mirror of
https://github.com/kh4sh3i/Malware-Analysis.git
synced 2024-12-18 10:26:08 +00:00
Update README.md
This commit is contained in:
parent
64579f7da7
commit
4b5c730a94
18
README.md
18
README.md
@ -96,6 +96,8 @@ A curated list of awesome malware analysis tools and resources
|
||||
* [Process Hacker](https://processhacker.sourceforge.io/) - Tool that monitors system resources.
|
||||
* [Process Monitor](https://docs.microsoft.com/en-us/sysinternals/downloads/procmon) - Advanced monitoring tool for Windows programs.
|
||||
* [RegShot](https://sourceforge.net/projects/regshot/) - Registry compare utility that compares snapshots.
|
||||
* [ProcDot](http://www.procdot.com/) - A graphical malware analysis tool kit.
|
||||
|
||||
|
||||
|
||||
|
||||
@ -111,6 +113,9 @@ A curated list of awesome malware analysis tools and resources
|
||||
|
||||
|
||||
* Memory Forensics
|
||||
* memory acquisition
|
||||
* [Comae-Toolkit](https://github.com/Crypt2Shell/Comae-Toolkit) _ use DumpIt.exe for sump whole memory
|
||||
* memory analysis
|
||||
* [Volatility](https://github.com/volatilityfoundation/volatility) - Advanced memory forensics framework.
|
||||
|
||||
|
||||
@ -125,6 +130,10 @@ A curated list of awesome malware analysis tools and resources
|
||||
* Android
|
||||
* [MobSF](https://github.com/MobSF/Mobile-Security-Framework-MobSF) – Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
|
||||
|
||||
* service emulation
|
||||
* [INetSim](http://www.inetsim.org/) - Network service emulation, useful when building a malware lab.
|
||||
* [FakeNet](https://sourceforge.net/projects/fakenet/) - Windows Network Simulation tool for Malware Analysis
|
||||
|
||||
|
||||
|
||||
|
||||
@ -152,6 +161,15 @@ A curated list of awesome malware analysis tools and resources
|
||||
* we can bypass all static analysis with rewrite import dll, with call function with address in memory
|
||||
* we can create shellcode with FASM tools in assembly
|
||||
* the best future of ida is create basic block for application analysis
|
||||
* export procmon to csv and send to procdot for create png of malware behaviour
|
||||
* almost ransomeware are 32 bit, because they can run on 32 bit and 64 bit architect
|
||||
* some ransomware work when we have complex network, we use FakeNet tools for create all network service
|
||||
* with FakeNet tools and vmware host only, we can see all network connection with c2 server, because 127.0.0.1 set for all dns query
|
||||
* in windows 8 and upper, ther is patchgaurd mechanism that every 30m check critical section and if detedct some app remove linker and DKOM attack happen make bluescrean ! with this role most rootkit lose
|
||||
* we can use psscan command in volatility for finding rootkit and hidden process
|
||||
* .pdb file is so important for detection function name and indexing of system dll that use in malware
|
||||
* in vmware we can suspend vm and copy .vmem for memory analysis. the file size is equal to whole memory size
|
||||
|
||||
|
||||
|
||||
### Books
|
||||
|
Loading…
Reference in New Issue
Block a user