恶意样本分析入门与实战

前言

今天给大家再分享一些恶意软件分析入门与实战的一些学习资料，大家在家呆着没事，可以多多学习，不要浪费青春，多做一些有意义的事，一起努力，相信明天一定会更好，未来一定会更好！

很多新人常常问笔者，怎么入门恶意软件分析，需要看什么书籍，之前笔者整理过，可以按照下面的顺序进行学习

如果没有汇编基础的，可以从上到下进行学习，如果有基础的，可以根据自身的需求，选择性进行学习

恶意软件分析工具

Windows平台恶意样本分析工具

https://malwareanalysis.co/resources/tools/windows/

Mac平台恶意样本分析工具

https://malwareanalysis.co/resources/tools/macos/

Linux平台恶意样本分析工具

https://malwareanalysis.co/resources/tools/linux/

Android平台恶意样本分析工具

https://malwareanalysis.co/resources/tools/android/

在线分析沙箱

Hybrid Analysis

https://malwareanalysis.co/resources/tools/android/

SNDBOX

https://app.sndbox.com/

Intezer

https://analyze.intezer.com/

App AnyRun

https://app.any.run/

anlyz.io

https://sandbox.anlyz.io/dashboard

YOMI

https://yomi.yoroi.company/

AmnpardazSandbox

http://jevereg.amnpardaz.com/

iobit

http://cloud.iobit.com/

CAPE

https://cape.contextis.com/

AVCaesar

https://avcaesar.malware.lu/

Noriben

https://github.com/Rurik/Noriben

AVC(APK分析沙箱)

https://undroid.av-comparatives.org/

威胁情报源

ThreatConnect

https://app.threatconnect.com/

IBM Xforce

https://exchange.xforce.ibmcloud.com/

RiskIQ

https://community.riskiq.com/

BlueLivCommunity

https://community.blueliv.com/#!/discover

pulsedive

https://pulsedive.com/

AbuseIPDB

https://www.abuseipdb.com/

IntelStack

https://intelstack.com/

AlienVaultOTX

https://otx.alienvault.com/

MISP

https://www.misp-project.org/

OpenCTI

https://github.com/OpenCTI-Platform/opencti

MalDatabase

https://maldatabase.com/

Threatfeeds

https://threatfeeds.io/

ThreatPipes

https://www.threatpipes.com/

Shodan

https://www.shodan.io/

Censys

https://censys.io/

一些有用的Cheat Sheets表

Hunting Process Injection by Windows API Calls

https://malwareanalysis.co/wp-content/uploads/2019/11/Hunting-Process-Injection-by-Windows-API-Calls.pdf

List of FileSignatures

https://en.wikipedia.org/wiki/List_of_file_signatures

APT Groupsand Operations

https://docs.google.com/spreadsheets/d/1H9_xaxQHpWaa4O_Son4Gx0YOIzlcBWMsdvePFX68EKU/pubhtml#

RansomwareOverview

https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml

APTnotes

https://github.com/kbandla/APTnotes

PDF Tricks

https://github.com/corkami/docs/blob/master/PDF/PDF.md

PE101

https://github.com/corkami/pics/blob/master/binary/pe101/pe101.pdf

WindowsForensics Analysis

https://www.sans.org/security-resources/posters/windows-forensic-analysis/170/download

WindowsArtifact Analysis

https://blogs.sans.org/computer-forensics/files/2012/06/SANS-Digital-Forensics-and-Incident-Response-Poster-2012.pdf

NetworkForensics and Analysis Poster

https://www.dfir.training/resources/downloads/cheatsheets-infographics/239-network-forensics-sans/file

CommonPorts

https://packetlife.net/media/library/23/common-ports.pdf

IDA ProShortcuts

https://www.hex-rays.com/products/ida/support/freefiles/IDA_Pro_Shortcuts.pdf

MalwareAnalysis Cheat Sheet

https://digital-forensics.sans.org/media/malware-analysis-cheat-sheet.pdf

AnalyzingMalicious Documents

https://zeltser.com/media/docs/analyzing-malicious-document-files.pdf

Tips forReverse Engineering Malicious Code

https://zeltser.com/media/docs/reverse-engineering-malicious-code-tips.pdf

ARMAssembly

https://azeria-labs.com/assembly-basics-cheatsheet/

Dalvikopcodes

http://pallergabor.uw.hu/androidblog/dalvik_opcodes.html

恶意样本分析书籍

Practical Malware Analysis

https://malwareanalysis.co/wp-content/uploads/2019/09/Practical_Malware_Analysis.pdf

