Merge branch 'main' into master

This commit is contained in:
Limin Yang 2021-08-23 16:27:51 -07:00 committed by GitHub
commit c39411a266
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 37 additions and 2 deletions

View File

@ -107,10 +107,12 @@ View Chinese translation: [恶意软件分析大合集.md](恶意软件分析大
of malware sample sources put together by Lenny Zeltser. of malware sample sources put together by Lenny Zeltser.
* [Zeus Source Code](https://github.com/Visgean/Zeus) - Source for the Zeus * [Zeus Source Code](https://github.com/Visgean/Zeus) - Source for the Zeus
trojan leaked in 2011. trojan leaked in 2011.
* [VX Underground](http://vx-underground.org/) - Massive and growing collection of free malware samples.
* [BODMAS PE Malware Dataset](https://whyisyoung.github.io/BODMAS/) - Collection of 57,293 PE malware samples * [BODMAS PE Malware Dataset](https://whyisyoung.github.io/BODMAS/) - Collection of 57,293 PE malware samples
and 77,142 benign samples during 2019 and 2020. and 77,142 benign samples during 2019 and 2020.
Binaries (malware only), feature vectors, malware families, timestamp are available. Binaries (malware only), feature vectors, malware families, timestamp are available.
## Open Source Threat Intelligence ## Open Source Threat Intelligence
### Tools ### Tools
@ -212,6 +214,7 @@ View Chinese translation: [恶意软件分析大合集.md](恶意软件分析大
intelligence, with search. intelligence, with search.
* [threatRECON](https://threatrecon.co/) - Search for indicators, up to 1000 * [threatRECON](https://threatrecon.co/) - Search for indicators, up to 1000
free per month. free per month.
* [ThreatShare](https://threatshare.io/) - C2 panel tracker
* [Yara rules](https://github.com/Yara-Rules/rules) - Yara rules repository. * [Yara rules](https://github.com/Yara-Rules/rules) - Yara rules repository.
* [YETI](https://github.com/yeti-platform/yeti) - Yeti is a platform meant to organize observables, indicators of compromise, TTPs, and knowledge on threats in a single, unified repository. * [YETI](https://github.com/yeti-platform/yeti) - Yeti is a platform meant to organize observables, indicators of compromise, TTPs, and knowledge on threats in a single, unified repository.
* [ZeuS Tracker](https://zeustracker.abuse.ch/blocklist.php) - ZeuS * [ZeuS Tracker](https://zeustracker.abuse.ch/blocklist.php) - ZeuS
@ -228,6 +231,7 @@ View Chinese translation: [恶意软件分析大合集.md](恶意软件分析大
* [BinaryAlert](https://github.com/airbnb/binaryalert) - An open source, serverless * [BinaryAlert](https://github.com/airbnb/binaryalert) - An open source, serverless
AWS pipeline that scans and alerts on uploaded files based on a set of AWS pipeline that scans and alerts on uploaded files based on a set of
YARA rules. YARA rules.
* [capa](https://github.com/fireeye/capa) - Detects capabilities in executable files.
* [chkrootkit](http://www.chkrootkit.org/) - Local Linux rootkit detection. * [chkrootkit](http://www.chkrootkit.org/) - Local Linux rootkit detection.
* [ClamAV](http://www.clamav.net/) - Open source antivirus engine. * [ClamAV](http://www.clamav.net/) - Open source antivirus engine.
* [Detect It Easy(DiE)](https://github.com/horsicq/Detect-It-Easy) - A program for * [Detect It Easy(DiE)](https://github.com/horsicq/Detect-It-Easy) - A program for
@ -238,6 +242,8 @@ View Chinese translation: [恶意软件分析大合集.md](恶意软件分析大
edit file metadata. edit file metadata.
* [File Scanning Framework](https://github.com/EmersonElectricCo/fsf) - * [File Scanning Framework](https://github.com/EmersonElectricCo/fsf) -
Modular, recursive file scanning solution. Modular, recursive file scanning solution.
