few tools add

malware-analysis_ref_and_memo.md

@@ -1,4 +1,80 @@
 # Tools
+
+### Static Analysis and Debug tools
+※空欄は調査中(更新予定)
+
+|name|disassembler|decompiler|debugger|reference|
+|:-|:-|:-|:-|:-|
+|IDA pro|〇|〇(Not free)|〇||||||
+|Binary Ninja|〇||||||||
+|Cutter|〇|r2dec,r2ghidra|native<br>gdb<br>windbg<br>etc.|[INTRO TO CUTTER FOR MALWARE ANALYSIS](https://malwology.com/2019/03/14/intro-to-cutter-for-malware-analysis/)<br>[megabeets.net](https://www.megabeets.net/?s=cutter)<br>[Cutter: Presenting r2ghidra Decompiler,r2con 2019](https://www.youtube.com/watch?v=eHtMiezr7l8&list=LLTk6-mAiILdt3V27uab14LA&index=8&t=0s)
+|||||
+|Ghidra|〇|〇|||||||
+|x64/x32dbg|〇|Snowman|〇||||||
+|WinDbg|〇||〇||||||
+|GDB|〇||〇||||||
+|objdump|〇|||
+|Snowman||〇|||||||
+
+|name|plugin|price|platform|remarks|
+|:-|:-|:-|:-|:-|
+|IDA pro|[Lighthouse](https://github.com/gaasedelen/lighthouse)|Not free|multi||||||
+|Binary Ninja|[Lighthouse](https://github.com/gaasedelen/lighthouse)|Not free|||||||
+|Cutter|[CutterDRcov](https://github.com/oddcoder/CutterDRcov)<br>[Jupyter Plugin for Cutter](https://github.com/radareorg/cutter-jupyter)<br>[x64dbgcutter](https://github.com/yossizap/x64dbgcutter)<br>[etc.](https://github.com/radareorg/cutter-plugins)|free|multi||||||
+|Ghidra|[pwndra](https://github.com/0xb0bb/pwndra)|free|multi||||||
+|x64/x32dbg|[DbgChild](https://github.com/David-Reguera-Garcia-Dreg/DbgChild)|free|windows||||||
+|WinDbg||free|windows|Kernel mode debugging possible|||||
+|GDB|gdbpeda<br>pwngdb|free|linux||||||
+|objdump||free|linux||
+|Snowman|||||||||
+
+### Tracer
+- [drltrace](https://github.com/DynamoRIO/drmemory/tree/master/drltrace)
+    - [DynamoRIO](https://github.com/DynamoRIO/dynamorio) based
+    - ライブラリトレーサ(Windows版ltrace)
+- [drstrace](http://drmemory.org/strace_for_windows.html)
+    - DynamoRIO based
+    - システムコールトレーサ(Windows版strace)
+- [memtrace](https://github.com/DynamoRIO/dynamorio/blob/master/api/samples/memtrace_simple.c)
+    - DynamoRIO based
+    - メモリトレーサ
+- [bbbuf](https://github.com/DynamoRIO/dynamorio/blob/master/api/samples/bbbuf.c)
+    - DynamoRIO based
+    - べーシックブロックトレーサ
+- [API Monitor](http://www.rohitab.com/apimonitor)
+    - GUI(Windows)
+    - APIコールを監視ツール
+
+### Instrumentation
+- [drcov](http://dynamorio.org/docs/page_drcov.html)
+    - DynamoRIO based
+    - カバレッジ計測
+    - drrun経由で実行
+```
+> drrun.exe -t drcov -- [program name] [arguments]
+```
+- Intel PIN
+
+### Traffic Analysis tools
+- Wireshark
+    - ref:
+        - [Wireshark Tutorial,Unit42(2019)](https://unit42.paloaltonetworks.com/tag/tutorial/)
+- tcpdump
+- scapy
+- [Fiddle](https://www.telerik.com/fiddler)
+    - Web Proxy debugger
+- [EKFiddle](https://github.com/malwareinfosec/EKFiddle)
+    - ref:
+        - [Malicious Traffic Analysis with EKFiddle(2019-03)](https://drive.google.com/file/d/1VhZyCiHgtDwcCh7cpVWMCTi9B_Nj66AC/view)
+- Burp Suite
+- Fake-net NG
+- INetSim
+- Noriben
+### Forensic
+- EQL
+- Sysinternals
+- Volatility
+    - malconfscan
 ### Online Sandbox
 |name|site|remarks|
 |:-|:-|:-|