From c8a5e639057d14e405ab6bdcd492ae566d77dc06 Mon Sep 17 00:00:00 2001 From: mether049 Date: Sat, 14 Mar 2020 22:06:02 +0900 Subject: [PATCH] Update malware-analysis_ref_and_memo.md --- malware-analysis_ref_and_memo.md | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/malware-analysis_ref_and_memo.md b/malware-analysis_ref_and_memo.md index 02ff157..91dad9d 100644 --- a/malware-analysis_ref_and_memo.md +++ b/malware-analysis_ref_and_memo.md @@ -20,27 +20,27 @@ DFIR,マルウェア解析,OSINTに特化したUbuntuベースのディスト |name|disassembler|decompiler|debugger|reference| |:-|:-|:-|:-|:-| -|IDA pro|〇|〇(Not free)|〇|||||| -|Binary Ninja|〇|||||||| -|Cutter|〇|r2dec,r2ghidra|native
gdb
windbg
etc.|[INTRO TO CUTTER FOR MALWARE ANALYSIS(2019-03)](https://malwology.com/2019/03/14/intro-to-cutter-for-malware-analysis/)
[megabeets.net](https://www.megabeets.net/?s=cutter)
[Cutter: Presenting r2ghidra Decompiler,r2con 2019](https://www.youtube.com/watch?v=eHtMiezr7l8&list=LLTk6-mAiILdt3V27uab14LA&index=8&t=0s)||||| -|Ghidra|〇|〇||[Reversing WannaCry Part 2 - Diving into the malware with #Ghidra,youtube](https://www.youtube.com/watch?v=Q90uZS3taG0)
[cheetsheet](https://www.oldergeeks.com/downloads/file.php?id=2767)
[Scripting in Ghidra, Patching MacOS Image2Icon](https://duraki.github.io/posts/o/20200227-ghidra-scripting-image2icon.html)
[]()||||| -|x64/x32dbg|〇|Snowman|〇|||||| -|WinDbg|〇||〇|||||| +|[IDA pro](https://www.hex-rays.com/products/ida/)|〇|〇(Not free)|〇|||||| +|[Binary Ninja](https://binary.ninja/)|〇|||||||| +|[Cutter](https://github.com/radareorg/cutter)|〇|r2dec,r2ghidra|native
gdb
windbg
etc.|[INTRO TO CUTTER FOR MALWARE ANALYSIS(2019-03)](https://malwology.com/2019/03/14/intro-to-cutter-for-malware-analysis/)
[megabeets.net](https://www.megabeets.net/?s=cutter)
[Cutter: Presenting r2ghidra Decompiler,r2con 2019](https://www.youtube.com/watch?v=eHtMiezr7l8&list=LLTk6-mAiILdt3V27uab14LA&index=8&t=0s)||||| +|[Ghidra](https://ghidra-sre.org/)|〇|〇||[Reversing WannaCry Part 2 - Diving into the malware with #Ghidra,youtube](https://www.youtube.com/watch?v=Q90uZS3taG0)
[cheetsheet](https://www.oldergeeks.com/downloads/file.php?id=2767)
[Scripting in Ghidra, Patching MacOS Image2Icon](https://duraki.github.io/posts/o/20200227-ghidra-scripting-image2icon.html)
[]()||||| +|[x64/x32dbg](https://x64dbg.com/#start)|〇|Snowman|〇|||||| +|[WinDbg](https://docs.microsoft.com/ja-jp/windows-hardware/drivers/debugger/debugger-download-tools)|〇||〇|||||| |GDB|〇||〇|||||| |objdump|〇||| -|Snowman||〇||||||| +|[Snowman](https://derevenets.com/)||〇||||||| |name|plugin|price|platform|remarks| |:-|:-|:-|:-|:-| -|IDA pro|[Lighthouse](https://github.com/gaasedelen/lighthouse)
[UEFI_RETool](https://github.com/yeggor/UEFI_RETool/tree/master/ida_plugin)
[VT-IDA Plugin](https://github.com/VirusTotal/vt-ida-plugin)|Not free|multi|||||| -|Binary Ninja|[Lighthouse](https://github.com/gaasedelen/lighthouse)|Not free||||||| -|Cutter|[CutterDRcov](https://github.com/oddcoder/CutterDRcov)
[Jupyter Plugin for Cutter](https://github.com/radareorg/cutter-jupyter)