The IDAPro Book-2nd Edition

https://malwareanalysis.co/wp-content/uploads/2019/09/The-IDA-Pro-Book-2nd-Edition-2011.pdf

The Art ofMemory Forensics

https://malwareanalysis.co/wp-content/uploads/2019/09/The-Art-of-Memory-Forensics.pdf

MalwareAnalyst Cookbook

https://malwareanalysis.co/wp-content/uploads/2019/09/Malware-Analysts-Cookbook.pdf

PracticalReverse Engineering

https://malwareanalysis.co/wp-content/uploads/2019/09/Practical-Reverse-Engineering.pdf

Rootkitsand Bootkits

https://www.amazon.com/Rootkits-Bootkits-Reversing-Malware-Generation/dp/1593277164/

Art ofComputer Virus Research and Defense

https://www.amazon.com/The-Computer-Virus-Research-Defense/dp/0321304543

Reversing:Secrets of Reverse Engineering

https://www.amazon.com/Reversing-Secrets-Engineering-Eldad-Eilam/dp/0764574817

LearningMalware Analysis: Explore the concepts, tools, and techniques to analyze andinvestigate Windows malware

https://www.amazon.com/Learning-Malware-Analysis-techniques-investigate/dp/1788392507

MasteringMalware Analysis

https://www.amazon.com/Mastering-Malware-Analysis-combating-cybercrime/dp/1789610788

MalwareData Science

https://www.amazon.com/Malware-Data-Science-Detection-Attribution/dp/1593278594

PracticalBinary Analysis

https://www.amazon.com/Practical-Binary-Analysis-Instrumentation-Disassembly/dp/1593279124

WindowsInternals 7th Edition

https://www.amazon.com/Windows-Internals-Part-architecture-management/dp/0735684189/

https://www.amazon.com/Windows-Internals-Part-2-7th/dp/0135462401

PracticalPacket Analysis 3rd Edition

https://malwareanalysis.co/wp-content/uploads/2019/10/Practical-Packet-Analysis-Using-Wireshark-to-Solve-Real-World-Problems.pdf

AndroidMalware and Analysis

https://malwareanalysis.co/wp-content/uploads/2019/12/Android_Malware_and_Analysis.pdf

AndroidSecurity Internals

https://malwareanalysis.co/wp-content/uploads/2019/12/Android_Security_Internals.pdf

恶意样本培训课程

Intro to Malware Analysis and Reverse Engineering

https://www.cybrary.it/course/malware-analysis/

FOR610:Reverse-Engineering Malware: Malware Analysis Tools and Techniques

https://www.sans.org/course/reverse-engineering-malware-malware-analysis-tools-techniques

MalwareAnalysis Master Course

https://www.fireeye.com/services/training/courses/malware-analysis-master-course.html

CertifiedMalware Reverse Engineer

https://www.crest-approved.org/examination/malware-reverse-engineer/index.html

ARES(Advanced Reverse Engineering of Software)

https://www.elearnsecurity.com/course/advanced_reverse_engineering_of_software/

RPISEC

https://github.com/RPISEC/Malware

MalwareDynamic Analysis / Reverse Engineering Malware

http://opensecuritytraining.info/MalwareDynamicAnalysis.html

http://opensecuritytraining.info/ReverseEngineeringMalware.html

PracticalMalware Analysis Labs

https://github.com/mikesiko/PracticalMalwareAnalysis-Labs

Zero 2Hero

https://www.sentinelone.com/lp/zero2hero/

论坛

KernelMode

https://www.kernelmode.info/forum/

Reddit

https://www.reddit.com/r/ReverseEngineering/

HackForums

https://hackforums.net/

oxooSec

https://0x00sec.org/ 

博客

MalwareTech

https://www.malwaretech.com/

MalwareTraffic Analysis

https://www.malware-traffic-analysis.net/

LennyZeltser Blog

https://zeltser.com/blog/

hasherezade’s 1001 nights

https://hshrzd.wordpress.com/

FireEyeBlog

https://www.fireeye.com/blog.html

VirusBayBlog

https://www.blog.virusbay.io/

CyberBitBlog

https://www.cyberbit.com/blog/

CybereasonBlog

https://www.cybereason.com/blog

MalwareMust Die

https://blog.malwaremustdie.org/

Unit42Palo Alto

https://unit42.paloaltonetworks.com/

EnsiloBreaking Malware

https://blog.ensilo.com/topic/ensilo-breaking-malware

LukasStefanko Blog

https://lukasstefanko.com/

GhettoForensics

http://www.ghettoforensics.com/

Modexp

https://modexp.wordpress.com/

Hexacorn

http://www.hexacorn.com/blog/

Fumik0_’s box

https://fumik0.com/