Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
View Regular
Thomas Roccia 🤘 Profile picture
Thomas Roccia 🤘
@fr0gger_
Sr. Threat Researcher @Microsoft, Malware Warlock, Threat Intel, Python🧡- Former @McAfee_labs, Goon @Defcon, Creator of #UnprotectProject - Tweets are my own

Nov 6, 2022, 13 tweets

🧵Thread: 10 underestimated resources about malware techniques.

This is a list of various resources to learn more about malware techniques, how to analyse them and how to improve your detection! 🤓 #infosec #malware #threatintel #malwareanalysis #cybersecurity

#1: The Unprotect Project

Of course, I couldn't start this thread without talking about this project we started in 2015. Unprotect Project is a database about Malware Evasion techniques with code snippets and detection rules. cf: @DarkCoderSc

🌐unprotect.it

#2: The LolBas project

Living off the land refers to the use of dual-use tools, which are either already installed in the victims' environment, or are admin, forensic or system tools used maliciously.

🌐lolbas-project.github.io

#3: HijackLibs

DLL hijacking is a common technique used by malware. This project provides a list of DLL Hijacking candidates. A mapping between DLLs and vulnerable executables can be searched via this website. cf: @Wietze

🌐hijacklibs.net

#4: MalApi

Malware relies on Windows API to perform action in the infected system. MalAPI keeps a list of API used by malware. cf: @mrd0x

🌐malapi.io

#5: Living Off Trusted Sites

Attackers are using popular legitimate domains when conducting phishing, C&C, exfiltration and downloading tools to evade detection. cf: @mrd0x

🌐lots-project.com

#6: Malware Persistence

Malware uses persistence mechanisms to survive reboot. This list keeps track of resources related to malware persistence techniques.

🌐github.com/Karneades/awes…

#7: Malware Privilege Escalation

Privilege escalation is often used by malware to gain more access in an infected machine. This list keeps track of privilege escalation resources. cf: @m0nadlabs

🌐github.com/m0nad/awesome-…

#8: Malware Event ID

During execution malware will leave track on the system that can be retrieve in Windows events. This list keeps tracks of resources related to Event ID analysis. cf: @stuhlonsky

🌐github.com/stuhli/awesome…

#9: ORKL

This is a search engine dedicated to threat intelligence reports. You can use it to browse knowledge about attackers, tools, and tactics. cf: @orkleu

🌐orkl.eu

#10: Vx-Underground Malware Techniques Papers

This is a collection of whitepapers classified by techniques. cf: @vxunderground

🌐vx-underground.org/windows.html

#10 +1: The Malware Museum

This is a fun website that contains malware that were distributed between 1980 and 1990. cf: @mikko

🌐archive.org/details/malwar…

That's it! If you like this thread, you can share it, like it and get the list here👇

github.com/fr0gger/Awesom…

Share this Scrolly Tale with your friends.

A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.

Keep scrolling