Advertisement
Psycho_Coder

RE useful Links

Oct 17th, 2014
297
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. So many threads on how to make a crypter, but no actual research. Here is everything you need. Some might be unrelated to crypters, but definitely great articles.
  2.  
  3. Before asking how to code a crypter, please read these. There are so many tutorials & guides online and only thing what you are looking from here by asking how to code a crypter is a shortcut.
  4. There isn't one, except copy & paste. If you weren't looking for a shortcut on programming a crypter, then your researching skills lacks.
  5.  
  6. [b]Add Section and Import Function Manually[/b]
  7. Link: http://tuts4you.com/download.php?view.1569
  8.  
  9. [b]Adding a Section in PE[/b]
  10. Link: http://tuts4you.com/download.php?view.527
  11.  
  12. [b]Adding Sections[/b]
  13. Link: http://tuts4you.com/download.php?view.225
  14.  
  15. [b]Advanced PE Image Rebuilding[/b]
  16. Link: http://tuts4you.com/download.php?view.226
  17.  
  18. [b]An In-Depth Look into the Win32 PE File Format[/b]
  19. Link: http://tuts4you.com/download.php?view.228
  20.  
  21. [b]PE Brief Notes[/b]
  22. Link: http://tuts4you.com/download.php?view.232
  23.  
  24. [b]PE File Structure[/b]
  25. Link: http://tuts4you.com/download.php?view.238
  26.  
  27. [b]PE101 - A Windows Executable Walkthrough[/b]
  28. Link: http://tuts4you.com/download.php?view.3321
  29.  
  30. [b]PE102 - A Windows Executable Format Overview[/b]
  31. Link: http://tuts4you.com/download.php?view.3502
  32.  
  33. [b]The PE File Format[/b]
  34. Link: http://tuts4you.com/download.php?view.241
  35.  
  36. [b]The PE Format[/b]
  37. Link: http://tuts4you.com/download.php?view.3085
  38.  
  39. [b]The PE Header[/b]
  40. Link: http://tuts4you.com/download.php?view.240
  41.  
  42. [b]The Portable Executable File Format[/b]
  43. Link: http://tuts4you.com/download.php?view.2892
  44.  
  45. [b]Operating Systems Development - Portable Executable (PE) [/b]
  46. Link: http://www.brokenthorn.com/Resources/OSDevPE.html
  47.  
  48. [b]Visualizations of the Portable Executable File Format[/b]
  49. Link: http://tuts4you.com/download.php?view.3380
  50.  
  51. [b]Win32 Resource File Format[/b]
  52. Link: http://tuts4you.com/download.php?view.242
  53.  
  54. [b]Understanding Windows Shellcode[/b]
  55. Link: http://tuts4you.com/download.php?view.1237
  56.  
  57. [b]Binary Code Obfuscation Through C++ Template Meta-Programming[/b]
  58. Link: http://tuts4you.com/download.php?view.3423
  59.  
  60. [b]Mimimorphism: A New Approach to Binary Code Obfuscation[/b]
  61. Link: http://tuts4you.com/download.php?view.3027
  62.  
  63. [b]On Entropy Measures for Code Obfuscation[/b]
  64. Link: http://tuts4you.com/download.php?view.3370
  65.  
  66. [b]Advanced Encryption Standard by Example[/b]
  67. Link: http://tuts4you.com/download.php?view.167
  68.  
  69. [b]Anti-Unpacker Tricks 1[/b]
  70. Link: http://tuts4you.com/download.php?view.2277
  71.  
  72. [b]Anti-Unpacker Tricks 2 - Part 1[/b]
  73. Link: http://tuts4you.com/download.php?view.2544
  74.  
  75. [b]Anti-Unpacker Tricks 2 - Part 2[/b]
  76. Link: http://tuts4you.com/download.php?view.2630
  77.  
  78. [b]Anti-Unpacker Tricks 2 - Part 3[/b]
  79. Link: http://tuts4you.com/download.php?view.2647
  80.  
  81. [b]Anti-Unpacker Tricks 2 - Part 5[/b]
  82. Link: http://tuts4you.com/download.php?view.2702
  83.  