* [fn2yara](https://github.com/cmu-sei/pharos) - FN2Yara is a tool to generate
Yara signatures for matching functions (code) in an executable program.
* [Generic File Parser](https://github.com/uppusaikiran/generic-parser) - A Single Library Parser to extract meta information,static analysis and detect macros within the files. * [Generic File Parser](https://github.com/uppusaikiran/generic-parser) - A Single Library Parser to extract meta information,static analysis and detect macros within the files.
* [hashdeep](https://github.com/jessek/hashdeep) - Compute digest hashes with * [hashdeep](https://github.com/jessek/hashdeep) - Compute digest hashes with
a variety of algorithms. a variety of algorithms.
@ -413,6 +419,9 @@ executables.
*Analyze malicious URLs. See also the [domain analysis](#domain-analysis) and *Analyze malicious URLs. See also the [domain analysis](#domain-analysis) and
[documents and shellcode](#documents-and-shellcode) sections.* [documents and shellcode](#documents-and-shellcode) sections.*
* [Bytecode Viewer](https://github.com/Konloch/bytecode-viewer) - Combines
multiple Java bytecode viewers and decompilers into one tool, including
APK/DEX support.
* [Firebug](https://getfirebug.com/) - Firefox extension for web development. * [Firebug](https://getfirebug.com/) - Firefox extension for web development.
* [Java Decompiler](http://jd.benow.ca/) - Decompile and inspect Java apps. * [Java Decompiler](http://jd.benow.ca/) - Decompile and inspect Java apps.
* [Java IDX Parser](https://github.com/Rurik/Java_IDX_Parser/) - Parses Java * [Java IDX Parser](https://github.com/Rurik/Java_IDX_Parser/) - Parses Java
@ -504,6 +513,14 @@ the [browser malware](#browser-malware) section.*
XOR key using frequency analysis. XOR key using frequency analysis.
* [PackerAttacker](https://github.com/BromiumLabs/PackerAttacker) - A generic * [PackerAttacker](https://github.com/BromiumLabs/PackerAttacker) - A generic
hidden code extractor for Windows malware. hidden code extractor for Windows malware.
* [PyInstaller Extractor](https://github.com/extremecoders-re/pyinstxtractor) -
A Python script to extract the contents of a PyInstaller generated Windows
executable file. The contents of the pyz file (usually pyc files) present
inside the executable are also extracted and automatically fixed so that a
Python bytecode decompiler will recognize it.
* [uncompyle6](https://github.com/rocky/python-uncompyle6/) - A cross-version
Python bytecode decompiler. Translates Python bytecode back into equivalent
Python source code.
* [un{i}packer](https://github.com/unipacker/unipacker) - Automatic and * [un{i}packer](https://github.com/unipacker/unipacker) - Automatic and
platform-independent unpacker for Windows binaries based on emulation. platform-independent unpacker for Windows binaries based on emulation.
* [unpacker](https://github.com/malwaremusings/unpacker/) - Automated malware * [unpacker](https://github.com/malwaremusings/unpacker/) - Automated malware
@ -536,6 +553,7 @@ the [browser malware](#browser-malware) section.*
* [Binary ninja](https://binary.ninja/) - A reversing engineering platform * [Binary ninja](https://binary.ninja/) - A reversing engineering platform
that is an alternative to IDA. that is an alternative to IDA.
* [Binwalk](https://github.com/devttys0/binwalk) - Firmware analysis tool. * [Binwalk](https://github.com/devttys0/binwalk) - Firmware analysis tool.
* [BluePill](https://github.com/season-lab/bluepill) - Framework for executing and debugging evasive malware and protected executables.
* [Capstone](https://github.com/aquynh/capstone) - Disassembly framework for * [Capstone](https://github.com/aquynh/capstone) - Disassembly framework for
binary analysis and reversing, with support for many architectures and binary analysis and reversing, with support for many architectures and
bindings in several languages. bindings in several languages.
