I don’t know how security researchers get their samples but in this post I will provide some resources i’ve found useful. This is mostly for practice and not for finding new samples in the wild although, you could probably catch some in the wild with some of these resources as well.
In the spirit of not re-inventing the wheel there’s already a TON of great resources outlined on the web if you just Google it. the following URL is an amazing resource and the list is well beyond what I have here. https://github.com/wtsxDev/reverse-engineering
Free Malware Sample Sharing Sites
vx-underground.org
malshare.com
malwarezoo (https://penetrum.com)
thezoo (https://github.com/ytisf/theZoo)
Non-Free Malware Sample Sharing Sites
virustotal.com
CrackMe CTFs
https://crackmes.one/
https://github.com/ripxorip/crackmes
Miscellaneous
https://malwareunicorn.org/workshops/re101.html#0
* malware unicorn is badass, and she also has a 102 as well as the 101 course
OALabs – https://www.youtube.com/c/OALabs
* The guys that run OALabs are nothing short of wizards
MÖBIUS STRIP REVERSE ENGINEERING
* I have not taken this course but i’ve heard nothing but great things
reverse-engineering.net aka HEXORCISM
* I am currently taking this course and it’s got a ton of great content, but with my RE / Assembly skillset it’s a little above me still.