nganhkhoa/mether049-malware
1
0
Fork 0
mirror of https://github.com/nganhkhoa/malware.git synced 2024-06-10 21:32:07 +07:00
Code Issues Projects Releases Wiki Activity

Update malware-analysis_ref_and_memo.md

Browse Source
This commit is contained in:
mether049 2020-10-25 23:50:29 +09:00 committed by GitHub
parent 85e9d0fa85
commit 8bdabda2cc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
malware-analysis_ref_and_memo.md
View File

@ -38,7 +38,7 @@ DFIR,マルウェア解析OSINTに特化したUbuntuベースのディスト
|name|plugin|price|platform|remarks|
|:-|:-|:-|:-|:-|
|[IDA pro](https://www.hex-rays.com/products/ida/)|[Lighthouse](https://github.com/gaasedelen/lighthouse)<br>[UEFI_RETool](https://github.com/yeggor/UEFI_RETool/tree/master/ida_plugin)<br>[VT-IDA Plugin](https://github.com/VirusTotal/vt-ida-plugin)<br>[uEMU](https://github.com/brendantay/uEmu)<br>[IFL - Interactive Functions List](https://github.com/hasherezade/ida_ifl)|Not free|multi||||||
|[IDA pro](https://www.hex-rays.com/products/ida/)|[Lighthouse](https://github.com/gaasedelen/lighthouse)<br>[UEFI_RETool](https://github.com/yeggor/UEFI_RETool/tree/master/ida_plugin)<br>[VT-IDA Plugin](https://github.com/VirusTotal/vt-ida-plugin)<br>[uEMU](https://github.com/brendantay/uEmu)<br>[IFL - Interactive Functions List](https://github.com/hasherezade/ida_ifl)<br>[PE Tree](https://github.com/blackberry/pe_tree)|Not free|multi||||||
|[Binary Ninja](https://binary.ninja/)|[Lighthouse](https://github.com/gaasedelen/lighthouse)<br>[BinDbg](https://github.com/kukfa/bindbg)<br>[Emotet API+string deobfuscator (v0.1)](https://github.com/mauronz/binja-emotet)|Not free|multi||||||
|[Cutter](https://github.com/radareorg/cutter)|[CutterDRcov](https://github.com/oddcoder/CutterDRcov)<br>[Jupyter Plugin for Cutter](https://github.com/radareorg/cutter-jupyter)<br>[x64dbgcutter](https://github.com/yossizap/x64dbgcutter)<br>[tiny_tracer_tag_to_cutter](https://github.com/Dump-GUY/tiny_tracer_tag_to_cutter)<br>[etc.](https://github.com/radareorg/cutter-plugins)|free|multi||||||
|[Ghidra](https://ghidra-sre.org/)|[pwndra](https://github.com/0xb0bb/pwndra)<br>[ghidra_scripts](https://github.com/alephsecurity/general-research-tools/tree/master/ghidra_scripts)<br>[OOAnalyzer](https://insights.sei.cmu.edu/sei_blog/2019/07/using-ooanalyzer-to-reverse-engineer-object-oriented-code-with-ghidra.html)<br>[ghidra_scripts by ghidraninja](https://github.com/ghidraninja/ghidra_scripts)<br>[ghidra_scripts by AllsafeCyberSecurity](https://github.com/AllsafeCyberSecurity/ghidra_scripts)<br>[reversing-class](https://github.com/nullteilerfrei/reversing-class)<br>[qbot_helper](https://github.com/dark0pcodes/qbot_helper)|free|multi||||||
@ -318,6 +318,10 @@ $child_process=Get-WmiObject -Query $queryNameVersion
echo $child_process
```
- **[libPeConv](https://github.com/hasherezade/libpeconv/)**
- **[PE Tree](https://github.com/blackberry/pe_tree)**
- PEのパース・情報抽出メモリからPEのダンプおよびimportの再構築
- VT,Cyberchefとの連携可能
- スタンドアロンもしくはIDAやRekallのプラグインとして利用可能
### Control Windows features
- **[blackbird](https://www.getblackbird.net/)**