This repository contains sample programs that mimick behavior found in real-world malware. The goal is to provide source code that can be compiled and used for learning purposes, without having to worry about handling live malware.
☆684Jul 6, 2024Updated last year
Alternatives and similar repositories for learning-malware-analysis
Users that are interested in learning-malware-analysis are comparing it to the libraries listed below
Sorting:
- This repository contains sample programs written primarily in C and C++ for learning native code reverse engineering.☆738Nov 30, 2025Updated 3 months ago
- Malware samples, analysis exercises and other interesting resources.☆1,613Jan 13, 2024Updated 2 years ago
- A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files …☆169Jul 20, 2024Updated last year
- Malwoverview is a rapid response tool used to gather intelligence information from VirusTotal, Hybrid Analysis, URLHaus, Polyswarm, Malsh…☆3,548Jan 20, 2026Updated last month
- The FLARE team's open-source tool to identify capabilities in executable files.☆5,844Updated this week
- A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as …☆431Feb 18, 2026Updated last week
- Free training course offered at Hack Space Con 2023☆138Apr 13, 2023Updated 2 years ago
- PoCs and tools for investigation of Windows process execution techniques☆952Feb 2, 2026Updated 3 weeks ago
- Awesome list of keywords and artifacts for Threat Hunting sessions☆638Aug 4, 2025Updated 6 months ago
- A list of cyber-chef recipes and curated links☆2,186Jun 14, 2024Updated last year
- This project aims to compare and evaluate the telemetry of various EDR products.☆1,927Jan 20, 2026Updated last month
- A resource containing all the tools each ransomware gangs uses☆1,330Dec 24, 2025Updated 2 months ago
- A workshop about Malware Development☆1,764Jun 2, 2023Updated 2 years ago
- EDR Lab for Experimentation Purposes☆1,413Updated this week
- IATelligence is a Python script that will extract the IAT of a PE file and request GPT to get more information about the API and the ATT&…☆374Dec 9, 2022Updated 3 years ago
- ☆512Oct 7, 2024Updated last year
- Some of my publicly available Malware analysis and Reverse engineering.☆932Jun 3, 2024Updated last year
- A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the …☆1,821Nov 3, 2024Updated last year
- A memory-based evasion technique which makes shellcode invisible from process start to end.☆1,198Oct 16, 2023Updated 2 years ago
- Various methods of executing shellcode☆74Mar 27, 2023Updated 2 years ago
- APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the …☆1,400Nov 7, 2024Updated last year
- Hardcore Debugging☆931Jan 6, 2026Updated last month
- Malware Configuration And Payload Extraction☆3,031Updated this week
- Labs for Practical Malware Analysis & Triage☆1,080Updated this week
- A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering env…☆8,378Dec 23, 2025Updated 2 months ago
- Windows kernel and user mode emulation.☆1,860Updated this week
- This is a repository of resource about Malware techniques☆824Apr 8, 2023Updated 2 years ago
- Materials for Windows Malware Analysis training (volume 1)☆2,026Jul 1, 2024Updated last year
- A not so awesome list of malware gems for aspiring malware analysts☆829Feb 7, 2023Updated 3 years ago
- Aims to identify sleeping beacons☆662Jan 25, 2026Updated last month
- An analytical challenge created to test junior analysts looking to try performing proactive and reactive cyber threat intelligence.☆202Jul 3, 2024Updated last year
- Cover various security approaches to attack techniques and also provides new discoveries about security breaches.☆486Apr 17, 2025Updated 10 months ago
- Dynamic unpacker based on PE-sieve☆796Sep 13, 2025Updated 5 months ago
- Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.☆3,037Updated this week
- MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR☆696Oct 22, 2025Updated 4 months ago
- ☆1,072May 18, 2024Updated last year
- Awesome Security lists for SOC/CERT/CTI☆1,257Feb 22, 2026Updated last week
- ☆127Updated this week
- Detection Engineering is a tactical function of a cybersecurity defense program that involves the design, implementation, and operation o…☆1,138Dec 19, 2025Updated 2 months ago