[x64dbgcutter](https://github.com/yossizap/x64dbgcutter)
[etc.](https://github.com/radareorg/cutter-plugins)|free|multi|||||| -|Ghidra|[pwndra](https://github.com/0xb0bb/pwndra)
[ghidra_scripts](https://github.com/alephsecurity/general-research-tools/tree/master/ghidra_scripts)
[OOAnalyzer](https://insights.sei.cmu.edu/sei_blog/2019/07/using-ooanalyzer-to-reverse-engineer-object-oriented-code-with-ghidra.html)|free|multi|||||| -|x64/x32dbg|[DbgChild](https://github.com/David-Reguera-Garcia-Dreg/DbgChild)
[checksec](https://github.com/klks/checksec)
[idenLib](https://github.com/secrary/idenLib)
[xdbg](https://github.com/brock7/xdbg)
[ScyllaHide](https://github.com/x64dbg/ScyllaHide)
[x64dbgpylib](https://github.com/x64dbg/x64dbgpylib)
[ClawSearch](https://github.com/codecat/ClawSearch)
[x64dbg-dark](https://github.com/nextco/x64dbg-dark)
[UaraGen](https://github.com/mrexodia/YaraGen)
[xAnalyzer](https://github.com/ThunderCls/xAnalyzer)
[Unpacking Script](https://github.com/x64dbg/Scripts)|free|windows|||||| +|[IDA pro](https://www.hex-rays.com/products/ida/)|[Lighthouse](https://github.com/gaasedelen/lighthouse)
[UEFI_RETool](https://github.com/yeggor/UEFI_RETool/tree/master/ida_plugin)
[VT-IDA Plugin](https://github.com/VirusTotal/vt-ida-plugin)|Not free|multi|||||| +|[Binary Ninja](https://binary.ninja/)|[Lighthouse](https://github.com/gaasedelen/lighthouse)
[BinDbg](https://github.com/kukfa/bindbg)|Not free|multi|||||| +|[Cutter](https://github.com/radareorg/cutter)|[CutterDRcov](https://github.com/oddcoder/CutterDRcov)
[Jupyter Plugin for Cutter](https://github.com/radareorg/cutter-jupyter)
[x64dbgcutter](https://github.com/yossizap/x64dbgcutter)
[etc.](https://github.com/radareorg/cutter-plugins)|free|multi|||||| +|[Ghidra](https://ghidra-sre.org/)|[pwndra](https://github.com/0xb0bb/pwndra)
[ghidra_scripts](https://github.com/alephsecurity/general-research-tools/tree/master/ghidra_scripts)
[OOAnalyzer](https://insights.sei.cmu.edu/sei_blog/2019/07/using-ooanalyzer-to-reverse-engineer-object-oriented-code-with-ghidra.html)|free|multi|||||| +|[x64/x32dbg](https://x64dbg.com/#start)|[DbgChild](https://github.com/David-Reguera-Garcia-Dreg/DbgChild)
[checksec](https://github.com/klks/checksec)
[idenLib](https://github.com/secrary/idenLib)
[xdbg](https://github.com/brock7/xdbg)
[ScyllaHide](https://github.com/x64dbg/ScyllaHide)
[x64dbgpylib](https://github.com/x64dbg/x64dbgpylib)
[ClawSearch](https://github.com/codecat/ClawSearch)
[x64dbg-dark](https://github.com/nextco/x64dbg-dark)
[UaraGen](https://github.com/mrexodia/YaraGen)
[xAnalyzer](https://github.com/ThunderCls/xAnalyzer)
[Unpacking Script](https://github.com/x64dbg/Scripts)|free|windows|||||| |WinDbg||free|windows|Kernel mode debugging possible||||| -|GDB|gdbpeda
pwngdb|free|linux|||||| +|GDB|gdbpeda
pwngdb|free|linux|[onlinegdb](https://www.onlinegdb.com/)||||| |objdump||free|linux|| -|Snowman||||||||| +|[Snowman](https://derevenets.com/)||free|windows|||||| ### Tracer - [drltrace](https://github.com/DynamoRIO/drmemory/tree/master/drltrace)