ch0ic3/awesome-malware-analysis
1
0
Fork 0
mirror of https://github.com/rshipp/awesome-malware-analysis.git synced 2024-12-19 02:36:09 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #111 from rshipp/hslatman-patch-1

Browse Source 
Add FAME by CERT Société Générale
This commit is contained in:
Herman Slatman 2017-03-27 00:41:15 +02:00 committed by GitHub
commit 74b051873b
1 changed files with 9 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
README.md
View File

@ -61,7 +61,7 @@ A curated list of awesome malware analysis tools and resources. Inspired by
[Dionaea](https://github.com/DinoTools/dionaea) - Honeypot designed to trap malware. [Dionaea](https://github.com/DinoTools/dionaea) - Honeypot designed to trap malware.
* [Glastopf](https://github.com/mushorg/glastopf) - Web application honeypot. * [Glastopf](https://github.com/mushorg/glastopf) - Web application honeypot.
* [Honeyd](http://www.honeyd.org/) - Create a virtual honeynet. * [Honeyd](http://www.honeyd.org/) - Create a virtual honeynet.
* [HoneyDrive](http://bruteforce.gr/honeydrive) - Honeypot bundle Linux distro. * [HoneyDrive](http://bruteforcelab.com/honeydrive) - Honeypot bundle Linux distro.
* [Mnemosyne](https://github.com/johnnykv/mnemosyne) - A normalizer for * [Mnemosyne](https://github.com/johnnykv/mnemosyne) - A normalizer for
honeypot data; supports Dionaea. honeypot data; supports Dionaea.
* [Thug](https://github.com/buffer/thug) - Low interaction honeyclient, for * [Thug](https://github.com/buffer/thug) - Low interaction honeyclient, for
@ -152,8 +152,6 @@ A curated list of awesome malware analysis tools and resources. Inspired by
Network security blocklists. Network security blocklists.
* [Critical Stack- Free Intel Market](https://intel.criticalstack.com) - Free * [Critical Stack- Free Intel Market](https://intel.criticalstack.com) - Free
intel aggregator with deduplication featuring 90+ feeds and over 1.2M indicators. intel aggregator with deduplication featuring 90+ feeds and over 1.2M indicators.
* [CRDF ThreatCenter](http://threatcenter.crdf.fr/) - List of new threats detected
by CRDF anti-malware.
* [Cybercrime tracker](http://cybercrime-tracker.net/) - Multiple botnet active tracker. * [Cybercrime tracker](http://cybercrime-tracker.net/) - Multiple botnet active tracker.
* [FireEye IOCs](https://github.com/fireeye/iocs) - Indicators of Compromise * [FireEye IOCs](https://github.com/fireeye/iocs) - Indicators of Compromise
shared publicly by FireEye. shared publicly by FireEye.
@ -463,7 +461,7 @@ the [browser malware](#browser-malware) section.*
modular debugger with a Qt GUI. modular debugger with a Qt GUI.
* [Fibratus](https://github.com/rabbitstack/fibratus) - Tool for exploration * [Fibratus](https://github.com/rabbitstack/fibratus) - Tool for exploration
and tracing of the Windows kernel. and tracing of the Windows kernel.
* [FPort](http://www.mcafee.com/us/downloads/free-tools/fport.aspx#) - Reports * [FPort](https://www.mcafee.com/us/downloads/free-tools/fport.aspx) - Reports
open TCP/IP and UDP ports in a live system and maps them to the owning application. open TCP/IP and UDP ports in a live system and maps them to the owning application.
* [GDB](http://www.sourceware.org/gdb/) - The GNU debugger. * [GDB](http://www.sourceware.org/gdb/) - The GNU debugger.
* [GEF](https://github.com/hugsy/gef) - GDB Enhanced Features, for exploiters * [GEF](https://github.com/hugsy/gef) - GDB Enhanced Features, for exploiters
@ -485,7 +483,7 @@ the [browser malware](#browser-malware) section.*
Assistance for GDB, an enhanced display with added commands. Assistance for GDB, an enhanced display with added commands.
