From 9cc74c9cba6680aac769cbab6379f0cb312e73b7 Mon Sep 17 00:00:00 2001 From: Pavel Dovgalyuk Date: Mon, 5 Jun 2017 11:44:42 +0300 Subject: [PATCH 1/9] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 04296d7..06015d5 100644 --- a/README.md +++ b/README.md @@ -506,6 +506,7 @@ the [browser malware](#browser-malware) section.* command-line tools that help manage and investigate live systems. * [Pyew](https://github.com/joxeankoret/pyew) - Python tool for malware analysis. +* [QKD](https://github.com/ispras/qemu/releases/tag/v2.7.50-windbg) - QEMU with embedded WinDbg server for stealth debugging * [Radare2](http://www.radare.org/r/) - Reverse engineering framework, with debugger support. * [RegShot](https://sourceforge.net/projects/regshot/) - Registry compare utility that compares snapshots. From f289a7dcab9609eac89f6f25fb6518bfd64383a1 Mon Sep 17 00:00:00 2001 From: can Date: Wed, 21 Jun 2017 16:03:43 +0300 Subject: [PATCH 2/9] add NormShield Services to Domain Analysis --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 04296d7..9aad480 100644 --- a/README.md +++ b/README.md @@ -313,6 +313,7 @@ A curated list of awesome malware analysis tools and resources. Inspired by hashes and scan reports. * [Multi rbl](http://multirbl.valli.org/) - Multiple DNS blacklist and forward confirmed reverse DNS lookup over more than 300 RBLs. +* [NormShield Services](https://services.normshield.com/) - Free API Services about possible phishing domains, blacklisted ip addresses, breached accounts. * [SenderBase](http://www.senderbase.org/) - Search for IP, domain or network owner. * [SpamCop](https://www.spamcop.net/bl.shtml) - IP based spam block list. From 8f9b1b3c17ca1f3b209c5184da9a9154b13f4c3d Mon Sep 17 00:00:00 2001 From: farisv Date: Mon, 17 Jul 2017 16:20:44 +0700 Subject: [PATCH 3/9] Fix markdown for Process Hacker link --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 04296d7..2c08db0 100644 --- a/README.md +++ b/README.md @@ -499,7 +499,7 @@ the [browser malware](#browser-malware) section.* files in more detail. * [Process Explorer](https://technet.microsoft.com/en-us/sysinternals/processexplorer.aspx) - Advanced task manager for Windows. -* [Process Hacker] (http://processhacker.sourceforge.net/) - Tool that monitors system resources +* [Process Hacker](http://processhacker.sourceforge.net/) - Tool that monitors system resources * [Process Monitor](https://technet.microsoft.com/en-us/sysinternals/bb896645.aspx) - Advanced monitoring tool for Windows programs. * [PSTools](https://technet.microsoft.com/en-us/sysinternals/pstools.aspx) - Windows From 322d9b5ecb36b04a35a043b5bb0b5a0b748fa6c3 Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Wed, 26 Jul 2017 08:03:58 +0200 Subject: [PATCH 4/9] Add BinaryAlert --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 04296d7..95f3151 100644 --- a/README.md +++ b/README.md @@ -193,6 +193,9 @@ A curated list of awesome malware analysis tools and resources. Inspired by * [AnalyzePE](https://github.com/hiddenillusion/AnalyzePE) - Wrapper for a variety of tools for reporting on Windows PE files. +* [BinaryAlert](https://github.com/airbnb/binaryalert) - An open source, serverless +AWS pipeline that scans and alerts on uploaded files based on a set of +YARA rules. * [chkrootkit](http://www.chkrootkit.org/) - Local Linux rootkit detection. * [ClamAV](http://www.clamav.net/) - Open source antivirus engine. * [Detect-It-Easy](https://github.com/horsicq/Detect-It-Easy) - A program for From c8d19ad9920166227aa5a2492c9a10005f43104d Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Wed, 26 Jul 2017 08:05:44 +0200 Subject: [PATCH 5/9] Fix entry for QKD --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 06015d5..4804aef 100644 --- a/README.md +++ b/README.md @@ -506,7 +506,7 @@ the [browser malware](#browser-malware) section.* command-line tools that help manage and investigate live systems. * [Pyew](https://github.com/joxeankoret/pyew) - Python tool for malware analysis. -* [QKD](https://github.com/ispras/qemu/releases/tag/v2.7.50-windbg) - QEMU with embedded WinDbg server for stealth debugging +* [QKD](https://github.com/ispras/qemu/releases/) - QEMU with embedded WinDbg server for stealth debugging. * [Radare2](http://www.radare.org/r/) - Reverse engineering framework, with debugger support. * [RegShot](https://sourceforge.net/projects/regshot/) - Registry compare utility that compares snapshots. From 753a3809b548464b92ecfba292471d0834fd39b8 Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Wed, 26 Jul 2017 08:08:12 +0200 Subject: [PATCH 6/9] Fix NormShield entry --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 9aad480..d1c1904 100644 --- a/README.md +++ b/README.md @@ -313,7 +313,9 @@ A curated list of awesome malware analysis tools and resources. Inspired by hashes and scan reports. * [Multi rbl](http://multirbl.valli.org/) - Multiple DNS blacklist and forward confirmed reverse DNS lookup over more than 300 RBLs. -* [NormShield Services](https://services.normshield.com/) - Free API Services about possible phishing domains, blacklisted ip addresses, breached accounts. +* [NormShield Services](https://services.normshield.com/) - Free API Services +for detecting possible phishing domains, blacklisted ip addresses and breached +accounts. * [SenderBase](http://www.senderbase.org/) - Search for IP, domain or network owner. * [SpamCop](https://www.spamcop.net/bl.shtml) - IP based spam block list. From 78eac7f1749b58fcd51c8459f6820a22777a2ea0 Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Wed, 26 Jul 2017 08:08:59 +0200 Subject: [PATCH 7/9] Fix entry --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index d1c1904..3ae5f33 100644 --- a/README.md +++ b/README.md @@ -314,8 +314,8 @@ A curated list of awesome malware analysis tools and resources. Inspired by * [Multi rbl](http://multirbl.valli.org/) - Multiple DNS blacklist and forward confirmed reverse DNS lookup over more than 300 RBLs. * [NormShield Services](https://services.normshield.com/) - Free API Services -for detecting possible phishing domains, blacklisted ip addresses and breached -accounts. + for detecting possible phishing domains, blacklisted ip addresses and breached + accounts. * [SenderBase](http://www.senderbase.org/) - Search for IP, domain or network owner. * [SpamCop](https://www.spamcop.net/bl.shtml) - IP based spam block list. From 3b97d665cd731ee39656cceed35dbb8a7955641a Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Wed, 26 Jul 2017 08:10:13 +0200 Subject: [PATCH 8/9] Fix missing dot. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2c08db0..3e6a06c 100644 --- a/README.md +++ b/README.md @@ -499,7 +499,7 @@ the [browser malware](#browser-malware) section.* files in more detail. * [Process Explorer](https://technet.microsoft.com/en-us/sysinternals/processexplorer.aspx) - Advanced task manager for Windows. -* [Process Hacker](http://processhacker.sourceforge.net/) - Tool that monitors system resources +* [Process Hacker](http://processhacker.sourceforge.net/) - Tool that monitors system resources. * [Process Monitor](https://technet.microsoft.com/en-us/sysinternals/bb896645.aspx) - Advanced monitoring tool for Windows programs. * [PSTools](https://technet.microsoft.com/en-us/sysinternals/pstools.aspx) - Windows From bcbcc0dd23ecb130934ea191458ae4c6df485a43 Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Fri, 28 Jul 2017 11:49:22 +0200 Subject: [PATCH 9/9] Add FLARE VM --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 64b4c30..23998b5 100644 --- a/README.md +++ b/README.md @@ -649,6 +649,8 @@ the [browser malware](#browser-malware) section.* corpus of malware. * [DC3-MWCP](https://github.com/Defense-Cyber-Crime-Center/DC3-MWCP) - The Defense Cyber Crime Center's Malware Configuration Parser framework. +* [FLARE VM](https://github.com/fireeye/flare-vm) - A fully customizable, + Windows-based, security distribution for malware analysis. * [MalSploitBase](https://github.com/misterch0c/malSploitBase) - A database containing exploits used by malware. * [Malware Museum](https://archive.org/details/malwaremuseum) - Collection of