Skip to content

Latest commit

 

History

History
67 lines (58 loc) · 5.98 KB

README.md

File metadata and controls

67 lines (58 loc) · 5.98 KB

🌟 Notice 🌟

If you want something to be added to this list, create a pull request. I am always open to new things that can be added to this list.

Disclaimer

This repository is for research purposes only, the use of this code is your responsibility.

I'm not the author of any of the code or owner of any links available here.

This repository does not promote any hacking related activity. All the information in this repository is for educational purposes only.

Table Of Contents

Tools

Decompilers

  • JD-GUI - Decompile java programs to see their source code.
  • ILSpy - A free and open source .NET decompiler.
  • dotPeek - A free .NET decompiler by JetBrains.

Disassemblers

  • Binary Ninja - Binary Ninja is a feature rich, cross platform disassembler. (really good)
  • radare - Radare is an extremely powerful portable reversing framework.
  • Hex Ray's IDA Pro - An iconic and feature filled disassembler.
  • OllyDgb - OllyDbg is a 32-bit assembler level analysing debugger for Windows.
  • ghidra - NSA didn't want to pay for IDA so they made thier own version

Process Explorers

  • ProcMon - an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity.
  • ProcDot - A visual malware analysis tool that tracks behavior and visualizes it.
  • Process Explorer - Like task manager but much more informative.
  • Process Hacker - Another task manager on steroids, this one provides lots of real time information.

Networking

  • Malcom - Malware Communication Analyzer.
  • Wireshark - A packet sniffing tool to find out what data malware is sending and to where.
  • Fiddler - A free web debugging proxy for any browser, system or platform.

Automated Analysis Tools

  • Malice - VirusTotal, but 100 times more awesome.
  • VirusTotal - Quickly scan samples against multiple databases all at once.
  • Hybrid Analysis - Upload and analyze files for unknown threats.
  • Joe Sandbox - Similar to hybrid analyis, upload a sample and it will do automated analysis.

Resources

Other

  • DetectItEasy - Signature based packer identifier.
  • RegShot - Compare your registry before and after installing or running software.
  • OllyDumpEx - Olly plugin to dump process memory.
  • Scylla - Imports fixer.
  • Dependency Walker - Scans any 32-bit or 64-bit Windows module (exe, dll, ocx, sys, etc.) and builds a hierarchical tree diagram of all dependent modules.
  • binsnitch - Detect small (unwanted) changes to your file system.
  • API Monitor - Monitor and filter all API calls made by a process.
  • Cuckoo Sandbox - Run sandboxed malware and gather information on its behavior and activity.
  • Malware VM Checks - A large list of ways malware detects if it is being run in a vm.

Samples

NOTICE: Some of the links bellow contain active malware. This repository is for research purposes only, the use of this code is your responsibility. I take NO responsibility and/or liability for how you choose to use any of the source code available here. By using any of the files or links available in this repository, you understand that you are AGREEING TO USE AT YOUR OWN RISK. Once again, ALL files and links available here are for EDUCATION and/or RESEARCH purposes ONLY. Any actions and/or activities related to the material contained within this repository is solely your responsability. Misuse of the information in this repository can result in criminal charges being brought against the persons in question. I will not be held responsible in the event any criminal charges are brought against any individuals misuing the code, links, and or resources in this repository to break the law. This repository does not promote any hacking related activity. All the information in this repository is for educational purposes only.

Here is a course on malware analysis. I would recommend checking this out before you download any of the samples.

Here and here are repos containing malware and other software for you to LOOK at. Make sure you download them into a virtual machine and NEVER run them on a system that you don't own.

If you are specifically interested in exploit kits, I would look into this repo.

Finally, neriberto made a tool called Hazardous Garbage to quickly download malware samples to look at.