mirror of
https://github.com/kh4sh3i/Malware-Analysis.git
synced 2025-01-18 08:35:30 +00:00
Update README.md
This commit is contained in:
parent
3a17a04028
commit
763e0d1fd1
68
README.md
68
README.md
@ -1,6 +1,8 @@
|
|||||||
# Malware-Analysis
|
# Malware Analysis
|
||||||
A curated list of awesome malware analysis tools and resources
|
A curated list of awesome malware analysis tools and resources
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
### Types of Malware Attacks
|
### Types of Malware Attacks
|
||||||
<table id="tablepress-2">
|
<table id="tablepress-2">
|
||||||
<thead>
|
<thead>
|
||||||
@ -66,6 +68,65 @@ A curated list of awesome malware analysis tools and resources
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
### Malware Analysis Proccess
|
||||||
|
* Static Analysis
|
||||||
|
* Static Analysis can be done by checking physical states of file. In our case , we used executable file as static samples and to check the physical states of windows executable file Windows provide Portable Executable Format (PE Format) which describes the structure of executable (image) files and object files under the Windows family of operating systems. These files are referred to as Portable Executable (PE) files.
|
||||||
|
|
||||||
|
* Dynamic Analysis
|
||||||
|
* Behaviour Analysis is similar to Dynamic Analysis therefore we created sandbox to find the behaviour of our malicious and good samples and these behaviour includes Registry Operations , Files Operations , Api's Calls , Dll loaded , Mutex Information etc
|
||||||
|
|
||||||
|
* Code Analysis
|
||||||
|
* reversing code with debugger tools
|
||||||
|
* Debugging and Reverse Engineering ,Disassemblers, decompiler
|
||||||
|
|
||||||
|
|
||||||
|
* Memory Analysis
|
||||||
|
* we dumping whole memory and checking for process and handler.
|
||||||
|
* we can find Rootkit and Ransomware Encryption key and find hidden process !
|
||||||
|
|
||||||
|
|
||||||
|
### Tools
|
||||||
|
* Static Analysis
|
||||||
|
* [pestudio](https://www.winitor.com/download/) - Perform static analysis of Windows executables.
|
||||||
|
* [CFF Explorer](http://www.ntcore.com/exsuite.php) - is a suite of tools for portable executable (PE) editing.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
* Dynamic Analysis
|
||||||
|
* [Process Hacker](https://processhacker.sourceforge.io/) - Tool that monitors system resources.
|
||||||
|
* [Process Monitor](https://docs.microsoft.com/en-us/sysinternals/downloads/procmon) - Advanced monitoring tool for Windows programs.
|
||||||
|
* [RegShot](https://sourceforge.net/projects/regshot/) - Registry compare utility that compares snapshots.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
* Code Analysis
|
||||||
|
* Disassembler
|
||||||
|
* [IDA](https://www.hex-rays.com/products/ida/index.shtml)
|
||||||
|
* Decompiler
|
||||||
|
* [IDA Pro](https://www.hex-rays.com/products/ida/index.shtml)
|
||||||
|
* debuggers
|
||||||
|
* [X64dbg](https://github.com/x64dbg/) - An open-source x64/x32 debugger for windows.
|
||||||
|
* [WinDbg](https://developer.microsoft.com/en-us/windows/hardware/download-windbg) - multipurpose debugger for the Microsoft Windows computer operating system
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
* Memory Forensics
|
||||||
|
* [Volatility](https://github.com/volatilityfoundation/volatility) - Advanced memory forensics framework.
|
||||||
|
|
||||||
|
|
||||||
|
* Online Scanners and Sandboxes
|
||||||
|
* [Cuckoo Sandbox](https://cuckoosandbox.org/) - Open source, self hosted sandbox and automated analysis system.
|
||||||
|
* [VirusTotal](https://www.virustotal.com/) - Free online analysis of malware samples and URLs
|
||||||
|
* [Noriben](https://github.com/Rurik/Noriben) - Uses Sysinternals Procmon to collect information about malware in a sandboxed environment.
|
||||||
|
|
||||||
|
* Network
|
||||||
|
* [Wireshark](https://www.wireshark.org/) - The network traffic analysis tool.
|
||||||
|
|
||||||
|
* Android
|
||||||
|
* [MobSF](https://github.com/MobSF/Mobile-Security-Framework-MobSF) – Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
### Which programming languages should I learn?
|
### Which programming languages should I learn?
|
||||||
* Python
|
* Python
|
||||||
@ -77,3 +138,8 @@ A curated list of awesome malware analysis tools and resources
|
|||||||
### Books
|
### Books
|
||||||
* [Practical Malware Analysis](https://www.amazon.co.uk/Practical-Malware-Analysis-Hands-Dissecting/dp/1593272901/)
|
* [Practical Malware Analysis](https://www.amazon.co.uk/Practical-Malware-Analysis-Hands-Dissecting/dp/1593272901/)
|
||||||
* [Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation](https://www.amazon.co.uk/Practical-Reverse-Engineering-Reversing-Obfuscation/dp/1118787315)
|
* [Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation](https://www.amazon.co.uk/Practical-Reverse-Engineering-Reversing-Obfuscation/dp/1118787315)
|
||||||
|
|
||||||
|
|
||||||
|
### reference
|
||||||
|
* [A COMPLETE PRACTICAL APPROACH TO MALWARE ANALYSIS AND MEMORY FORENSICS - 2021 EDITION](https://www.blackhat.com/eu-21/training/schedule/#a-complete-practical-approach-to-malware-analysis-and-memory-forensics----edition-24217)
|
||||||
|
* [Awesome Malware Analysis](https://github.com/rshipp/awesome-malware-analysis)
|
||||||
|
Loading…
Reference in New Issue
Block a user