Update README.md

README.md

@@ -88,7 +88,7 @@ A curated list of awesome malware analysis tools and resources
 ### Tools
 * Static Analysis
   * [pestudio](https://www.winitor.com/download/) - Perform static analysis of Windows executables.
-  * [CFF Explorer](http://www.ntcore.com/exsuite.php) - is a suite of tools for portable executable (PE) editing.
+  * [CFF Explorer](http://www.ntcore.com/exsuite.php) - is a suite of tools for portable executable (PE) checking import directory , export directory and section headers for finding packer [packer use for change pe table schema this UPX]
 
 
 
@@ -138,6 +138,20 @@ A curated list of awesome malware analysis tools and resources
 * [yara](https://github.com/VirusTotal/yara)
 * [Python 3.8.0](https://www.python.org/downloads/release/python-380/) - for ret-sync & ida module
 * [yara-python](https://pypi.org/project/yara-python/) - require for ida module 
+* [intezer analyzer](https://analyze.intezer.com/) - Create MITRE ATT&CK Technique Detection table
+
+### Tips
+* every .exe file can hav some import dll or aeport dll or string
+* new malware dos not use import dll and never call dll, and they are hard to hunt!
+* use ida->view->subvie->string to see all sting
+* ransomware encrpt data with symetric algoritm like sha256 and then send key to c2, they encrypt key with asymetric algoritm like RSA bublic key
+* some malware hade digital signature, an attacker stole sign key from valid company
+* for obfuscate pe file use packer
+* Fuzzy Hashing tools like ssdeep can help hunter to find similarity between two malware with different md5 key
+* Winexex in one of export function from kernel32.dll and can be malicious
+* we can bypass all static analysis with rewrite import dll, with call function with address in memory
+* we can create shellcode with FASM tools in assembly
+* the best future of ida is create basic block for application analysis
 
 
 ### Books