This repository is a curated collection of links and resources for malware development and offensive security research. It targets security professionals, researchers, and developers interested in understanding and replicating advanced techniques used in malware and red teaming operations. The primary benefit is a centralized, categorized knowledge base for exploring complex evasion, injection, and persistence methods.

How It Works

The collection is organized into thematic categories such as Evasion, Process Injection, Rootkits, Active Directory, and Command and Control (C2). It links to blog posts, research papers, GitHub repositories, and conference talks detailing specific techniques, often with accompanying code samples or explanations of their underlying mechanisms. The categorization aims to provide a structured approach to learning about various facets of offensive security tooling and malware development.

Quick Start & Requirements

No installation is required. This is a curated list of external resources.

Highlighted Details

• Extensive coverage of EDR evasion techniques, including AMSI/ETW manipulation, DLL hijacking, and API hooking.
• Detailed sections on process injection methods, from classic techniques like DLL injection to advanced approaches like threadless injection and object overloading.
• Resources on kernel-level operations, including rootkits and syscall manipulation.
• A broad range of Active Directory exploitation and persistence techniques.

Maintenance & Community

The repository is maintained by CodeXTF2. The README mentions contributions from @janoglezcampos for formatting and categorization. There are no explicit links to community channels or roadmaps provided.

Licensing & Compatibility

The repository itself contains links to external resources, and the licensing of those individual resources varies. The collection itself does not appear to have a specific license attached in the README.

Limitations & Caveats

This is a collection of links, not a functional tool. The quality and accuracy of the linked resources are not guaranteed by the repository owner. Some links may become outdated or broken over time.