RFCs/FAQs
MSDN
SourceForge
SysInternals
ProTools
Hello, Coder!
File Formats
VX
HangUp Team
29A Labs
Vecna
VirusBuster
VX Heavens
Security/Hack
x25 zine
PacketStorm
Insecure.Org
Phrack
LSD Planet
SecurityFocus
Malware
Xfocus
security.nnov.ru
XXXVIII a.s.
18-08 | added: HOOKLIB 1.03 (linux)
15-08 | added: антивирусная трагедия
05-08 | updated exception monitor v1.02
01-08 | added: всегда последние новости про касперского
22-07 | must read: про Садиста и Касперского
30-06 | must read: Пиздун-Касперский
04-06 | added: XDE v1.01, MISTFALL 2.00, TRACER 2, HKIT v1.06, ...
04-06 | added: MF2/TRACER2/other engines test (beta) win32 gui
01-05 | креатифф: Новый Апокалипсис
24-04 | креатифф: Мой нигилизм
09-04 | updated RSALIB v6 (compatibility bugfix)
25-03 | updated win32 Shellcode Constructor 1.03 (lots of new features) 24-03 | added UPX for code snippets/special edition v3.00
03-03 | added tasm .lst to 'char shellcode[]' converter (perl)
...
Disclaimer
Articles
Креатифф
Compression
AV-related
Internet
Utilities/Programs
Code Pervertor
Revert
w9x/Ring-0
Infection
Libraries/Examples
PGP/RSA-related
Viruses/Trojans
Engines/Mutation
Zines/Projects
UNIX
/* ARTICLES */
Pervert World Wide [eng]
Permutation Conditions [eng]
Bad File [eng]
Traitor Outlook [eng]
Limiting data transfer speed [eng]
Linux+FreeBSD shellcode [eng]
Injected Evil (ELF infection) [html] [txt] ~9k
Solving Plain Strings Problem In HLL [eng] ~15k
Code transformation and finite automatons [rus] [eng] ~24k
VMware has you [eng] ~2k
Hooking winNT/2K/XP API [eng] ~3k
Adding LDT entries in win2k [eng] ~6k
About reversing [eng] ~14k
Opcode Frequency Statistics [eng] ~9k
Disassemblers within viruses [rus] [eng] ~15k
Virus engines: common recommendations [rus] [eng] ~14k
Data encoding in meta viruses [rus] [eng] ~8k
Inside of Avp4 [eng] ~3k
Some ideas about metamorphism [rus] [eng] ~6k
Automated reverse engineering: Mistfall engine [rus] [eng] ~18k
DRWEB vs AVP: Programmer's Competition [rus] [eng] ~22k
"Delayed Code" technology [eng] [rus] ~11k
Metamorphism p.1 [rus] ~18k [eng] ~31k
Metamorphism and Permutation: feel the difference [eng] ~1k
Win98/INT 2E description [rus] ~15k [eng] ~44k
Entering ring-0 using win32 api: context modification [rus] [eng] ~5k
ring-3 pagetable access (Как поиметь таблицу страниц) [rus] ~33k [eng] ~15k
Трассировка под win32 (Tracing under win32) [rus] [eng] ~9k
LDE32 doc (rus/eng) [rus] [eng] ~2k
KME32 doc (rus/eng) [rus] [eng] ~10k
ETG doc (eng) [eng] ~5k
CMIX doc [eng] ~3k
PRCG doc [eng] ~3k
Articles: (russian)
RAW-сокеты под Win2K/XP [rus] ~8k
Импорты и экспорты [rus] ~5k
About undetectable viruses [rus] [eng] ~7k
Вирмэйкинг: задачи и цели [rus] ~11k
Плугинный вирус 2.00 (описание) [rus] ~24k
О детектировании сложных вирусов [rus] ~5k
ГСЧ в вирусах [rus] ~15k
Методология недетектируемого вируса [rus] ~14k
О том, как наебнуть эвристик [rus] ~9k
О PE файлах и длинах секций [rus] ~12k
Вирусы и черви: что дальше [rus] ~7k
Вирусные технологии: что дальше [rus] ~5k
Пишем вирус под win32 (что-то типа фака-туториала) [rus] ~42k,
example-вирус ~24k
RSA для программиста [rus] ~26k
Детектируем пермутирующий вирус [rus] ~12k
Помехозащищенные вирусы [rus] ~8k
Перспективы развития вирусов [rus] ~10k
finding LDT in memory [rus] ~7k
Пишем в закрытые для записи файлы (имеем шары), w9x/r0 [rus] ~3k
О некоторых методах распространения вирусов [rus] ~4k
Война в ring-0 ч.1 [rus] ~8k
Война в ring-0 ч.2 [rus] ~13k
Война в ring-0 ч.3 [rus] ~8k
Война в ring-0 ч.4 [rus] ~11k
Полиморфизм: что дальше [rus] ~9k
about .CRK/.XCK infection [rus] ~4k
О дисассемблировании и битовых масках [rus] ~13k
Алгоритмы сортировки [rus] ~14k
Ассемблерные фичи [rus] ~18k
CODE PERVERTOR [rus] ~4k
О выравнивании секций в PE файлах [rus] ~4k
