I have made a organized list of malware development resources it’s quite hard to find em so i think it will help to anyone who want to learn malware dev, please give your feedback.
Great work and so interesting! Thank you!
Hmm… very intriguing. I will take a look.
Thanks for sharing… Good a knowledge
great work .
This is great. One thing that might be good for an update is a set curriculum taking newcomers from C through ASM and through additional topics.
With all of these links, it could be daunting for someone.
Thanks for sharing. well done
Do we have to learn C to make good malware or can python or bash be enough?
i think python isnt a good language for malware dev
Why do you think it is not suitable
because you habe to install python on victim pc. there are powershell scripts that can do that i think. but i am a noob bro so dont take my word.
Even if I put my python script in an exe, they must still have python? and C it is not the case.
If it’s a .exe you don’t need Python installed.
That’s what I was thinking so python is cool for malware?
As a POC malware developer, I can’t say Python is good. If you want high performance, an important part in malware, you have to learn a compiled language. I would recommend C/C++ or Go. Go is good for desktop and server malware, C/C++ for all places because it is cross platform. Python is not cross platform, so it is not good. Speaking from experience. Earlier, malware devs would use Python, but the problem was when compiling for Windows using py2exe, it would leave a lot of metadata used to identify them. So, they switched to Go. Go is easier to learn than Python, is powerful as C++/C, and is compiled, fast as well, and is high level. Go generated executables are big, so pack them with UPX. C++/C are low level languages and are more cross platform than Go, so what I did was learn C++ and Go. C++ and C can be used together, Go can be used with C, but not C++. So, what you should do is learn a low level language and a high level language. Also, Go is the easiest programming language in existence currently, so making malware will be easy in Go and it can replace C/C++ sometimes, but for mobile malware, you should use C/C++.
Go runs on UNIX and its variants (MacOS, Linux, BSD,) and Windows, C++ on all platforms in existence currently.
Considering most malware uses OS specific APIs when writing malware in C/C++, means the code is not cross platform at all…
It depends, for example, you could take a look at Sliver a C2 framework written in Go. There are things that are OS specific but a base implant can be generated for just about anything Go can compile to in theory. Really, a lot of language choice boils down to personal preference and the challenges you want to deal with.
If you read my comment, I explicitly state “malware in c/c++”, not Golang.