Skip to content

Latest commit

 

History

History
31 lines (21 loc) · 2.82 KB

README.md

File metadata and controls

31 lines (21 loc) · 2.82 KB
Raw

Basic Types of Malware

This repository contains information and tools related to five different types of malware. Each type of malware is organized in a separate folder, containing a specific tool to illustrate the concept and a detailed explanation of how it works and its impact.

Folders and Types of Malware

  1. Access Token Manipulation

    • Tool: ATM.cpp and unix_ATM.cpp
    • Explanation: This folder contains a demonstration tool that illustrates the technique of manipulating access tokens on Windows systems. Malware using this technique seeks to alter or steal valid access tokens from users or processes, allowing the malware to gain elevated privileges and access protected resources.

  2. Remote Process Injection

    • Tool: procinj.cpp and unix_procinj.cpp
    • Explanation: In this folder, you will find a tool that exemplifies the concept of remote code injection. Malware employing this technique can inject its malicious code into legitimate processes running on remote systems, disguising itself and making detection by security solutions more difficult.

  3. Reverse Shell

    • Tool: rev-shell.cpp
    • Explanation: The "Reverse Shell" folder contains a tool that simulates creating a reverse connection between the infected computer and an attacker, enabling remote control of the compromised system. Malware with reverse shell capabilities can provide unauthorized access to the affected system, opening a gateway for malicious activities.

  4. Sockets

    • Tool: server_socket.py and server_socket.c (also contains the client version)
    • Explanation: In this folder, you will find a tool that demonstrates the use of sockets for network communication. Malware can use sockets to communicate with command and control (C&C) servers or to propagate through a network, facilitating information theft or the spreading of malicious code.

  5. Windows API

    • Tool: exec_shellcode.cpp
    • Explanation: The "Windows API" folder contains a tool that explores the Windows Application Programming Interface. Malware often uses the Windows API to interact with the operating system, enabling it to perform malicious actions such as creating or modifying files, accessing system resources, and evading security tools.

Disclaimer

This repository is purely educational and intended to provide information about different types of malware and their techniques. The misuse or illegal use of any of the tools or information contained herein is strictly prohibited. Always obtain explicit authorization before conducting any testing or analysis on systems or networks that are not your own or under your responsibility.

Please remember that knowledge about malware should be used ethically and responsibly, aiming to protect systems and contribute to a safer digital environment.