Про WININIT.INI [rus] ~4k
Переход в ring0 через TCB [rus] ~3k
21 способ обнулить регистр [rus] ~3k
О пермутации [rus] ~27k
/* Креатифф */
Мой нигилизм [rus]
Эмулятор вирмейкера [rus]
Как написать вирусный журнал [rus] ~8k
О том, как ссучиваются лэйблы [rus] ~4k
Что такое вирус? [rus] ~9k
Психологические вирусы [rus] ~8k
Вирусная сцена -- что это такое [rus] ~6k
Взгляд в будущее [rus] ~21k
Еще раз о сцене [rus] ~4k
Некоторые аспекты публикации исходников [rus] ~6k
Всякая хрень:
антивирусная трагедия [rus]
цензура в сети [rus]
касперский опять спиздил код [rus] ~3k
Несколько слов о книге касперского [rus] ~5k
Каспер изнутри [rus] ~10k
Обзор vx журнала Spawn #1 [rus] ~12k
"хЭккеры", the Хрюкер, Патриарх Всея Сети, Церковь Хэккера, Старпер-ксорящий-ворды-в-уме и все такое:
Исповедь Хэккера [rus]
about ГШХ/UGF (United Guru Forces). хЭккерам посвящается. [rus] ~4k
СПРЫГ-2К: как оно было на самом деле. (тоже про хэккеров) [rus] ~7k
Теория и практика хэккерской магии [rus] ~18k
Изъебства и ART
Новый Апокалипсис [rus]
Смерть последнего хакера [rus] ~5k
Танго "Маздайное" [rus] ~1k
Нить по имени Сергей [rus] ~7k
Пробуждение [rus] ~2k
Сон [rus] ~2k
Сон #2 [rus] ~3k
Добро пожаловать в АД [rus] ~4k
/* COMPRESSION */
download UPX for code snippets/special edition v1.00, ~10k
download UPX for code snippets/special edition v1.50, ~10k
download UPX for code snippets/special edition v2.00, ~30k
download UPX for code snippets/special edition v3.00, ~40k
download UPX for code snippets, ~20k
download freenrv2b compression algorithm, ~20k
download freenrv2[b,d,e] compression algorithm(.b is better and slower), ~40k
download static HUFFMAN compression in C, ~33k
download dynamic sfxed HUFFMAN compression in C, ~27k
download another compression in C, ~29k
download HUFFMAN encoding/decoding in asm, ~8k
download LZ-alike compression (context tree+huffman), in C ~5k
/* AV-RELATED */
download AVPX 2.00 (tasm) ~16k
download Visual AVPX 1.00, ~170k
download AVP_TROJ -- trojan .AVC generator, ~18k
download AVP false alarms (6905 files), ~241k
download updated AVP false alarm generator, ~32k
download AVP4 .SRU files (secret stuff), ~21k
download UNP_VDB -- .VDB base unpacker 1.02, ~157k, update to 1.03 ~2k
download WEBCONV ~6k -- history.dwb to .bmp convertor, view drweb.gif
see also rvm2_7.arj - 2000 drweb false-alarm files
download aavpatch.zip Anti-Anti-Virus (av patching tool), ~11k
/* INTERNET */
download IRX: 256-bit RSA-encryption for IRC (w/bugs), ~374k
download winNT/2K/XP shellcode, ~10k
download Podonok UDP Chat v1: IRC-alike Client/Server (beta-version)
download Podonok UDP Chat v1: sources
download Zombot 1.10 -- IRC bot/backdoor, ~94k
/* UTILITIES/PROGRAMS */
download IOCODE tool - dumps NT driver level io codes
download exception monitor v1.02 (uses hooklib+sde)
download win32 Shellcode Constructor 1.03, ~380k download tasm .lst to 'char shellcode[]' converter (perl)
download winampx - simple remote winamp control
download winNT/2K/XP stealth stuff, ~48k
download AVP4SRU -- AVP Secret Resources Unpacker, ~58k
download PE EXE/DLL Opcode Frequency Calculator, ~55k
download BPX bypassing, ~6k
download HAXOR tool (kind of bin2inc), ~34k
download MAC time convertor, ~63k
download PE datetime dumper, ~3k
download KBDMOUSE -- win9x: keyboard/mouse enabling/disabling, ~18k
download OTD -- COFF OBJ Time Dumper, ~4k
download PE fixup rebuilder, ~7k
download .COM to executable text convertor, ~69k
download hlpsdump.zip -- *.HLP script dump utility, ~20k
download KEYRUS - z0mbie's keyrus package (+shadowram font loader/editor/fonts/etc), ~120k
download K3 rusification driver, ~12k
download two screen savers (lense & tetris autoplayer, pascal), ~16k
download some graphics demo, ~46k