@ -581,6 +599,9 @@ the [browser malware](#browser-malware) section.*
for static analysis of Linux binaries. for static analysis of Linux binaries.
* [OllyDbg](http://www.ollydbg.de/) - An assembly-level debugger for Windows * [OllyDbg](http://www.ollydbg.de/) - An assembly-level debugger for Windows
executables. executables.
* [OllyDumpEx](https://low-priority.appspot.com/ollydumpex/) - Dump memory
from (unpacked) malware Windows process and store raw or rebuild PE file.
This is a plugin for OllyDbg, Immunity Debugger, IDA Pro, WinDbg, and x64dbg.
* [PANDA](https://github.com/moyix/panda) - Platform for Architecture-Neutral * [PANDA](https://github.com/moyix/panda) - Platform for Architecture-Neutral
Dynamic Analysis. Dynamic Analysis.
* [PEDA](https://github.com/longld/peda) - Python Exploit Development * [PEDA](https://github.com/longld/peda) - Python Exploit Development
@ -617,6 +638,10 @@ the [browser malware](#browser-malware) section.*
[API](https://retdec.com/api/) that you can use in your tools. [API](https://retdec.com/api/) that you can use in your tools.
* [ROPMEMU](https://github.com/Cisco-Talos/ROPMEMU) - A framework to analyze, dissect * [ROPMEMU](https://github.com/Cisco-Talos/ROPMEMU) - A framework to analyze, dissect
and decompile complex code-reuse attacks. and decompile complex code-reuse attacks.
* [Scylla Imports Reconstructor](https://github.com/NtQuery/Scylla) - Find and fix
the IAT of an unpacked / dumped PE32 malware.
* [ScyllaHide](https://github.com/x64dbg/ScyllaHide) - An Anti-Anti-Debug library
and plugin for OllyDbg, x64dbg, IDA Pro, and TitanEngine.
* [SMRT](https://github.com/pidydx/SMRT) - Sublime Malware Research Tool, a * [SMRT](https://github.com/pidydx/SMRT) - Sublime Malware Research Tool, a
plugin for Sublime 3 to aid with malware analyis. plugin for Sublime 3 to aid with malware analyis.
* [strace](https://sourceforge.net/projects/strace/) - Dynamic analysis for * [strace](https://sourceforge.net/projects/strace/) - Dynamic analysis for
@ -774,6 +799,7 @@ the [browser malware](#browser-malware) section.*
environments in the same way as malware families do. environments in the same way as malware families do.
* [REMnux](https://remnux.org/) - Linux distribution and docker images for * [REMnux](https://remnux.org/) - Linux distribution and docker images for
malware reverse engineering and analysis. malware reverse engineering and analysis.
* [Tsurugi Linux](https://tsurugi-linux.org/) - Linux distribution designed to support your DFIR investigations, malware analysis and OSINT (Open Source INTelligence) activities.
* [Santoku Linux](https://santoku-linux.com/) - Linux distribution for mobile * [Santoku Linux](https://santoku-linux.com/) - Linux distribution for mobile
forensics, malware analysis, and security. forensics, malware analysis, and security.
@ -826,6 +852,9 @@ the [browser malware](#browser-malware) section.*
Presentation introducing the concepts of malware analysis, threat intelligence Presentation introducing the concepts of malware analysis, threat intelligence
and reverse engineering. Experience or prior knowledge is not required. Labs and reverse engineering. Experience or prior knowledge is not required. Labs
link in description. link in description.
* [Malware Persistence](https://github.com/Karneades/malware-persistence) - Collection
of various information focused on malware persistence: detection (techniques),
response, pitfalls and the log collection (tools).
* [Malware Samples and Traffic](http://malware-traffic-analysis.net/) - This * [Malware Samples and Traffic](http://malware-traffic-analysis.net/) - This
blog focuses on network traffic related to malware infections. blog focuses on network traffic related to malware infections.
