1
0
mirror of https://github.com/nganhkhoa/malware.git synced 2024-06-10 21:32:07 +07:00

Update malware-analysis_ref_and_memo.md

This commit is contained in:
mether049 2020-03-31 22:36:06 +09:00 committed by GitHub
parent 0cde8e31e2
commit 564d7c7d24
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -23,7 +23,7 @@ DFIR,マルウェア解析OSINTに特化したUbuntuベースのディスト
|[IDA pro](https://www.hex-rays.com/products/ida/)||(Not free)<br>Snowman(plugin)|||||||
|[Binary Ninja](https://binary.ninja/)|||||||||
|[Cutter](https://github.com/radareorg/cutter)||r2dec,r2ghidra|native<br>gdb<br>windbg<br>etc.|[INTRO TO CUTTER FOR MALWARE ANALYSIS(2019-03)](https://malwology.com/2019/03/14/intro-to-cutter-for-malware-analysis/)<br>[megabeets.net](https://www.megabeets.net/?s=cutter)<br>[Cutter: Presenting r2ghidra Decompiler,r2con 2019](https://www.youtube.com/watch?v=eHtMiezr7l8&list=LLTk6-mAiILdt3V27uab14LA&index=8&t=0s)|||||
|[Ghidra](https://ghidra-sre.org/)||||[Reversing WannaCry Part 2 - Diving into the malware with #Ghidra,youtube](https://www.youtube.com/watch?v=Q90uZS3taG0)<br>[cheetsheet](https://www.oldergeeks.com/downloads/file.php?id=2767)<br>[Scripting in Ghidra, Patching MacOS Image2Icon](https://duraki.github.io/posts/o/20200227-ghidra-scripting-image2icon.html)<br>[]()|||||
|[Ghidra](https://ghidra-sre.org/)||||[Reversing WannaCry Part 2 - Diving into the malware with #Ghidra,youtube](https://www.youtube.com/watch?v=Q90uZS3taG0)<br>[cheetsheet](https://www.oldergeeks.com/downloads/file.php?id=2767)<br>[Scripting in Ghidra, Patching MacOS Image2Icon](https://duraki.github.io/posts/o/20200227-ghidra-scripting-image2icon.html)<br>[Intro to Reverse Engineering](https://medium.com/swlh/intro-to-reverse-engineering-45b38370384)<br>[Intro to Reverse Engineering, Part 2](https://medium.com/swlh/intro-to-reverse-engineering-part-2-4087a70104e9)|||||
|[x64/x32dbg](https://x64dbg.com/#start)||Snowman|||||||
|[WinDbg](https://docs.microsoft.com/ja-jp/windows-hardware/drivers/debugger/debugger-download-tools)|||||||||
|GDB|||||||||
@ -480,7 +480,9 @@ Injecition/Hollowingされたプロセスの自動検出<br>
- ref:
- [Loading a DLL from memory](https://www.joachim-bauch.de/tutorials/loading-a-dll-from-memory/)
- DLLをロードする流れやメモリからロードするツールについて
### Deobfuscation
- バイナリの難読化解除に関するブログ
- [Tales Of Binary Deobfuscation - Part 1](https://ulexec.github.io/ulexec.github.io/article/2020/03/03/Deobfuscation_1.html)
### Symbolic Execurtion
to do...