download src2htm - source to HTML convertor, ~16k
download graf2txt - BMP to text convertor, ~10k
download ps2htm - .PS to .HTML convertor, ~8k
download gifstrip - .GIF file comment stripper, ~8k
view worm.html (netscape 4+ only)
download brainfuck language emulator
/* CODE PERVERTOR */
download CODE PERVERTOR 1.01 Win32 GUI (bin & bc++builder srcs), ~240k
download CodePervertor 1.50 asm include file & example, ~5k
download CodePervertor Pro 2.00 Win32 CommandLine, ~49k (special edition)
download CODE PERVERTOR v3.00 for DOS COM/EXE, ~41k
/* REVERT */
download REVERT 3 -- MISTFALL-based PE revertor/trojanizer, ~139k
download REVERT 4 -- MISTFALL-based PE revertor/polymorphizer, ~245k
/* w9x/ring-0 */
download ntoskrnl.zip: NTKERN services (win98): entering r0 & writing to r/o memory, ~15k
download finding LDT in memory example+article, ~6k
download Entering ring-0 using win32 api: context modification, article+example ~9k
download ring-3 pagetable access, article+examples ~22k
download w9xshare.zip -- writing to readonly files (w9x/r0), article+example, ~6k
download z0mcgate.zip -- entering ring0 via LDT, ~2k
download XDTPROT -- protect IDT/GDT pages (prevent access from ring3), ~4k
download V86 -> RING0 jmp under Win95/98 using DPMI/IDT, ~2k
download entering ring-0 by splicing VMM (win9x), ~2k
download win98: entering ring-0 via TCB example+article, ~4k
/* INFECTION */
download VxD infection, ~32k
download PE file infection example (last section appending, MAPLIB used), ~43k
download FIRE - FAT16 Independent Replicative Emulator (tool, not a virus), ~13k
download ENUNS infection, ~23k
download hlp.zip -- infecting *.HLP files (example/description), ~36k
download RVM#1/rvm1_8.arj - infecting .TPU files
download RVM#1/rvm1_9.arj - infecting .BGI files
/* LIBRARIES, EXAMPLES */
download tracer v2 beta -- .cpp classes
download VIRSTR library ~7k
download vxl.zip -- VX Library 1.00, ~12k
download regscan.zip -- registry: example of filename/av entries scanner + keyword search tool, ~10k
download ring-0 file-io library ~3k
download .RAR/.ZIP archives infection library+example, ~32k
download MAPLIB 4.01 - .INC library for easy win32 file access (using FileMapping), + automatically clear/restore attrib/datetime, etc., ~5k
download recserch.zip - asm sources of recursive file search (+%path% parsing, etc.), ~3k
download KILLAVXD 1.50 - library + example of how to patch (disable) AV VxDs, ~6k
download random.zip - random number generator (C+ASM), ~2k
download crc stuff (avp/drweb/crc/pe header csum/reversing), ~43k
download ShadowRAM II -- source code to support 50 different chipsets, ~7k
download avlist.zip -- example of finding AV using file mask list, ~5k
download Sound Effects under Win32 - example of generating & playing sound under win32, ~36k
download MCBTSREX DOS-mode: example of how to stay resident via MCB (explained), ~3k
download pecom32.zip -- 32-bit COM files (PE EXE, 318 bytes), ~2k
download http.zip -- example of downloading file via http (wininet.dll), ~1k
download pestat.zip -- PE statistics, ~5k
/* PGP/RSA-RELATED */
download txt2den.zip - PGP output to source convertor (extract D,E,N numbers), ~38k
download howkey.txt - how to create your own RSA key, ~2k
download rsa1.zip - RSA-library (sources in C), ~3k
download rsa2.zip - RSA-library (example & sources in ASM), ~4k
download pgpstuff.zip -- some pgp related stuff (public key & anypgpfile dumper), ~11k
download rsa3.zip - RSA key generator (D,E,N numbers), ~19k
download rsa4.zip - v4.00.b, RSA keygen in ASM + encr/decr tool, ~32k
download RSA v.5.xx -- signing/verifying stuff (128-bit), ~36k
download RSALIB v6.01 -- keygen+modexp, dynamic keysize, offset-independend asm code, ~9k
/* VIRUSES/TROJANS */
