This page deals with the PE format, or more specifically, x86/x64 Windows (from XP to W7) binaries.
https://corkamiwiki.github.io/PE
https://corkamiwiki.github.io/PE
A VBA parser and emulation engine to analyze malicious macros.
https://github.com/decalage2/ViperMonkey
https://github.com/decalage2/ViperMonkey
GitHub
GitHub - decalage2/ViperMonkey: A VBA parser and emulation engine to analyze malicious macros.
A VBA parser and emulation engine to analyze malicious macros. - decalage2/ViperMonkey
Automatic Exploit Generation (AEG) and remote flag capture for exploitable CTF problems
https://github.com/ChrisTheCoolHut/Zeratool
https://github.com/ChrisTheCoolHut/Zeratool
GitHub
GitHub - ChrisTheCoolHut/Zeratool: Automatic Exploit Generation (AEG) and remote flag capture for exploitable CTF problems
Automatic Exploit Generation (AEG) and remote flag capture for exploitable CTF problems - ChrisTheCoolHut/Zeratool
FLARE VM - a fully customizable, Windows-based security distribution for malware analysis, incident response, penetration testing, etc.
https://github.com/fireeye/flare-vm
https://github.com/fireeye/flare-vm
GitHub
GitHub - mandiant/flare-vm: A collection of software installations noscripts for Windows systems that allows you to easily setup…
A collection of software installations noscripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM. - mandiant/flare-vm
“BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)” by Daniel A. Bloom
https://link.medium.com/ionnGU8g5Z
https://link.medium.com/ionnGU8g5Z
Medium
BOLO: Reverse Engineering — Part 1 (Basic Programming Concepts)
Throughout the reverse engineering learning process I have found myself wanting a straightforward guide for what to look for when browsing…
Online x86 / x64 Assembler and Disassembler
This tool takes x86 or x64 assembly instructions and converts them to their binary representation (machine code). It can also go the other way, taking a hexadecimal string of machine code and transforming it into a human-readable representation of the instructions. It uses GCC and objdump behind the scenes.
https://defuse.ca/online-x86-assembler.htm#disassembly
This tool takes x86 or x64 assembly instructions and converts them to their binary representation (machine code). It can also go the other way, taking a hexadecimal string of machine code and transforming it into a human-readable representation of the instructions. It uses GCC and objdump behind the scenes.
https://defuse.ca/online-x86-assembler.htm#disassembly
defuse.ca
Online x86 and x64 Intel Instruction Assembler
Easily find out which bytes your x86 ASM instructions assemble to.
How To: Extract Network Indicators of Compromise (IOCs) from Maldoc Macros
Part 1:
https://security-soup.net/extractnetworkindicators-part1/
Part2:
https://security-soup.net/how-to-extract-network-indicators-of-compromise-iocs-from-maldoc-macros-part-2/
Part3:
https://security-soup.net/how-to-extract-network-indicators-of-compromise-iocs-from-maldoc-macros-part-3/
Part 1:
https://security-soup.net/extractnetworkindicators-part1/
Part2:
https://security-soup.net/how-to-extract-network-indicators-of-compromise-iocs-from-maldoc-macros-part-2/
Part3:
https://security-soup.net/how-to-extract-network-indicators-of-compromise-iocs-from-maldoc-macros-part-3/