  84. [b]Anti-Unpacker Tricks 2 - Part 6[/b]
  85. Link: http://tuts4you.com/download.php?view.2740
  86.  
  87. [b]Anti-Unpacker Tricks 2 - Part 8[/b]
  88. Link: http://tuts4you.com/download.php?view.2928
  89.  
  90. [b]Anti-Unpacker Tricks 2 - Part 9[/b]
  91. Link: http://tuts4you.com/download.php?view.2940
  92.  
  93. [b]The Ultimate Anti-Debugging Reference[/b]
  94. Link: http://tuts4you.com/download.php?view.3260
  95.  
  96. [b]Windows Anti-Debug Reference[/b]
  97. Link: http://tuts4you.com/download.php?view.1919
  98.  
  99. [b]Ideas on advanced runtime encryption of .NET Executables[/b]
  100. Link: http://www.nullsecurity.net/papers/nullsec-net-crypter.pdf
  101.  
  102. [b]Implementation of Runtime PE-Crypter[/b]
  103. Link: http://www.nullsecurity.net/papers/nullsec-bsides-slides.pdf
  104.  
  105. [b]Hyperion: Implementation of a PE-Crypter[/b]
  106. Link: http://www.nullsecurity.net/papers/nullsec-pe-crypter.pdf
  107.  
  108. [b]Bypassing Address Space Layout Randomization[/b]
  109. Link: http://www.nullsecurity.net/papers/nullsec-bypass-aslr.pdf
  110.  
  111. [b]Unprotecting the crypter - a generic approach[/b]
  112. Link: http://www.exploit-db.com/wp-
  113. content/themes/exploit/docs/18242.pdf
  114.  
  115. [b]Crypter Theory Part 1 - The DOS MZ Header[/b]
  116. Link: http://nn-fraktion.blogspot.com/2013/01/crypter-theory-part-1-dos-mz-header.html
  117.  
  118. [b]Crypter Theory Part 2 - PE Header 1/2[/b]
  119. Link: http://nn-fraktion.blogspot.fi/2013/01/crypter-theory-part-2-pe-header-12.html
  120.  
  121. [b]PE File Features in Detection of Packed Executables [/b]
  122. Link: http://www.ijcte.org/papers/512-S10014.pdf
  123.  
  124. [b]Antivirus evasion techniques show ease in avoiding antivirus detection[/b]
  125. Link: http://searchsecurity.techtarget.com/feature/Antivirus-evasion-techniques-show-ease-in-avoiding-antivirus-detection
  126.  
  127. [b]Anti-virus Evasion Techniques [/b]
  128. Link: http://dl.packetstormsecurity.net/papers/virus/avevasion-
  129. techniques.pdf
  130.  
  131. [b]Anti-Virus Evasion: A Peek Under the Veil[/b]
  132. Link: http://pen-testing.sans.org/blog/2013/07/12/anti-virus-evasion-a-peek-under-the-veil
  133.  
  134. [b]Advanced Metamorphic Techniques in Computer Viruses[/b]
  135. Link: http://download.adamas.ai/dlbase/Stuff/VX%20Heavens%20Library/apb01.html
  136.  
  137. [b]"DELAYED CODE" technology (version 1.1)[/b]
  138. Link: http://download.adamas.ai/dlbase/Stuff/VX%20Heavens%20Library/vzo23.html
  139.  
  140. [b]"Do polymorphism" tutorial[/b]
  141. Link: http://download.adamas.ai/dlbase/Stuff/VX%20Heavens%20Library/vwm01.html
  142.  
  143. [b]Advanced Polymorphism Primer[/b]
  144. Link: http://download.adamas.ai/dlbase/Stuff/VX%20Heavens%20Library/vda01.html
  145.  
  146. [b]Advanced polymorphic engine construction[/b]
  147. Link: http://download.adamas.ai/dlbase/Stuff/VX%20Heavens%20Library/vmd03.html
  148.  
  149. [b]Analysis of the "Offensive Polymorphic Engine v2"[/b]
  150. Link: http://download.adamas.ai/dlbase/Stuff/VX%20Heavens%20Library/val00.html
  151.  
  152. [b]Stealth API-based decryptor[/b]
  153. Link: http://download.adamas.ai/dlbase/Stuff/VX%20Heavens%20Library/vkz00.html
  154.  