win9X.132,133,134,140,142,148,149,150,151,152,159,161,162,166,170,180,a,182,184,185,
187,189,190,a,197,200,204,b,206,209,218,223,230,242 virii (aka Win95.SillyWR.nnn)
download win95.Zombie virus, ~115k
download win9X.Z0MBiE-II (Twinny) virus, ~63k
download win9X.Z0MBiE-3 virus, ~5k
download win9X.Z0MBiE-4 (Zofo) virus, ~9k
download win9X.KME.Z0MBiE-4.b (ZMorph) virus, ~37k
download win9X.Z0MBiE-4.c (ZMorph) virus, ~37k
download win9X.Z0MBiE-4.d (Zom) virus, ~15k
download win9X.Hooy virus, ~38k
download Z0MBiE-5 (W95.Bistro) virus, ~95k
download win9X.RPME.Z0MBiE-6.a (ZPerm) virus (win9x permutating), ~42k
download win9X.Z0MBiE-7 (ZPerm) permutating virus, ~21k
download Z0MBiE-6.b virus (win9x polymorphic(CODEGEN)+permutating(RPME)), ~49k
download win98.Z0MBiE-8 (Damm) virus, ~16k
download win9X.Examplo (win32-example virus), ~21k
download win9X.LDE.Examplo (win32-example virus), ~9k
download win9X.Z0MBiE-10.a virus (==ZMyst; based on CODEGEN,ETG,LDE,RPME,MISTFALL), ~89k
download Mistfall.Z0MBiE-10.b virus, ~92k
download Mistfall.Z0MBiE-10.c virus + Mistfall engine 1.02, ~118k
download Mistfall.Z0MBiE-10.d virus, ~142k
download 007JB virus, ~25k
download M1 virus, ~61k
download ZHello virus, ~13k
download TP_COM virus, ~16k
download PGPMorph-1 virus, ~69k
download PGPMorph-2 virus, ~108k
download pascal HLL virus example, ~5k
download eicar.zip -- EICAR trojan, ~5k
view Z0MBiE.32 -- TSR, EXE-overwriter
view Trojan.18 -- non-TSR, MBR/BOOT/CMOS-overwriter ;-)
/* ENGINES, MUTATION */
download XDE v1.01 -- extended length disassembler
download ADE32 v2.02 -- instruction disassembler, ~51k
download ADE32 v2.03c -- update to instruction disassembler, ~6k
download LDE-32 v1.04 -- Length-Disassembler Engine, ~29k
download LDE-32 v1.05 (update), ~3k
download LDE-32 v1.06 (update), ~5k
download LDE-32 Demo -- example of disassembling/permutating engine, in C, ~7k
reversing:
download MISTFALL 1.01 -- PE EXE/DLL reversing&infecting engine for Win32, ~52k
download MISTFALL 2.00 beta -- .cpp classes
download MF2/TRACER2/other engines test (beta) win32 gui
permutation:
download RPME 1.20 -- Real Permutating Engine for Win32, ~50k
download AZCME04 - permutating engine in C - DOS .COM self-rebuilding permutating file, ~30k
download AZCME32c - permutating engine in C - win95 PE EXE self-modifying (register exchange) file, ~137k
polymorphic:
download KME-32 v1.01 -- Win9X/NT R0/R3 universal poly engine, rus./eng. docs, ~57k
download KME v3.50 -- update, ~29k
download KME v5.52 -- highly improved, ~75k
download EXPO 1.01 poly engine -- example infector, using ETG/CODEMIXER/LDE32, ~15k
download PGPME-32 build 001a + example, ~65k
additional data generation:
download CODEGEN 1.60 -- code generator, ~9k
download CODEGEN 2.00 (ASM/CPP) -- code generator, ~18k
download ETG 1.00 (ASM), Executable Trash Generator, ~7k
download ETG 2.00 (ASM/CPP), Executable Trash Generator, ~12k
download PRCG 1.00: polymorphic recursive cycle generator +example, ~8k
other:
download CODE MIXER 1.50, ~9k
download DSCRIPT -- code to debug-script convertor (asm subroutine) +example, ~5k
api hook/injection-related:
download HOOKLIB & SDE engines (win32, ADE-based, .txt inside)
download HOOKLIB 1.03 /linux (uses XDE 1.01)
/* ZINES, PROJECTS */
download RVM #2, ~318k / view Contents
download Total Zombification #1 e-zine, 755k / view Contents
Plugin Virus Project v1.00 -- inside of TZ#1
download Plugin Virus Project II build 30, см. описание
/* UNIX */
download INFELF v1.02 -- ELF infection utility (win32/linux/freebsd) ~97k
download Linux+FreeBSD bind shell/shellcode/INFELF snippet ~5k
download tcp switcher -- for back-connect programs, win32/linux
Copyright © z0mbie z0mbie.host.sk | Реанимация проекта Алексей Хворост aka RedRoot My mail: ICQ: