Digging Up the Past: Windows Registry Forensics Revisited
https://www.fireeye.com/blog/threat-research/2019/01/digging-up-the-past-windows-registry-forensics-revisited.html
https://www.fireeye.com/blog/threat-research/2019/01/digging-up-the-past-windows-registry-forensics-revisited.html
Google Cloud Blog
Digging Up the Past: Windows Registry Forensics Revisited | Mandiant | Google Cloud Blog
Pe-sieve
Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
https://github.com/hasherezade/pe-sieve
Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
https://github.com/hasherezade/pe-sieve
GitHub
GitHub - hasherezade/pe-sieve: Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected…
Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches). - hasherezade/pe-sieve
Which YARA Rules Rule: Basic
or Advanced?
https://www.sans.org/reading-room/whitepapers/tools/yara-rules-rule-basic-advanced-38560
or Advanced?
https://www.sans.org/reading-room/whitepapers/tools/yara-rules-rule-basic-advanced-38560
Ghidra 9.2 has been released!
This version has improvements to analysis, the user interface, new open source based graphing, decompiler quality enhancements, and more!
https://ghidra-sre.org/
This version has improvements to analysis, the user interface, new open source based graphing, decompiler quality enhancements, and more!
https://ghidra-sre.org/
Reverse Engineering with Ghidra | HackadayU
https://www.youtube.com/playlist?list=PL_tws4AXg7auglkFo6ZRoWGXnWL0FHAEi
https://www.youtube.com/playlist?list=PL_tws4AXg7auglkFo6ZRoWGXnWL0FHAEi
Malware Capabilities
Starting with version 4.1, MAEC offers a standard way of capturing the set of high-level abilities that a malware instance possesses, which we term Capabilities. For instance, to state that a malware instance is capable of exfiltrating data, one may simply specify a single MAEC "Data Exfiltration" Capability. We have defined an initial set of Capabilities for the MAEC v4.1 release, which is captured in detail in the hierarchy below.
https://github.com/MAECProject/schemas/wiki/Malware-Capabilities
Starting with version 4.1, MAEC offers a standard way of capturing the set of high-level abilities that a malware instance possesses, which we term Capabilities. For instance, to state that a malware instance is capable of exfiltrating data, one may simply specify a single MAEC "Data Exfiltration" Capability. We have defined an initial set of Capabilities for the MAEC v4.1 release, which is captured in detail in the hierarchy below.
https://github.com/MAECProject/schemas/wiki/Malware-Capabilities
GitHub
Malware Capabilities
MAEC Schemas and Schema Development. Contribute to MAECProject/schemas development by creating an account on GitHub.
Malware Behavior Catalog v2.0
The Malware Behavior Catalog (MBC) is a catalog of malware objectives and behaviors, created to support malware analysis-oriented use cases, such as labeling, similarity analysis, and standardized reporting.
https://github.com/MBCProject/mbc-markdown
The Malware Behavior Catalog (MBC) is a catalog of malware objectives and behaviors, created to support malware analysis-oriented use cases, such as labeling, similarity analysis, and standardized reporting.
https://github.com/MBCProject/mbc-markdown
GitHub
GitHub - MBCProject/mbc-markdown: MBC content in markdown
MBC content in markdown. Contribute to MBCProject/mbc-markdown development by creating an account on GitHub.
Collection of malware source code for a variety of platforms in an array of different programming languages.
https://github.com/vxunderground/MalwareSourceCode
https://github.com/vxunderground/MalwareSourceCode
GitHub
GitHub - vxunderground/MalwareSourceCode: Collection of malware source code for a variety of platforms in an array of different…
Collection of malware source code for a variety of platforms in an array of different programming languages. - vxunderground/MalwareSourceCode