* [Malware Search+++](https://addons.mozilla.org/fr/firefox/addon/malware-search-plusplusplus/) Firefox extension allows * [Malware Search+++](https://addons.mozilla.org/fr/firefox/addon/malware-search-plusplusplus/) Firefox extension allows

View File

@ -54,6 +54,8 @@
* [Glastopf](http://glastopf.org/) - Web 应用蜜罐 * [Glastopf](http://glastopf.org/) - Web 应用蜜罐
* [Honeyd](http://honeyd.org/) - 创建一个虚拟蜜罐 * [Honeyd](http://honeyd.org/) - 创建一个虚拟蜜罐
* [HoneyDrive](http://bruteforcelab.com/honeydrive) - 蜜罐包的 Linux 发行版 * [HoneyDrive](http://bruteforcelab.com/honeydrive) - 蜜罐包的 Linux 发行版
* [Honeytrap](https://github.com/honeytrap/honeytrap) - 运行、监控、管理蜜罐的开源系统
* [MHN](https://github.com/pwnlandia/mhn) - MHN 是管理蜜罐的集中式服务器,可以快速部署蜜罐收集数据,并提供统一的 Web 界面
* [Mnemosyne](https://github.com/johnnykv/mnemosyne) - 受 Dinoaea 支持的蜜罐数据标准化 * [Mnemosyne](https://github.com/johnnykv/mnemosyne) - 受 Dinoaea 支持的蜜罐数据标准化
* [Thug](https://github.com/buffer/thug) - 用来调查恶意网站的低交互蜜罐 * [Thug](https://github.com/buffer/thug) - 用来调查恶意网站的低交互蜜罐
@ -141,6 +143,7 @@
* [SystemLookup](https://www.systemlookup.com/) - SystemLookup 可以提供合法的或PUP的组件信息 * [SystemLookup](https://www.systemlookup.com/) - SystemLookup 可以提供合法的或PUP的组件信息
* [ThreatMiner](https://www.threatminer.org/) - 威胁情报数据挖掘接口 * [ThreatMiner](https://www.threatminer.org/) - 威胁情报数据挖掘接口
* [threatRECON](https://threatrecon.co/) - 搜索指标,每月最多一千次 * [threatRECON](https://threatrecon.co/) - 搜索指标,每月最多一千次
* [ThreatShare](https://threatshare.io/) - C2 面板跟踪
* [Yara rules](https://github.com/Yara-Rules/rules) - Yara 规则集 * [Yara rules](https://github.com/Yara-Rules/rules) - Yara 规则集
* [YETI](https://github.com/yeti-platform/yeti) - Yeti 是一个旨在组织数据中的可观察性、IOC 指标、TTP 和威胁情报 * [YETI](https://github.com/yeti-platform/yeti) - Yeti 是一个旨在组织数据中的可观察性、IOC 指标、TTP 和威胁情报
* [ZeuS Tracker](https://zeustracker.abuse.ch/blocklist.php) - ZeuS 黑名单 * [ZeuS Tracker](https://zeustracker.abuse.ch/blocklist.php) - ZeuS 黑名单
@ -152,6 +155,7 @@
* [AnalyzePE](https://github.com/hiddenillusion/AnalyzePE) - Windows PE 文件的分析器 * [AnalyzePE](https://github.com/hiddenillusion/AnalyzePE) - Windows PE 文件的分析器
* [Assemblyline](https://bitbucket.org/cse-assemblyline/assemblyline) - 大规模分布式文件分析框架 * [Assemblyline](https://bitbucket.org/cse-assemblyline/assemblyline) - 大规模分布式文件分析框架
* [BinaryAlert](https://github.com/airbnb/binaryalert) - 开源、无服务 AWS 管道,用于对上传的文件使用 YARA 进行扫描和报警 * [BinaryAlert](https://github.com/airbnb/binaryalert) - 开源、无服务 AWS 管道,用于对上传的文件使用 YARA 进行扫描和报警
* [capa](https://github.com/fireeye/capa) - 检测可执行文件的攻击能力