  155. [b]About undetectable viruses[/b]
  156. Link: http://download.adamas.ai/dlbase/Stuff/VX%20Heavens%20Library/vzo69.html
  157.  
  158. [b]Some stealth idea's[/b]
  159. Link: http://download.adamas.ai/dlbase/Stuff/VX%20Heavens%20Library/vdi07.html
  160.  
  161. [b]Some New Ideas for Future Viruses[/b]
  162. Link: http://download.adamas.ai/dlbase/Stuff/VX%20Heavens%20Library/val02.html
  163.  
  164. [b]Automated reverse engineering: Mistfall engine[/b]
  165. Link: http://download.adamas.ai/dlbase/Stuff/VX%20Heavens%20Library/vzo21.html
  166.  
  167. [b]Anti AV Techniques For Batch[/b]
  168. Link: http://download.adamas.ai/dlbase/Stuff/VX%20Heavens%20Library/vcg00.html
  169.  
  170. [b]Anti heuristic techniques[/b]
  171. Link: http://download.adamas.ai/dlbase/Stuff/VX%20Heavens%20Library/vbj01.html
  172.  
  173. [b]Anti Virus Detection Strategies and how to overcome them[/b]
  174. Link: http://download.adamas.ai/dlbase/Stuff/VX%20Heavens%20Library/vtd02.html
  175.  
  176. [b]ANTI-Anti-Virus Tricks Version 1.00[/b]
  177. Link: http://download.adamas.ai/dlbase/Stuff/VX%20Heavens%20Library/vmx01.html
  178.  
  179. [b]Anti-Debugger & Anti-Emulator Lair[/b]
  180. Link: http://download.adamas.ai/dlbase/Stuff/VX%20Heavens%20Library/vlj03.html
  181.  
  182. [b]Anti-debugging in Win32[/b]
  183. Link: http://download.adamas.ai/dlbase/Stuff/VX%20Heavens%20Library/vlj05.html
  184.  
  185. [b]The Anti-Virus Cook Book v1.5[/b]
  186. Link: http://download.adamas.ai/dlbase/Stuff/VX%20Heavens%20Library/akw00.html
  187.  
  188. [b]The Anti-Virus Strategy System[/b]
  189. Link: http://download.adamas.ai/dlbase/Stuff/VX%20Heavens%20Library/asg08.html
  190.  
  191. [b]Antivirus Software Testing for the New Millenium[/b]
  192. Link: http://download.adamas.ai/dlbase/Stuff/VX%20Heavens%20Library/asg15.html
  193.  
  194. [b]A Taxonomy of Obfuscating Transformations[/b]
  195. Link: https://tuts4you.com/download.php?view.3421
  196.  
  197. [b]A Tool Kit for Code Obfuscation[/b]
  198. Link: https://tuts4you.com/download.php?view.2916
  199.  
  200. [b]Application Security through Program Obfuscation[/b]
  201. Link: https://tuts4you.com/download.php?view.3131
  202.  
  203. [b]Applied Binary Code Obfuscation[/b]
  204. Link: https://tuts4you.com/download.php?view.2979
  205.  
  206. [b]Array Data Transformation for Source Code[/b]
  207. Link: https://tuts4you.com/download.php?view.2901
  208.  
  209. [b]Automatic Binary Deobfuscation[/b]
  210. Link: https://tuts4you.com/download.php?view.2978
  211.  
  212. [b]Basing Obfuscation on Simple Tamper-Proof Hardware Assumptions[/b]
  213. Link: https://tuts4you.com/download.php?view.3452
  214.  
  215. [b]Code Obfuscation and Lighty Compressor Unpacking[/b]
  216. Link: https://tuts4you.com/download.php?view.3235
  217.  
  218. [b]Control Code Obfuscation by Abstract Interpretation[/b]
  219. Link: https://tuts4you.com/download.php?view.3372
  220.  
  221. [b]Exception Handling to Build Code Obfuscation Techniques[/b]
  222. Link: https://tuts4you.com/download.php?view.2910
  223.  
  224. [b]Mimimorphism: A New Approach to Binary Code Obfuscation[/b]
  225. Link: https://tuts4you.com/download.php?view.3027
  226.  
