mirror of
https://github.com/rshipp/awesome-malware-analysis.git
synced 2024-12-20 19:26:09 +00:00
Merge pull request #111 from rshipp/hslatman-patch-1
Add FAME by CERT Société Générale
This commit is contained in:
commit
74b051873b
17
README.md
17
README.md
@ -61,7 +61,7 @@ A curated list of awesome malware analysis tools and resources. Inspired by
|
|||||||
[Dionaea](https://github.com/DinoTools/dionaea) - Honeypot designed to trap malware.
|
[Dionaea](https://github.com/DinoTools/dionaea) - Honeypot designed to trap malware.
|
||||||
* [Glastopf](https://github.com/mushorg/glastopf) - Web application honeypot.
|
* [Glastopf](https://github.com/mushorg/glastopf) - Web application honeypot.
|
||||||
* [Honeyd](http://www.honeyd.org/) - Create a virtual honeynet.
|
* [Honeyd](http://www.honeyd.org/) - Create a virtual honeynet.
|
||||||
* [HoneyDrive](http://bruteforce.gr/honeydrive) - Honeypot bundle Linux distro.
|
* [HoneyDrive](http://bruteforcelab.com/honeydrive) - Honeypot bundle Linux distro.
|
||||||
* [Mnemosyne](https://github.com/johnnykv/mnemosyne) - A normalizer for
|
* [Mnemosyne](https://github.com/johnnykv/mnemosyne) - A normalizer for
|
||||||
honeypot data; supports Dionaea.
|
honeypot data; supports Dionaea.
|
||||||
* [Thug](https://github.com/buffer/thug) - Low interaction honeyclient, for
|
* [Thug](https://github.com/buffer/thug) - Low interaction honeyclient, for
|
||||||
@ -152,8 +152,6 @@ A curated list of awesome malware analysis tools and resources. Inspired by
|
|||||||
Network security blocklists.
|
Network security blocklists.
|
||||||
* [Critical Stack- Free Intel Market](https://intel.criticalstack.com) - Free
|
* [Critical Stack- Free Intel Market](https://intel.criticalstack.com) - Free
|
||||||
intel aggregator with deduplication featuring 90+ feeds and over 1.2M indicators.
|
intel aggregator with deduplication featuring 90+ feeds and over 1.2M indicators.
|
||||||
* [CRDF ThreatCenter](http://threatcenter.crdf.fr/) - List of new threats detected
|
|
||||||
by CRDF anti-malware.
|
|
||||||
* [Cybercrime tracker](http://cybercrime-tracker.net/) - Multiple botnet active tracker.
|
* [Cybercrime tracker](http://cybercrime-tracker.net/) - Multiple botnet active tracker.
|
||||||
* [FireEye IOCs](https://github.com/fireeye/iocs) - Indicators of Compromise
|
* [FireEye IOCs](https://github.com/fireeye/iocs) - Indicators of Compromise
|
||||||
shared publicly by FireEye.
|
shared publicly by FireEye.
|
||||||
@ -463,7 +461,7 @@ the [browser malware](#browser-malware) section.*
|
|||||||
modular debugger with a Qt GUI.
|
modular debugger with a Qt GUI.
|
||||||
* [Fibratus](https://github.com/rabbitstack/fibratus) - Tool for exploration
|
* [Fibratus](https://github.com/rabbitstack/fibratus) - Tool for exploration
|
||||||
and tracing of the Windows kernel.
|
and tracing of the Windows kernel.
|
||||||
* [FPort](http://www.mcafee.com/us/downloads/free-tools/fport.aspx#) - Reports
|
* [FPort](https://www.mcafee.com/us/downloads/free-tools/fport.aspx) - Reports
|
||||||
open TCP/IP and UDP ports in a live system and maps them to the owning application.
|
open TCP/IP and UDP ports in a live system and maps them to the owning application.
|
||||||
* [GDB](http://www.sourceware.org/gdb/) - The GNU debugger.
|
* [GDB](http://www.sourceware.org/gdb/) - The GNU debugger.
|
||||||
* [GEF](https://github.com/hugsy/gef) - GDB Enhanced Features, for exploiters
|
* [GEF](https://github.com/hugsy/gef) - GDB Enhanced Features, for exploiters
|
||||||
@ -485,7 +483,7 @@ the [browser malware](#browser-malware) section.*
|
|||||||
Assistance for GDB, an enhanced display with added commands.
|
Assistance for GDB, an enhanced display with added commands.
|
||||||
* [pestudio](https://winitor.com/) - Perform static analysis of Windows
|
* [pestudio](https://winitor.com/) - Perform static analysis of Windows
|
||||||
executables.
