sandboxes

• Malware development part 3 - anti-debugging

• Malware development part 4 - anti static analysis tricks

• Malware development part 5 - tips & tricks

• Malware development part 6 - advanced obfuscation with LLVM and template metaprogramming

• Malware development part 7 - Secure Desktop keylogger

• Malware development part 8 - COFF injection and in-memory execution

• Malware development part 9 - hosting CLR and managed code injection

Windows APT Warfare (Sheng-Hao Ma)

• https://www.packtpub.com/product/windows-apt-warfare/9781804618110

• https://github.com/PacktPublishing/Windows-APT-Warfare

• https://habr.com/ru/articles/766760/

• https://xss.is/threads/87501/

Malware Development for Dummies (Cas van Cooten)

• [PDF] Malware Development for Dummies (Cas van Cooten)

• https://github.com/chvancooten/maldev-for-dummies

Learning LLVM (sh4dy)

• https://sh4dy.com/2024/06/29/learning_llvm_01/

• https://sh4dy.com/2024/07/06/learning_llvm_02/

• https://github.com/0xSh4dy/learning_llvm