Table of Contents
- Malware Detonation sandboxes
- Malware Samples
- Automated malware unpacking
- Malware Techniques examples
- Malware Analysis Platforms
- Reverse Engineering Disassemblers
- Other Tools
Malware Detonation sandboxes
The following are a few malware detonation sandboxes I have used and have been valuable:
The following are some locations where you can grab samples of malware for analysis.
General Live Malware
|MacOS Malware Encyclopedia||https://macos.checkpoint.com/|
Network Packet Samples
Lists of malicious URLs hosting malware
Automated malware unpacking
Malware Techniques examples
A few GitHub repos that I found of which have examples of anti-analysis techniques (Anti-Debug, Anti-VM, Anti-Analysis, etc). These can be useful to compile and see what it looks like in the disassembler when you run into them. This also can help in seeing what types of techniques may be found in malware attempting to make reverse engineering more difficult for the analyst.
|Ultimate Anti-Reversing Reference||The_Ultimate_Anti-Reversing_Reference.pdf|
Malware Analysis Platforms
These are images, VM’s, or scripts to build out a VM that is suitable to reverse engineer or otherwise deal with analyzing malware. Granted, you can build your own (I did for a long time) but being able to automate the creation of an environment in minimal time has proven to be more valuable.
Reverse Engineering Disassemblers
While there are tons of disassemblers and decompilers out there, the following list seems to the standard ones that come up in conversation over and over that you should be aware of.
|Hex Rays IDA Pro||https://www.hex-rays.com/products/ida/|
There are several tools and frameworks that can help emulate the CPU and crawl a binary in an attempt to capture what the instructions are trying to do, what API calls it is making, etc. They can be hit and miss and often give you a partial view of what is happening. The information you can get, however, may be critical and substantial.
Additional tools that add or augment analysis.