* [chkrootkit](http://www.chkrootkit.org/) - 本地 Linux rootkit 检测 * [chkrootkit](http://www.chkrootkit.org/) - 本地 Linux rootkit 检测
* [ClamAV](http://www.clamav.net/) - 开源反病毒引擎 * [ClamAV](http://www.clamav.net/) - 开源反病毒引擎
* [Detect It Easy(DiE)](https://github.com/horsicq/Detect-It-Easy) - 用于确定文件类型的程序 * [Detect It Easy(DiE)](https://github.com/horsicq/Detect-It-Easy) - 用于确定文件类型的程序
@ -170,6 +174,7 @@
* [nsrllookup](https://github.com/rjhansen/nsrllookup) - 查询 NIST's National Software Reference Library 数据库中哈希的工具 * [nsrllookup](https://github.com/rjhansen/nsrllookup) - 查询 NIST's National Software Reference Library 数据库中哈希的工具
* [packerid](http://handlers.sans.org/jclausing/packerid.py) - 跨平台的 PEiD 的替代品 * [packerid](http://handlers.sans.org/jclausing/packerid.py) - 跨平台的 PEiD 的替代品
* [PE-bear](https://hshrzd.wordpress.com/pe-bear/) - PE 文件的逆向工具 * [PE-bear](https://hshrzd.wordpress.com/pe-bear/) - PE 文件的逆向工具
* [PEframe](https://github.com/guelfoweb/peframe) - PEframe 可以对 PE 文件与 Office 文档文件进行静态分析
* [PEV](http://pev.sourceforge.net/) - 为正确分析可疑的二进制文件提供功能丰富工具的 PE 文件多平台分析工具集 * [PEV](http://pev.sourceforge.net/) - 为正确分析可疑的二进制文件提供功能丰富工具的 PE 文件多平台分析工具集
* [PortEx](https://github.com/katjahahn/PortEx) - 聚焦于与 PE 文件相关恶意软件分析的 Java 库 * [PortEx](https://github.com/katjahahn/PortEx) - 聚焦于与 PE 文件相关恶意软件分析的 Java 库
* [Quark-Engine](https://github.com/quark-engine/quark-engine) - 能够对抗混淆的 Android 恶意软件评估系统 * [Quark-Engine](https://github.com/quark-engine/quark-engine) - 能够对抗混淆的 Android 恶意软件评估系统
@ -177,7 +182,6 @@
* [ssdeep](https://ssdeep-project.github.io/ssdeep/) - 计算模糊哈希值 * [ssdeep](https://ssdeep-project.github.io/ssdeep/) - 计算模糊哈希值
* [totalhash.py](https://gist.github.com/malc0de/10270150) - 一个简单搜索[TotalHash.com](http://totalhash.com/) 数据库的 Python 脚本 * [totalhash.py](https://gist.github.com/malc0de/10270150) - 一个简单搜索[TotalHash.com](http://totalhash.com/) 数据库的 Python 脚本
* [TrID](http://mark0.net/soft-trid-e.html) - 文件识别 * [TrID](http://mark0.net/soft-trid-e.html) - 文件识别
* [virustotal-falsepositive-detector](https://github.com/uppusaikiran/virustotal-falsepositive-detector) - 基于命名相似性来分析 Virustotal Report 来寻找潜在误报的工具
* [YARA](https://plusvic.github.io/yara/) - 分析师利用的模式识别工具 * [YARA](https://plusvic.github.io/yara/) - 分析师利用的模式识别工具
* [Yara rules generator](https://github.com/Neo23x0/yarGen) - 基于恶意样本生成 yara 规则,也包含避免误报的字符串数据库 * [Yara rules generator](https://github.com/Neo23x0/yarGen) - 基于恶意样本生成 yara 规则,也包含避免误报的字符串数据库
