Offensive Security Technique Database
Explore an ever-growing collection of malware techniques used in real-world scenarios. A new technique is added every week, keeping you up to date with the latest threats and research insights. Choose the plan that fits your needs and stay one step ahead in cybersecurity.
We accept PayPal, Credit Card, and Cryptocurrency. For the last option, please email: s12deff@gmail.com
Basic Lifetime
$100 one-time
- Full access to malware techniques database
- Weekly updates
- Lifetime access
Premium Lifetime
$150 one-time
- Full access to malware techniques database
- Weekly updates
- Paper Malware Analysis
- Analysis across all major AV vendors
- Lifetime access
| Name | OS | Privileges | Difficulty |
|---|---|---|---|
| DLL Injection FREE | Windows | User | Easy |
| Classic Shellcode Execution FREE | Windows | User | Easy |
| Classic Process Injection FREE | Windows | User | Easy |
| Asynchronous Procedure Call Injection via NtTestAlert | Windows | User | Medium |
| Remote Function Patcher | Windows | User | Medium |
| ETW Pathcing | Windows | User | Easy |
| AMSI Patching | Windows | User | Medium |
| Shellcode Execution via EnumWindows | Windows | User | Easy |
| Shellcode Execution via EnumChildWindows | Windows | User | Easy |
| Shellcode Execution via Timer | Windows | User | Easy |
| Shellcode Execution using XOR | Windows | User | Medium |
| Hiding Data in SSE2 | Windows | User | Easy |
| Windows Defender Killer | Windows | Administrator | Easy |
| Process Hypnosis Injection | Windows | User | Medium |
| RDP Credential Stealer | Windows | User | Medium |
| Evade Sysmon Rules | Windows | Administrator | Medium |
| Hiding FIle with ADS and XOR | Windows | User | Medium |
| Ghostly Hollowing | Windows | User | Medium |
| AES Shellcode Execution | Windows | User | Medium |
| EarlyBird APC Code Injection | Windows | User | Medium |
| FindWindow Code Injection | Windows | User | Medium |
| Multi-Process DLL Injection | Windows | User | Medium |
| Process Hollowing Injection | Windows | User | Hard |
| Free Thread Hijacking | Windows | User | Hard |
| Malware Payload Control via IPC (Mutex) | Windows | User | Easy |
| IPC via Named Pipes | Windows | User | Easy |
| ETW Interceptor Hook | Windows | User | Hard |
| ETW Ghost Logger | Windows | User | Hard |
| HTML Smuggling | Windows | None | Easy |
| Parent PID Spoofing via Extended STARTUPINFOEX | Windows | User | Easy |
| Keylogger | Windows | User | Easy |
| Early Cascade Injection via Shim-Engine Hooking | Windows | User | Hard |
| AV/EDR Process Whitelist Enumeration | Windows | User | Medium |
| PPID Spoofing via WMI | Windows | User | Easy |
| PPID Spoofing via Scheduled Task | Windows | Administrator | Medium |
| RC4 Shellcode Encryption | Windows | User | Easy |
| Sysmon Driver-Name Enumeration | Windows | Administrator | Medium |
| Store Processes in HashMap Struct | Windows | User | Medium |
| List Process Modules with VirtualQueryEx | Windows | User | Medium |
| RC5 Shellcode Encryption | Windows | User | Easy |
| Hide Payload in Alternate Data Streams | Windows | User | Easy |
| AMSI ScanBuffer | Windows | User | Easy |
| AMSI ScanString | Windows | User | Easy |
| AMSI OpenSession | Windows | User | Medium |
| RC6 Shellcode Encryption | Windows | User | Easy |
| Hiding Keys/Payload in SIMD – SSE | Windows | User | Easy |
| Hiding Shellcode in PNG | Windows | User | Easy |
| Import Address Table Hooking | Windows | User | Easy |
| Keylogger with Anti-Detection | Windows | Administrator | Medium |
| PHANTOM Protocol (Process Hijacking And Network Threat Operations Module) | Windows | User | Hard |
| Windows File Hiding | Windows | User | Easy |
| Enumerate and Subscribe to ETW Providers | Windows | User | Medium |
| Reverse Shell | Windows | User | Medium |
| Compile-Time String Encryption | Windows | User | Easy |
| Microsoft Edge Cookie Stealer | Windows | User | Medium |
| Dump Windows Credential Manager | Windows | User | Easy |
| Blind Shell | Windows | User | Medium |
| Exfiltrate information throught Discord | Windows | User | Easy |
| Exfiltrate information throught Telegram | Windows | User | Easy |
| SSDT Kernel Hooking | Windows | Kernel | Hard |
| In-Memory LSASS Dumping | Windows | Admin | Medium |
| Active Directory Discover | Windows | User | Medium |
| APC Process Injection using NtQueueApcThreadEx2 | Windows | User | Medium |
| IPC via Thread Description | Windows | User | Easy |
| UAC Bypass via CMSTP | Windows | User | Medium |
| Custom WriteProcessMemory | Windows | User | Medium |
| Custom LoadLibrary | Windows | User | Easy |
| IPC via RPC | Windows | User | Easy |
| List PPL Levels by Process | Windows | Kernel | Medium |
| Ptrace Process Injection | Android | User | Hard |
| Disable PPL Process Protection | Windows | Kernel | Medium |
| Arbitrary Process Termination via BYOVD | Windows | Admin | Easy |
| Reflective DLL Injection | Windows | User | Medium |
| Layered Compile-Time String Encryption | Windows | User | Hard |
| Direct Shellcode Execution | Windows | User | Easy |
| Thread Hijacking | Windows | User | Easy |
| Shared Memory Injection | Windows | User | Easy |
| HTTPS Downloader Dropper (with Remote Thread DLL Injection ) | Windows | User | Easy |
| Cross-architecture Shellcode Execution | Windows | User | Easy |