MalConfScan
a Volatility plugin extracts configuration data of known malware. Volatility is an open-source memory forensics framework for incident response and malware analysis. This tool searches for malware in memory images and dumps configuration data. In addition, this tool has a function to list strings to which malicious code refers.
https://github.com/JPCERTCC/MalConfScan
a Volatility plugin extracts configuration data of known malware. Volatility is an open-source memory forensics framework for incident response and malware analysis. This tool searches for malware in memory images and dumps configuration data. In addition, this tool has a function to list strings to which malicious code refers.
https://github.com/JPCERTCC/MalConfScan
GitHub
GitHub - JPCERTCC/MalConfScan: Volatility plugin for extracts configuration data of known malware
Volatility plugin for extracts configuration data of known malware - JPCERTCC/MalConfScan
Course materials for Advanced Binary Deobfuscation by NTT Secure Platform Laboratories
https://github.com/malrev/ABD
https://github.com/malrev/ABD
GitHub
GitHub - malrev/ABD: Course materials for Advanced Binary Deobfuscation by NTT Secure Platform Laboratories
Course materials for Advanced Binary Deobfuscation by NTT Secure Platform Laboratories - malrev/ABD
Digging Up the Past: Windows Registry Forensics Revisited
https://www.fireeye.com/blog/threat-research/2019/01/digging-up-the-past-windows-registry-forensics-revisited.html
https://www.fireeye.com/blog/threat-research/2019/01/digging-up-the-past-windows-registry-forensics-revisited.html
Google Cloud Blog
Digging Up the Past: Windows Registry Forensics Revisited | Mandiant | Google Cloud Blog
Pe-sieve
Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
https://github.com/hasherezade/pe-sieve
Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
https://github.com/hasherezade/pe-sieve
GitHub
GitHub - hasherezade/pe-sieve: Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected…
Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches). - hasherezade/pe-sieve
Which YARA Rules Rule: Basic
or Advanced?
https://www.sans.org/reading-room/whitepapers/tools/yara-rules-rule-basic-advanced-38560
or Advanced?
https://www.sans.org/reading-room/whitepapers/tools/yara-rules-rule-basic-advanced-38560
Ghidra 9.2 has been released!
This version has improvements to analysis, the user interface, new open source based graphing, decompiler quality enhancements, and more!
https://ghidra-sre.org/
This version has improvements to analysis, the user interface, new open source based graphing, decompiler quality enhancements, and more!
https://ghidra-sre.org/
Reverse Engineering with Ghidra | HackadayU
https://www.youtube.com/playlist?list=PL_tws4AXg7auglkFo6ZRoWGXnWL0FHAEi
https://www.youtube.com/playlist?list=PL_tws4AXg7auglkFo6ZRoWGXnWL0FHAEi
Malware Capabilities
Starting with version 4.1, MAEC offers a standard way of capturing the set of high-level abilities that a malware instance possesses, which we term Capabilities. For instance, to state that a malware instance is capable of exfiltrating data, one may simply specify a single MAEC "Data Exfiltration" Capability. We have defined an initial set of Capabilities for the MAEC v4.1 release, which is captured in detail in the hierarchy below.
https://github.com/MAECProject/schemas/wiki/Malware-Capabilities
Starting with version 4.1, MAEC offers a standard way of capturing the set of high-level abilities that a malware instance possesses, which we term Capabilities. For instance, to state that a malware instance is capable of exfiltrating data, one may simply specify a single MAEC "Data Exfiltration" Capability. We have defined an initial set of Capabilities for the MAEC v4.1 release, which is captured in detail in the hierarchy below.
https://github.com/MAECProject/schemas/wiki/Malware-Capabilities
GitHub
Malware Capabilities
MAEC Schemas and Schema Development. Contribute to MAECProject/schemas development by creating an account on GitHub.
Malware Behavior Catalog v2.0
The Malware Behavior Catalog (MBC) is a catalog of malware objectives and behaviors, created to support malware analysis-oriented use cases, such as labeling, similarity analysis, and standardized reporting.
https://github.com/MBCProject/mbc-markdown
The Malware Behavior Catalog (MBC) is a catalog of malware objectives and behaviors, created to support malware analysis-oriented use cases, such as labeling, similarity analysis, and standardized reporting.
https://github.com/MBCProject/mbc-markdown
GitHub
GitHub - MBCProject/mbc-markdown: MBC content in markdown
MBC content in markdown. Contribute to MBCProject/mbc-markdown development by creating an account on GitHub.