* [pestudio](https://winitor.com/) - Perform static analysis of Windows * [pestudio](https://winitor.com/) - Perform static analysis of Windows
executables. executables.
* [plasma](https://github.com/joelpx/plasma) - Interactive disassembler for * [plasma](https://github.com/plasma-disassembler/plasma) - Interactive disassembler for
x86/ARM/MIPS. x86/ARM/MIPS.
* [PPEE (puppy)](https://www.mzrst.com/) - A Professional PE file Explorer for * [PPEE (puppy)](https://www.mzrst.com/) - A Professional PE file Explorer for
reversers, malware researchers and those who want to statically inspect PE reversers, malware researchers and those who want to statically inspect PE
@ -511,7 +509,7 @@ the [browser malware](#browser-malware) section.*
plugin for Sublime 3 to aid with malware analyis. plugin for Sublime 3 to aid with malware analyis.
* [strace](https://sourceforge.net/projects/strace/) - Dynamic analysis for * [strace](https://sourceforge.net/projects/strace/) - Dynamic analysis for
Linux executables. Linux executables.
* [Triton](http://triton.quarkslab.com/) - A dynamic binary analysis (DBA) framework. * [Triton](https://triton.quarkslab.com/) - A dynamic binary analysis (DBA) framework.
* [Udis86](https://github.com/vmt/udis86) - Disassembler library and tool * [Udis86](https://github.com/vmt/udis86) - Disassembler library and tool
for x86 and x86_64. for x86 and x86_64.
* [Vivisect](https://github.com/vivisect/vivisect) - Python tool for * [Vivisect](https://github.com/vivisect/vivisect) - Python tool for
@ -603,10 +601,13 @@ the [browser malware](#browser-malware) section.*
## Storage and Workflow ## Storage and Workflow
* [Aleph](https://github.com/trendmicro/aleph) - OpenSource Malware Analysis * [Aleph](https://github.com/merces/aleph) - Open Source Malware Analysis
Pipeline System. Pipeline System.
* [CRITs](https://crits.github.io/) - Collaborative Research Into Threats, a * [CRITs](https://crits.github.io/) - Collaborative Research Into Threats, a
malware and threat repository. malware and threat repository.
* [FAME](https://certsocietegenerale.github.io/fame/) - FAME is a malware analysis framework.
It features a pipeline that can be extended with custom modules that can be chained and
interact with each other to perform end-to-end analysis.
* [Malwarehouse](https://github.com/sroberts/malwarehouse) - Store, tag, and * [Malwarehouse](https://github.com/sroberts/malwarehouse) - Store, tag, and
search malware. search malware.
* [Polichombr](https://github.com/ANSSI-FR/polichombr) - A malware analysis * [Polichombr](https://github.com/ANSSI-FR/polichombr) - A malware analysis
@ -647,7 +648,7 @@ the [browser malware](#browser-malware) section.*
Tools and Techniques for Fighting Malicious Code. Tools and Techniques for Fighting Malicious Code.
* [Practical Malware Analysis](https://amzn.com/dp/1593272901) - The Hands-On Guide * [Practical Malware Analysis](https://amzn.com/dp/1593272901) - The Hands-On Guide
to Dissecting Malicious Software. to Dissecting Malicious Software.
* [Practical Reverse Engineering](http://a.co/63SQsH2) - Intermediate Reverse Engineering * [Practical Reverse Engineering](https://www.amzn.com/dp/1118787315/) - Intermediate Reverse Engineering
* [Real Digital Forensics](https://www.amzn.com/dp/0321240693) - Computer Security and Incident Response * [Real Digital Forensics](https://www.amzn.com/dp/0321240693) - Computer Security and Incident Response
* [The Art of Memory Forensics](https://amzn.com/dp/1118825098) - Detecting * [The Art of Memory Forensics](https://amzn.com/dp/1118825098) - Detecting
Malware and Threats in Windows, Linux, and Mac Memory. Malware and Threats in Windows, Linux, and Mac Memory.