Binary Armory Wiki

A compilation of resources to classical AntiRE techniques I’ve collected over time. Note that some resources may seem to be redundant but are added for the sake of completeness. Feel free to add any if you wish.

Packers/Obfuscators

Build your first LLVM Obfuscator
Extending LLVM for Code Obfuscation 1
Extending LLVM for Code Obfuscation 2
Using LLVM to Obfuscate Your Code During Compilation
Turning Regular Code Into Atrocities With LLVM
Simple Packer in C
Writing a PE packer series
Using UPX as a security packer
How to Write Your Own Packer
Anatomy of a simple and popular packer
Funtastic Packers And Where To Find Them
[LINUX]Making our own executable packer

Anti-Disassembly

Anti-Disassembly techniques used by malware (a primer) 1
Anti-Disassembly techniques used by malware (a primer) 2
Anti-Disassembly Techniques and Mitigation
Assembly “wrapping”: a technique for anti-disassembly
The Return of Disassembly Desynchronization

Anti-Debug

Anti-Debug Tricks Wiki
[WIN]The Ultimate Anti Debugging Reference
[WIN]Anti-Debugging Techniques and Mitigation
[WIN]Anti Debugging Protection Techniques with Examples
Windows Anti-Debug Reference
Beginner’s Guide to Basic Linux Anti Anti Debugging Technique
Anti-Debug Techniques on Linux
Advanced Techniques For Anti-Debugging
[WIN]Process on a diet: anti-debug using job objects
[WIN]New year, new anti-debug: Don’t Thread On Me

VM/Sandbox Detection

[WIN]Playing with GuLoader Anti-VM techniques
Malware Anti-VM Techniques
Malware Evasion Techniques 2
Malware Evasion Techniques 3
[WIN]Evolution of Malware Sandbox Evasion Tactics – A Retrospective Study
How does malware know the difference between the virtual world and the real world?
[LINUX]Easy Ways to Determine Virtualization Technology
How anti-cheats detect system emulation

Source Code

https://bitbucket.org/fkie_cd_dare/simplifire.antire/src/master/

Misc

[WIN]Analysis, Anti-Analysis, Anti-Anti-Analysis: An Overview of the Evasive Malware Scenario
Five Anti-Analysis Tricks That Sometimes Fool Analysts
Obfuscation Techniques
Mac OS X Binary Protection
[WIN] Anti Reverse Engineering
Evasion Techniques Wiki
[WIN]Malware Evasion 1
Evasive Techniques: An Introduction
[WIN]Anti–Reverse Engineering Techniques Employed by Malware
Hiding Process Memory Via Anti-Forensic Techniques
Hiding Call To Ptrace
[WIN]Anti-Reverse Engineering Guide
[LINUX]Programming Linux Anti-Reversing Techniques
Malicious cryptography techniques for unreversable (malicious or not) binaries
Malware Armoring: The case against incident related binary analysis
Hiding execution of unsigned code in system threads
Lets Create An EDR… And Bypass It! Part 1
Lets Create An EDR… And Bypass It! Part 2
AV Bypass
Defending Your Malware
Exploring a New Detection Evasion Technique on Linux

22 Likes

This is a nice compilation , thank you

1 Like

I’m organizing some notes and will try to contribute here when I can. @crimsonRain Do you mind if I send you my bookmarks that I have organized and you can sift through them?

2 Likes

No, I don’t mind. In fact, contributions are welcome, so feel free.

1 Like

This is an amazing index, ty! I’m a beginner when it comes to this so I’d appreciate if I could talk to you about some low level stuff and advice for beginners, would you be interested? How can I contact you? I tried messaging you on the forum but it doesn’t allow it

3 Likes

Hey @Moazaki! Glad you found us here :grinning_face_with_smiling_eyes: You can join us all in our Discord server. I’m sure everyone will be happy to help you out. Also, check out our FAQ. You might find interesting link and directions there :slight_smile:

1 Like

This is a nice and useful compilation , thank you for it OP!

This topic was automatically closed after 121 days. New replies are no longer allowed.