* [Yara Finder](https://github.com/uppusaikiran/yara-finder) - 使用不同 yara 规则匹配文件的简单工具,以期找到可疑指标 * [Yara Finder](https://github.com/uppusaikiran/yara-finder) - 使用不同 yara 规则匹配文件的简单工具,以期找到可疑指标
@ -245,6 +249,7 @@
* [Multi rbl](http://multirbl.valli.org/) - 多个 DNS 黑名单,反向查找超过 300 个 RBL * [Multi rbl](http://multirbl.valli.org/) - 多个 DNS 黑名单,反向查找超过 300 个 RBL
* [NormShield Services](https://services.normshield.com/) - 用于检测潜在的钓鱼域名、黑名单中的 IP 地址与非法账户 * [NormShield Services](https://services.normshield.com/) - 用于检测潜在的钓鱼域名、黑名单中的 IP 地址与非法账户
* [PhishStats](https://phishstats.info/) - 搜索IP、域名和网站标题的钓鱼统计信息 * [PhishStats](https://phishstats.info/) - 搜索IP、域名和网站标题的钓鱼统计信息
* [Spyse](https://spyse.com/) - 子域名、whois、相关域名、DNS、主机自治域、证书信息
* [SecurityTrails](https://securitytrails.com/) - 历史与当前WHOIS、DNS数据相似域名、证书信息以及其他与域名和 IP 相关的数据 * [SecurityTrails](https://securitytrails.com/) - 历史与当前WHOIS、DNS数据相似域名、证书信息以及其他与域名和 IP 相关的数据
* [SpamCop](https://www.spamcop.net/bl.shtml) - 垃圾邮件 IP 黑名单IP * [SpamCop](https://www.spamcop.net/bl.shtml) - 垃圾邮件 IP 黑名单IP
* [SpamHaus](http://www.spamhaus.org/lookup/) - 基于域名和 IP 的黑名单 * [SpamHaus](http://www.spamhaus.org/lookup/) - 基于域名和 IP 的黑名单
@ -282,7 +287,6 @@
* [box-js](https://github.com/CapacitorSet/box-js) - 用于研究 JavaScript 恶意软件的工具,支持 JScript/WScript 和 ActiveX 仿真功能 * [box-js](https://github.com/CapacitorSet/box-js) - 用于研究 JavaScript 恶意软件的工具,支持 JScript/WScript 和 ActiveX 仿真功能
* [diStorm](http://www.ragestorm.net/distorm/) - 分析恶意 Shellcode 的反汇编器 * [diStorm](http://www.ragestorm.net/distorm/) - 分析恶意 Shellcode 的反汇编器
* [JS Beautifier](http://jsbeautifier.org/) - JavaScript 脱壳和去混淆 * [JS Beautifier](http://jsbeautifier.org/) - JavaScript 脱壳和去混淆
* [JS Deobfuscator ](http://www.kahusecurity.com/2015/new-javascript-deobfuscator-tool/) - 对那些使用 eval 或 document.write 的简单 Javascript 去混淆
* [libemu](http://libemu.carnivore.it/) - x86 shellcode 仿真的库和工具 * [libemu](http://libemu.carnivore.it/) - x86 shellcode 仿真的库和工具
* [malpdfobj](https://github.com/9b/malpdfobj) - 解构恶意 PDF 为 JSON 表示 * [malpdfobj](https://github.com/9b/malpdfobj) - 解构恶意 PDF 为 JSON 表示
* [OfficeMalScanner](http://www.reconstructer.org/code.html) - 扫描 MS Office 文档中的恶意跟踪 * [OfficeMalScanner](http://www.reconstructer.org/code.html) - 扫描 MS Office 文档中的恶意跟踪
@ -334,6 +338,7 @@
* [binnavi](https://github.com/google/binnavi) - 基于图形可视化的二进制分析 IDE * [binnavi](https://github.com/google/binnavi) - 基于图形可视化的二进制分析 IDE
* [Binary ninja](https://binary.ninja/) - 可替换 IDA 的逆向工程平台 * [Binary ninja](https://binary.ninja/) - 可替换 IDA 的逆向工程平台