|
executables.
|
||||||
* [plasma](https://github.com/joelpx/plasma) - Interactive disassembler for
|
* [plasma](https://github.com/plasma-disassembler/plasma) - Interactive disassembler for
|
||||||
x86/ARM/MIPS.
|
x86/ARM/MIPS.
|
||||||
* [PPEE (puppy)](https://www.mzrst.com/) - A Professional PE file Explorer for
|
* [PPEE (puppy)](https://www.mzrst.com/) - A Professional PE file Explorer for
|
||||||
reversers, malware researchers and those who want to statically inspect PE
|
reversers, malware researchers and those who want to statically inspect PE
|
||||||
@ -511,7 +509,7 @@ the [browser malware](#browser-malware) section.*
|
|||||||
plugin for Sublime 3 to aid with malware analyis.
|
plugin for Sublime 3 to aid with malware analyis.
|
||||||
* [strace](https://sourceforge.net/projects/strace/) - Dynamic analysis for
|
* [strace](https://sourceforge.net/projects/strace/) - Dynamic analysis for
|
||||||
Linux executables.
|
Linux executables.
|
||||||
* [Triton](http://triton.quarkslab.com/) - A dynamic binary analysis (DBA) framework.
|
* [Triton](https://triton.quarkslab.com/) - A dynamic binary analysis (DBA) framework.
|
||||||
* [Udis86](https://github.com/vmt/udis86) - Disassembler library and tool
|
* [Udis86](https://github.com/vmt/udis86) - Disassembler library and tool
|
||||||
for x86 and x86_64.
|
for x86 and x86_64.
|
||||||
* [Vivisect](https://github.com/vivisect/vivisect) - Python tool for
|
* [Vivisect](https://github.com/vivisect/vivisect) - Python tool for
|
||||||
@ -603,10 +601,13 @@ the [browser malware](#browser-malware) section.*
|
|||||||
|
|
||||||
## Storage and Workflow
|
## Storage and Workflow
|
||||||
|
|
||||||
* [Aleph](https://github.com/trendmicro/aleph) - OpenSource Malware Analysis
|
* [Aleph](https://github.com/merces/aleph) - Open Source Malware Analysis
|
||||||
Pipeline System.
|
Pipeline System.
|
||||||
* [CRITs](https://crits.github.io/) - Collaborative Research Into Threats, a
|
* [CRITs](https://crits.github.io/) - Collaborative Research Into Threats, a
|
||||||
malware and threat repository.
|
malware and threat repository.
|
||||||
|
* [FAME](https://certsocietegenerale.github.io/fame/) - FAME is a malware analysis framework.
|
||||||
|
It features a pipeline that can be extended with custom modules that can be chained and
|
||||||
|
interact with each other to perform end-to-end analysis.
|
||||||
* [Malwarehouse](https://github.com/sroberts/malwarehouse) - Store, tag, and
|
* [Malwarehouse](https://github.com/sroberts/malwarehouse) - Store, tag, and
|
||||||
search malware.
|
search malware.
|
||||||
* [Polichombr](https://github.com/ANSSI-FR/polichombr) - A malware analysis
|
* [Polichombr](https://github.com/ANSSI-FR/polichombr) - A malware analysis
|
||||||
@ -647,7 +648,7 @@ the [browser malware](#browser-malware) section.*
|
|||||||
Tools and Techniques for Fighting Malicious Code.
|
Tools and Techniques for Fighting Malicious Code.
|
||||||
* [Practical Malware Analysis](https://amzn.com/dp/1593272901) - The Hands-On Guide
|
* [Practical Malware Analysis](https://amzn.com/dp/1593272901) - The Hands-On Guide
|
||||||
to Dissecting Malicious Software.
|
to Dissecting Malicious Software.
|
||||||
* [Practical Reverse Engineering](http://a.co/63SQsH2) - Intermediate Reverse Engineering
|
* [Practical Reverse Engineering](https://www.amzn.com/dp/1118787315/) - Intermediate Reverse Engineering
|
||||||
* [Real Digital Forensics](https://www.amzn.com/dp/0321240693) - Computer Security and Incident Response
|
* [Real Digital Forensics](https://www.amzn.com/dp/0321240693) - Computer Security and Incident Response
|
||||||
* [The Art of Memory Forensics](https://amzn.com/dp/1118825098) - Detecting
|
* [The Art of Memory Forensics](https://amzn.com/dp/1118825098) - Detecting
|
||||||
Malware and Threats in Windows, Linux, and Mac Memory.
|
Malware and Threats in Windows, Linux, and Mac Memory.
|
||||||
|
Loading…
Reference in New Issue
Block a user