_____ _ _____ _____ _____
|___ / / | |___ / |___ / |___ |
|_ \ | | |_ \ |_ \ / /
___) | | | ___) | ___) | / /
|____/ |_| |____/ |____/ /_/
Malware Analysis & Reversing
Malware::Tools {
- BinText - Finds Ascii, Unicode and Resource strings in a file
- Bokken - GUI for the Pyew malware analysis tool
- Capture-BAT - Tool to monitor the state of a system during the execution of applications
- CEnigma - A web-based tool helping to disassemble hexcode to assembly
- CFF Explorer - PE Editor
- DarunGrim - Binary diffing tool
- Detect It Easy(DiE) - a packer identifier
- dump.py - Dumps a PE from VirtualAlloc/VirtualProtect
- DumpIt by MoonSols - A tool to perform raw memory dumps to a file on Win 32/64bit
- Exeinfo PE - Packer, compressor detector
- fciv - File Checksum Integrity Verifier utility
- Fpipe - TCP or UDP port forwarder/redirector
- GMER - An application that detects and removes rootkits
- Hopper - A reverse engineering tool for OS X and Linux
- HxD - Hex Editor and Disk Editor
- Hybrid Analysis - Free malware analysis service
- IAT Patcher - Persistent IAT hooking tool, based on bearparser (works for PE 32/64 bit)
- IDA Pro - Disassembler and debugger
- Immunity Debugger - Write exploits, analyze malware, and reverse engineer binary files
- Kali Linux - Advanced Penetration Testing Linux Distribution
- OllyDbg - 32-bit assembler level analysing debugger
- PE Explorer - View, Edit, and Reverse Engineer EXE and DLL Files
- PE-bear - Portable Executable reversing tool
- pestudio - Perform static analysis of 32-bit and 64-bit Windows executable files
- pev - PE file analysis toolkit
- PEview - PECOFF structure viewer
- pyew - Python tool to analyse malware
- radare - Radare is a portable reversing framework
- REMnux - A Linux Toolkit for Reverse-Engineering and Analyzing Malware
- Scylla - x64/x86 Imports Reconstruction
- The Backdoor Factory - Patch executable binaries with user desired shellcode
- Vmss2core - A tool to convert VMware checkpoint state files into formats that third party debugger tools understand
- Volatility Framework - Memory analysis and forensics
- VT Hash Check - Let's you right click on file in Explorer and check VirusTotal scores
- WinAPIOverride - API monitoring software for 32 and 64 bits processes
- Wireshark - Network protocol analyzer
- x64_dbg - An open-source x64/x32 debugger for windows
- YARA - The pattern matching swiss knife for malware researchers
} // Malware::Tools
Malware::Recommended Training and Resources {
} // Malware::Recommended Training and Resources
Malware::Acronyms {
- ASLR - Address Space Layout Randomization
- COFF - Common Object File Format
- CRL - Certificate Revocation List
- DEP - Data Execution Prevention
- IAT - Import Address Table
- IRP - I/O Request Packet
- LSASS - Local Security Authority Subsystem Service
- MFT - Master File Table
- OEP - Original Entry Point
- RAT - Remote Access Trojan
- ROP - Return-oriented Programming
- SEH - Structed Exception Handler
- SEHOP - Structed Exception Handler Overwrite Protection
- SSDT - System Service Dispatch Table
} // Malware::Acronyms
Programming
Programming::Tools {
- Catch - A modern, C++-native, header-only, framework for unit-tests, TDD and BDD
- CLion - IDE for developing C and C++ on Linux, OS X and Windows
- Code::Blocks IDE - C, C++, Fortran (Windows, Linux, OSX)
- CodeLite IDE - C, C++, PHP (Windows, Linux, OSX)
- NetBeans IDE - C & C++
- Vim - Vi Improved (Text Editor)
} // Programming::Tools
Programming::Recommended Training and Resources {
} // Programming::Recommended Training and Resources
Programming::Acronyms {
- CLR - Common Language Runtime
- FSM - Finite-state machine
- LLVM - Low Level Virtual Machine
- LMA - Load Memory Address
- PAE - Physical Address Extension
- PEB - Process Environment Block
- QEMU - Quick Emulator
- RAII - Resource Acquisition Is Initialization
- RVA - Relative Virtual Address
- STL - Standard Template Library
- SWIG - Simplified Wrapper and Interface Generator
- TLB - Translation Lookaside Buffer
- TLS - Thread-local Storage
- UML - Unified Modeling Language
- VMA - Virtual Memory Address
} // Programming::Acronyms
-------------------------
Page the SysOp - @twiz718
Last updated: 2019-10-28 12:21:40. Your IP address is: 3.236.112.101.