  227. [b]Practical Obfuscating Programs[/b]
  228. Link: https://tuts4you.com/download.php?view.2904
  229.  
  230. [b]Program Obfuscation[/b]
  231. Link: https://tuts4you.com/download.php?view.2903
  232.  
  233. [b]Using Optimization Algorithms for Malware Deobfuscation[/b]
  234. Link: https://tuts4you.com/download.php?view.2971
  235.  
  236. [b]HTG Explains: How Antivirus Software Works[/b]
  237. Link: http://www.howtogeek.com/125650/htg-explains-how-antivirus-software-works/
  238.  
  239. [b]Antivirus software[/b]
  240. Link: http://en.wikipedia.org/wiki/Antivirus_software
  241.  
  242. [b]How Antivirus Programs Work[/b]
  243. Link: http://www.dummies.com/how-to/content/how-antivirus-programs-work.html
  244.  
  245. [b]How Antivirus works[/b]
  246. Link: http://www.engineersgarage.com/mygarage/how-antivirus-works
  247.  
  248. [b]How antivirus software works: Virus detection techniques[/b]
  249. Link: http://searchsecurity.techtarget.com/tip/How-antivirus-software-works-Virus-detection-techniques
  250.  
  251. [b]How a Cloud Antivirus Works[/b]
  252. Link: http://computer.howstuffworks.com/cloud-computing/cloud-antivirus.htm
  253.  
  254. [b]Binary Obfuscation Using Signals[/b]
  255. Link: https://www.cs.arizona.edu/solar/papers/obf-signal.pdf
  256.  
  257. [b]Binary-Code Obfuscations in Prevalent Packer Tools[/b]
  258. Link: ftp://ftp.cs.wisc.edu/paradyn/papers/Roundy12Packers.pdf
  259.  
  260. [b]Obfuscation: Malware’s best friend[/b]
  261. Link: http://blog.malwarebytes.org/intelligence/2013/03/obfuscation-malwares-best-friend/
  262.  
  263. [b]An Anti-Reverse Engineering Guide[/b]
  264. Link: http://www.codeproject.com/Articles/30815/An-Anti-Reverse-Engineering-Guide
  265.  
  266. [b]Clever tricks against antiviruses[/b]
  267. Link: http://x-n2o.net/clever-tricks-against-antiviruses
  268.  
  269. [b]Win32 Equivalents for C Run-Time Functions[/b]
  270. Link: http://support.microsoft.com/default.aspx?scid=kb;EN-US;q99456
  271.  
  272. [b]How to write a simple packer using C language[/b] (download)
  273. Link: https://mega.co.nz/#!pxF3DJ5S!S4CnHTKxrcxia2RlZiOEAiMFE0sQcdlsSwjkuhjz7BI
  274.  
  275. [b]About AV-Checker[/b]
  276. Link: http://vxheavens.com/lib/vpr03.html
  277.  
  278. [b]Dynamic Analysis .. What is it and how to defeat it?![/b]
  279. Link: http://vxheavens.com/lib/vmo03.html
  280.  
  281. [b]"Smart" trash: building of logic[/b]
  282. Link: http://vxheavens.com/lib/vpo01.html
  283.  
  284. [b]Code Mutations via Behaviour Analysis[/b]
  285. Link: http://vxheavens.com/lib/vsp27.html
  286.  
  287. [b]Heaven's Gate: 64-bit code in 32-bit file[/b]
  288. Link: http://vxheavens.com/lib/vrg16.html
  289.  
  290. [b]PE Infector[/b]
  291. Link: http://marcoramilli.blogspot.fi/2011/03/pe-infector.html
  292.  
  293. [b]Evolution of Computer Virus Concealment and Anti-Virus
  294. Techniques: A Short Survey [/b]
  295. Link: http://arxiv.org/ftp/arxiv/papers/1104/1104.1070.pdf
  296.  
  297. [b]Hunting for Metamorphic Engines[/b]
  298. Link: http://vxheavens.com/lib/pdf/Hunting%20for%20Metamorphic%20Engines.pdf
  299.  
