A compilation of resources to classical AntiRE techniques I’ve collected over time. Note that some resources may seem to be redundant but are added for the sake of completeness. Feel free to add any if you wish.
Packers/Obfuscators/VMs
Build your first LLVM Obfuscator
Extending LLVM for Code Obfuscation 1
Extending LLVM for Code Obfuscation 2
Using LLVM to Obfuscate Your Code During Compilation
Turning Regular Code Into Atrocities With LLVM
[WIN]Simple Packer in C
[WIN]Writing a PE packer series
Using UPX as a security packer
[WIN]How to Write Your Own Packer
[NIX]Making our own executable packer
[WIN]Creating Your Very Own x64 PE Packer
[NIX]Making ELF Packer For Fun Part 1
[NIX]Making ELF Packer For Fun Part 2
[NIX]Lin64.M4rx: How to write a virtual machine in order to hide your viruses and break your brain forever
[NIX]MARX OF THE BEST
[NIX]A simple Linux Crypter
[NIX]PolyCrypt. Experiments on Self-Modifying Programs
[NIX]Programming for Wanabes XIII. Crypters part I
[NIX]Programming for Wannabes XIV. Crypters Part II
[NIX]Progamming for Wannabes XV. Crypters Part III
[NIX]IBI Crypter. A JIT Crypter PoC
[WIN]Crypters - Instruments of the Underground
Anti-Disassembly
Anti-Disassembly techniques used by malware (a primer) 1
Anti-Disassembly techniques used by malware (a primer) 2
Anti-Disassembly Techniques and Mitigation
Assembly “wrapping”: a technique for anti-disassembly
The Return of Disassembly Desynchronization
Polymorphic False-Disassembly Technique
Anti-Debug
[WIN]Anti-Debug Tricks Wiki
[WIN]The Ultimate Anti Debugging Reference
[WIN]Anti-Debugging Techniques and Mitigation
[WIN]Anti Debugging Protection Techniques with Examples
[WIN]Windows Anti-Debug Reference
[NIX]Beginner’s Guide to Basic Linux Anti Anti Debugging Technique
[NIX]Anti-Debug Techniques on Linux
Advanced Techniques For Anti-Debugging
[WIN]Process on a diet: anti-debug using job objects
[WIN]New year, new anti-debug: Don’t Thread On Me
Five Anti-Analysis Tricks That Sometimes Fool Analysts
[WIN]Preventing memory inspection on Windows
[NIX]A short note on entrypoint obscuring in ELF binaries
[WIN] Catching Debuggers with Section Hashing
VM/Sandbox Detection
[WIN]Playing with GuLoader Anti-VM techniques
Malware Anti-VM Techniques
Malware Evasion Techniques 2
Malware Evasion Techniques 3
[WIN]Evolution of Malware Sandbox Evasion Tactics – A Retrospective Study
How does malware know the difference between the virtual world and the real world?
[NIX]Easy Ways to Determine Virtualization Technology
How anti-cheats detect system emulation
[WIN]Virtual Machines Detection Enhanced
Source Code
GitHub - LordNoteworthy/al-khaser: Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
GitHub - waleedassar/antidebug: Collection Of Anti-Debugging Tricks
GitHub - ThomasThelen/Anti-Debugging: A collection of c++ programs that demonstrate common ways to detect the presence of an attached debugger.
GitHub - a0rtega/pafish: Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do
GitHub - scout-win/antivm.cpp
GitHub - therealdreg/anticuckoo: A tool to detect and crash Cuckoo Sandbox
GitHub - ricardojrdez/anti-analysis-tricks: Bunch of techniques potentially used by malware to detect analysis environments
GitHub - hfiref0x/VMDE: Source from VMDE paper, adapted to 2015
GitHub - kgretzky/obfusion: Obfusion - C++ X86 Code Obfuscation Library
GitHub - kirschju/debugmenot: Collection of simple anti-debugging tricks for Linux
GitHub - ex0dus-0x/menagerie: Cross-platform malware development library for anti-analysis techniques
Bitbucket - simplified-antire
GitHub - vxunderground/Proof-of-Concept-Collection: Collection of open source Malware Techniques distributed online
GitHub - vxunderground/MalwareSourceCode: Collection of malware source code for a variety of platforms in an array of different programming languages.
GitHub - alichtman/malware-techniques: A collection of techniques commonly used in malware to accomplish core tasks.
GitHub - CheckPointSW/InviZzzible: InviZzzible is a tool for assessment of your virtual environments in an easy and reliable way.
GitHub - eaglx/VMPROTECT: Obfuscation method using virtual machine.
GitHub - Battelle/movfuscator: The single instruction C compiler
Misc
[WIN]Analysis, Anti-Analysis, Anti-Anti-Analysis: An Overview of the Evasive Malware Scenario
Obfuscation Techniques
[OSX]Mac OS X Binary Protection
[WIN] Anti Reverse Engineering
[WIN]Evasion Techniques Wiki
[WIN]Malware Evasion 1
Evasive Techniques: An Introduction
[WIN]Anti–Reverse Engineering Techniques Employed by Malware
Hiding Process Memory Via Anti-Forensic Techniques
[NIX]Hiding Call To Ptrace
[WIN]Anti-Reverse Engineering Guide
[NIX]Programming Linux Anti-Reversing Techniques
Malicious cryptography techniques for unreversable (malicious or not) binaries
Malware Armoring: The case against incident related binary analysis
[WIN]Hiding execution of unsigned code in system threads
[WIN]Lets Create An EDR… And Bypass It! Part 1
[WIN]Lets Create An EDR… And Bypass It! Part 2
[WIN]AV Bypass
[WIN]Defending Your Malware
[NIX]Exploring a New Detection Evasion Technique on Linux
[WIN]Anatomy of a simple and popular packer
[WIN]Funtastic Packers And Where To Find Them
[NIX]Lin64.Eng3ls: Some anti-RE techniques in a Linux virus
[NIX]GONE IN 360 SECONDS Linux/Retaliation
UPX Anti-Unpacking Techniques in IoT Malware - CUJO AI
Fully Undetectable Malware
Control Flow Obfuscation
Bypassing Anti-Analysis of Commercial Protector Methods Using DBI Tools
Microblogging: From an obfuscated function to a synthesized LLVM IR
[WIN]Anti-forensic and File-less Malware
You can join us all in our 