Malware Techniques Database

Explore an ever-growing collection of malware techniques used in real-world scenarios. A new technique is added every week, keeping you up to date with the latest threats and research insights. Choose the plan that fits your needs and stay one step ahead in cybersecurity.

We accept PayPal, Credit Card, and Cryptocurrency. For the last option, please email: s12deff@gmail.com

Basic Plan

$10/month

Full access to malware techniques database
Weekly updates

Premium Plan

$15/month

All Basic Plan features
Paper Malware Analysis
Analysis across all major AV vendors

Basic Lifetime

$100 one-time

All Basic Plan features
Lifetime access

Premium Lifetime

$150 one-time

All Premium Plan features
Lifetime access

Name	OS	Privileges	Difficulty
DLL Injection FREE	Windows	User	Easy
Asynchronous Procedure Call Injection via NtTestAlert FREE	Windows	User	Medium
Remote Function Patcher FREE	Windows	User	Medium
ETW Pathcing	Windows	User	Easy
AMSI Patching	Windows	User	Medium
Classic Shellcode Execution	Windows	User	Easy
Shellcode Execution via EnumWindows	Windows	User	Easy
Shellcode Execution via EnumChildWindows	Windows	User	Easy
Shellcode Execution via Timer	Windows	User	Easy
Shellcode Execution using XOR	Windows	User	Medium
Hiding Data in SSE2	Windows	User	Easy
Windows Defender Killer	Windows	Administrator	Easy
Process Hypnosis Injection	Windows	User	Medium
RDP Credential Stealer	Windows	User	Medium
Evade Sysmon Rules	Windows	Administrator	Medium
Hiding FIle with ADS and XOR	Windows	User	Medium
Ghostly Hollowing	Windows	User	Medium
AES Decryption & Payload Execution	Windows	User	Medium
EarlyBird APC Code Injection	Windows	User	Medium
FindWindow Code Injection	Windows	User	Medium
Multi-Process DLL Injection	Windows	User	Medium
Process Hollowing Injection	Windows	User	Hard
Free Thread Hijacking	Windows	User	Hard
Malware Payload Control via IPC (Mutex)	Windows	User	Easy
Malware Payload Control via Named Pipe IPC	Windows	User	Easy
ETW Interceptor Hook	Windows	User	Hard
ETW Ghost Logger	Windows	User	Hard
HTML Smuggling	Windows	None	Easy
Parent PID Spoofing via Extended STARTUPINFOEX	Windows	User	Easy
Keylogger	Windows	User	Easy
Early Cascade Injection via Shim-Engine Hooking	Windows	User	Hard
AV/EDR Process Whitelist Enumeration	Windows	User	Medium
PPID Spoofing via WMI	Windows	User	Easy
PPID Spoofing via Scheduled Task	Windows	Administrator	Medium
RC4 Shellcode Encryption	Windows	User	Easy
Sysmon Driver-Name Enumeration	Windows	Administrator	Medium
Store Processes in HashMap Struct	Windows	User	Medium
List Process Modules with VirtualQueryEx	Windows	User	Medium
RC5 Shellcode Encryption	Windows	User	Easy
Hide Payload in Alternate Data Streams	Windows	User	Easy
AMSI ScanBuffer	Windows	User	Easy
AMSI ScanString	Windows	User	Easy
AMSI OpenSession	Windows	User	Medium
RC6 Shellcode Encryption	Windows	User	Easy
Hiding Keys/Payload in SIMD – SSE	Windows	User	Easy
Hiding Shellcode in PNG	Windows	User	Easy
Import Address Table Hooking	Windows	User	Easy
Advanced Keylogger with Anti-Detection	Windows	Administrator	Medium
Combined Persistence Module	Windows	Administrator	Medium
PHANTOM Protocol (Process Hijacking And Network Threat Operations Module)	Windows	User	Hard
Windows File Hiding	Windows	User	Easy
Enumerate and Subscribe to ETW Providers	Windows	User	Medium
Reverse Shell	Windows	User	Medium
Compile-Time String Encryption	Windows	User	Easy
Microsoft Edge Cookie Stealer	Windows	User	Medium
Dump Windows Credential Manager	Windows	User	Easy
Blind Shell	Windows	User	Medium
Exfiltrate information throught Discord	Windows	User	Easy
Exfiltrate information throught Telegram	Windows	User	Easy
SSDT Kernel Hooking	Windows	Kernel	Hard
In-Memory LSASS Dumping	Windows	Admin	Medium
Active Directory Discover	Windows	User	Medium
APC Process Injection using NtQueueApcThreadEx2	Windows	User	Medium
IPC via Thread Description	Windows	User	Easy
UAC Bypass via CMSTP	Windows	User	Medium
Custom WriteProcessMemory	Windows	User	Medium
Custom LoadLibrary	Windows	User	Easy
IPC via RPC	Windows	User	Easy