  300. [b]Using Entropy Analysis to Find Encrypted and Packed Malware[/b]
  301. Link: http://virii.es/U/Using%20Entropy%20Analysis%20to%20Find%20Encrypted%20and%20Packed%20Malware.pdf
  302.  
  303. [b]RtlQueryProcessHeapInformation As Anti-Dbg Trick[/b]
  304. Link: http://evilcodecave.wordpress.com/2009/04/
  305.  
  306. [b]Windows Anti-Debug Reference[/b]
  307. Link: http://www.symantec.com/connect/articles/windows-anti-debug-reference
  308.  
  309. [b]Debuggers Anti-Attaching Techniques - Part 1[/b]
  310. Link: http://waleedassar.blogspot.com.br/2011/12/debuggers-anti-attaching-techniques.html
  311.  
  312. [b]Metamorphic Programming[/b]
  313. Link: https://beardocs.baylor.edu/xmlui/bitstream/handle/2104/5299/Metamorphic.pdf?sequence=1
  314.  
  315. [b]The Shellcoder's Handbook[/b]
  316. Link: http://files.xakep.biz/books/Wiley.The.Shellcoders.Handbook.2nd.Edition.Aug.2007.pdf
  317.  
  318. [b]Hyperion: Implementation of a PE-Crypter[/b]
  319. Link: http://www.exploit-db.com/wp-content/themes/exploit/docs/18849.pdf
  320.  
  321. [b]Bypassing Anti-Virus Scanners[/b]
  322. Link: http://dl.packetstormsecurity.net/papers/bypass/bypassing-av.pdf
  323.  
  324. [b]PE Infection Strategies[/b]
  325. Link: https://evilzone.org/tutorials/%28paper%29-virus-pe-infection-strategies/
  326.  
  327. [b]Anti-Emulation Through Time-Lock Puzzles[/b]
  328. Link: https://tuts4you.com/download.php?view.2348
  329.  
  330. [b]Generate small binaries using Visual Studio[/b]
  331. Link: http://thelegendofrandom.com/blog/archives/2231
  332.  
  333. [b]Polychaos - PE permutation library[/b]
  334. Link: https://github.com/DarthTon/Polychaos
  335.  
  336. [b]CMP – Code Morphing Pass [LLVM][/b]
  337. Link: https://github.com/mminutoli/code-morphing
  338.  
  339. [b]Search for more, examples of sentences & keywords:[/b]
  340.  
  341. In depth look into binary obfuscation
  342. In depth look into windows pe file
  343. How malware works
  344. How antivirus works
  345. In depth look into pe resource files
  346. How binary obfuscation works
  347. Explanation of PE sections
  348. How antivirus pattern matching works
  349. PE Infection Strategies
  350. How antivirus detects virus
  351. Why malware is undetectable
  352. Code injection using SetWindowsHookEx
  353. Code Injection modifying the Main Thread
  354. Antivirus runtime detection
  355. Windows dynamic forking
  356. Windows process hollowing
  357. C++ codecave injection
  358. Codecave Injection using CreateRemoteThread
  359. Windows malware explained
  360. C++ dynamic api calling
  361. Compile time polymorphism
  362. C++ variadic templates
  363. LLVM
  364. LLVM toolchain
  365.  
  366. Symmetric encryption algorithm, such as:
  367. - AES
  368. - Blowfish
  369. - RC5
  370. - SEED
  371. - Skipjack
  372. - TEA
  373. - XTEA
  374. - 3-Way
  375. - DES
  376. - Serpent
  377. - Twofish
  378. - Camellia
  379. - CAST-128
  380. - IDEA
  381. - RC2
  382. -etc.
  383.  
  384. String/Character encoding, such as:
  385. - Base64
  386. - Ascii85
  387. - Custom character encoding
  388. - etc.
  389.  
  390. Understanding shellcode
  391. Writing shellcode with a C compiler
  392. Position independent code
  393. Antivirus sandbox
  394. Antivirus emulation
  395. Bypassing antivirus scanners
  396. [i]...to be continued[/i]
  397.  
  398. [b][u]Special links![/u][/b]
  399.  
  400. Link: http://google.com
  401. Link: http://msdn.microsoft.com
  402.  
  403. [b][u]Couple useful tools[/u][/b]
  404.  
