MalConfScan
a Volatility plugin extracts configuration data of known malware. Volatility is an open-source memory forensics framework for incident response and malware analysis. This tool searches for malware in memory images and dumps configuration data. In addition, this tool has a function to list strings to which malicious code refers.
https://github.com/JPCERTCC/MalConfScan
a Volatility plugin extracts configuration data of known malware. Volatility is an open-source memory forensics framework for incident response and malware analysis. This tool searches for malware in memory images and dumps configuration data. In addition, this tool has a function to list strings to which malicious code refers.
https://github.com/JPCERTCC/MalConfScan
GitHub
GitHub - JPCERTCC/MalConfScan: Volatility plugin for extracts configuration data of known malware
Volatility plugin for extracts configuration data of known malware - JPCERTCC/MalConfScan
Course materials for Advanced Binary Deobfuscation by NTT Secure Platform Laboratories
https://github.com/malrev/ABD
https://github.com/malrev/ABD
GitHub
GitHub - malrev/ABD: Course materials for Advanced Binary Deobfuscation by NTT Secure Platform Laboratories
Course materials for Advanced Binary Deobfuscation by NTT Secure Platform Laboratories - malrev/ABD
Digging Up the Past: Windows Registry Forensics Revisited
https://www.fireeye.com/blog/threat-research/2019/01/digging-up-the-past-windows-registry-forensics-revisited.html
https://www.fireeye.com/blog/threat-research/2019/01/digging-up-the-past-windows-registry-forensics-revisited.html
Google Cloud Blog
Digging Up the Past: Windows Registry Forensics Revisited | Mandiant | Google Cloud Blog
Pe-sieve
Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
https://github.com/hasherezade/pe-sieve
Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
https://github.com/hasherezade/pe-sieve
GitHub
GitHub - hasherezade/pe-sieve: Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected…
Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches). - hasherezade/pe-sieve
Which YARA Rules Rule: Basic
or Advanced?
https://www.sans.org/reading-room/whitepapers/tools/yara-rules-rule-basic-advanced-38560
or Advanced?
https://www.sans.org/reading-room/whitepapers/tools/yara-rules-rule-basic-advanced-38560
Ghidra 9.2 has been released!
This version has improvements to analysis, the user interface, new open source based graphing, decompiler quality enhancements, and more!
https://ghidra-sre.org/
This version has improvements to analysis, the user interface, new open source based graphing, decompiler quality enhancements, and more!
https://ghidra-sre.org/