* [Binwalk](http://binwalk.org/) - 固件分析工具 * [Binwalk](http://binwalk.org/) - 固件分析工具
* [BluePill](https://github.com/season-lab/bluepill) - 用于执行和调试逃避型恶意软件和受保护的可执行文件的框架
* [Capstone](https://github.com/aquynh/capstone) - 二进制分析反汇编框架,支持多种架构和许多语言 * [Capstone](https://github.com/aquynh/capstone) - 二进制分析反汇编框架,支持多种架构和许多语言
* [codebro](https://github.com/hugsy/codebro) - 使用 clang 提供基础代码分析的 Web 端代码浏览器 * [codebro](https://github.com/hugsy/codebro) - 使用 clang 提供基础代码分析的 Web 端代码浏览器
* [Cutter](https://github.com/radareorg/cutter) - Radare2 的 GUI * [Cutter](https://github.com/radareorg/cutter) - Radare2 的 GUI
@ -492,6 +497,7 @@
* [Malware Analysis Search](https://cse.google.com/cse/home?cx=011750002002865445766%3Apc60zx1rliu) - [Corey Harrell](journeyintoir.blogspot.com/) 自定义的用于恶意软件分析的 Google 搜索 * [Malware Analysis Search](https://cse.google.com/cse/home?cx=011750002002865445766%3Apc60zx1rliu) - [Corey Harrell](journeyintoir.blogspot.com/) 自定义的用于恶意软件分析的 Google 搜索
* [Malware Analysis Tutorials](http://fumalwareanalysis.blogspot.nl/p/malware-analysis-tutorials-reverse.html) - 由 Xiang Fu 博士提供的恶意软件分析教程,是一个学习恶意软件分析的重要资源 * [Malware Analysis Tutorials](http://fumalwareanalysis.blogspot.nl/p/malware-analysis-tutorials-reverse.html) - 由 Xiang Fu 博士提供的恶意软件分析教程,是一个学习恶意软件分析的重要资源
* [Malware analysis, threat intelligence and reverse engineering](https://www.slideshare.net/bartblaze/malware-analysis-threat-intelligence-and-reverse-engineering) - 不需要先验知识的恶意软件分析、威胁情报和逆向工程概念介绍 * [Malware analysis, threat intelligence and reverse engineering](https://www.slideshare.net/bartblaze/malware-analysis-threat-intelligence-and-reverse-engineering) - 不需要先验知识的恶意软件分析、威胁情报和逆向工程概念介绍
* [Malware Persistence](https://github.com/Karneades/malware-persistence) - 专注于恶意软件持久化的仓库,包括检测、响应与日志收集等
* [Malware Samples and Traffic](http://malware-traffic-analysis.net/) - 此博客重点介绍与恶意软件感染相关的网络流量 * [Malware Samples and Traffic](http://malware-traffic-analysis.net/) - 此博客重点介绍与恶意软件感染相关的网络流量
* [Malware Search+++](https://addons.mozilla.org/fr/firefox/addon/malware-search-plusplusplus/) - 搜索常用恶意软件数据库的 Firefox 浏览器插件 * [Malware Search+++](https://addons.mozilla.org/fr/firefox/addon/malware-search-plusplusplus/) - 搜索常用恶意软件数据库的 Firefox 浏览器插件
* [Practical Malware Analysis Starter Kit](https://bluesoul.me/practical-malware-analysis-starter-kit/) - 此软件包包含 Practical Malware Analysis 书中引用的大多数软件 * [Practical Malware Analysis Starter Kit](https://bluesoul.me/practical-malware-analysis-starter-kit/) - 此软件包包含 Practical Malware Analysis 书中引用的大多数软件