  405. [b]CFF Explorer[/b]
  406. Link: http://www.ntcore.com/exsuite.php
  407.  
  408. [b]HxD[/b]
  409. Link: http://mh-nexus.de/en/hxd/
  410.  
  411. [b]Resource Hacker[/b]
  412. Link: http://www.angusj.com/resourcehacker/
  413.  
  414. [b]OllyDbg[/b]
  415. Link: http://www.ollydbg.de/
  416.  
  417. [b][u]Sources to study[/u][/b]
  418. [size=x-small][i]Note: Password for all archives is 'qmz'.[/i][/size]
  419.  
  420. [b]Krypton 7.1 Crypter[/b]
  421.  
  422. Description:
  423. -Morph icons
  424. -Junk generator
  425. -Initial handler + Morpher + STUB
  426. You need:
  427. -Visual Studio 2010 and Visual Assist X 10.7(place after installing vstudio)
  428. -The file on the crypts should be located in your bin directory.
  429.  
  430. Features:
  431. 1. Console interface
  432. 2. Polymorph
  433. 3. Garbage code, garbage, trash section
  434. 4. Normalize the entropy on output
  435. 5. Built-in compression
  436. 6. Packer linker input file is automatically determined. The decision to use
  437. some compression is automatically accepted on the basis of several factors:
  438. - Was a packer at the entrance
  439. - The degree of compression
  440. - Entropy
  441. 7. Overlay support
  442. 8. Support command line arguments;
  443. 9. Ability to "noise" icons
  444. 10. Randomly size output or within the specified limits
  445. 11.Two types of antiemulation + VM + antidebugging
  446. 12. A lot more, complex source
  447.  
  448. Download the source:
  449. [spoiler]
  450. Do [u][b]NOT[/b][/u] execute [u][b]ANY[/b][/u] executables located on the archive!
  451. You are supposed to study the source, [u][b]NOT[/b][/u] get yourself [color=#FF4500]infected[/color]!
  452. Link: http://www.mirrorcreator.com/files/1EIGHX6O/Krypton_7.1-2.7.rar_links
  453. [/spoiler]
  454.  
  455. [b]Source - Polymorphic engine + micro assembler[/b]
  456. Link: http://www.mpgh.net/forum/31-c-c-programming/470516-release-polymorphic-engine-micro-assembler.html
  457.  
  458. [b]Source - Metamorphic Obfuscator[/b]
  459. Link: http://www.mpgh.net/forum/31-c-c-programming/733855-experimental-metamorphic-obfuscator.html
  460.  
  461. [b]Source - Several anti-debugging, anti-disassembly and anti-virtualization techniques[/b]
  462. Link: https://github.com/rrbranco/blackhat2012/blob/master/Csrc/fcall_examples/fcall_examples/fcall_examples.cpp
  463.  
  464. [b][u]API hashing compile-time[/u][/b] [size=x-small][i](Credits: karcrack)[/i][/size]
  465. [i]CryptAPI.hpp:[/i]
  466. Link: http://pastebin.com/Cn7PQDMu
  467.  
  468. [i]Example usage, main.cpp:[/i]
  469. Link: http://pastebin.com/pvTZ7bTM
  470.  
  471. [b]Template for automatically obfuscating code for every build you make(C++11)[/b]
  472. Link: http://pastebin.com/nV4sqnaa
  473.  
  474. [b][u]Video's to watch[/u][/b]
  475. [video=youtube]http://www.youtube.com/watch?v=ls8I__h1IYE&list=PLUFkSN0XLZ-n_Na6jwqopTt1Ki57vMIc3&feature=share[/video]
  476.  
  477. [url=http://www.youtube.com/playlist?list=PLUFkSN0XLZ-n_Na6jwqopTt1Ki57vMIc3][i][font=Arial]Continue watching the above series from here[/font][/i][/url]
  478.  
  479. [b][size=medium]TL;DR[/size][/b]
  480. [img]http://i.imgur.com/lORal5u.png[/img]
  481.  
  482. [/align]
  483.  
  484. [color=#FFD700][size=x-small][font=Arial]If you notice a duplicate link, notify me.[/font][/size][/color]
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement