Malware Analysis / Reverse Engineering
by do son · Published December 13, 2017 · Last modified November 4, 2024
PowerShellArsenal is a PowerShell module used to aid a reverse engineer. The module can be used to disassemble managed and unmanaged code, perform .NET malware analysis, analyze/scrape memory, parse file...
FindYara Use this IDA python plugin to scan your binary with Yara rules. All the Yara rule matches will be listed with their offset so you can quickly hop to...
pdfxpose – A security tool for detecting suspicious PDF modifications commonly found in BEC. While investigating Business Email Compromise (BEC), suspicious indicators were discovered in a majority of the PDFs...
AVSignSeek Tool is written in python3 to determine where the AV signature is located in a binary/payload Usage Zip (with a password) your binary/payload caught by an AV so it...
yarAnalyzer creates statistics on a yara rule set and files in a sample directory. Place some signatures with .yar extension in the “signatures” folder and then run yarAnalyzer on a...
Linux Process Hunter I wrote prochunter around 2002, after the SuckIT rootkit release by sd [4], I just spent few hours to make it runnable on modern kernels (tested on...
Malware Analysis / Reverse Engineering
by do son · Published October 30, 2017 · Last modified November 4, 2024
Table of Contents Introduction The Basics Getting Information Modes of Operation Navigation Visual Navigation Debugging Visual Debugging Editing Visual Graphs Project Management Configuration Tutorials Simple Patch Memory Manipulation ESIL Simple...
Wolves Among the Sheep Some security tools still stick to MD5 when identifying malware samples years after practical collisions were shown against the algorithm. This can be exploited by first showing these...
Malware Analysis Tools: A list of tools to work with malware, static and dynamic analysis tools Get it here
FAME is a recursive acronym meaning “FAME Automates Malware Evaluation”. It is meant to facilitate analysis of malicious files, leveraging as much knowledge as possible in order to speed up...
Support Securityonline.info site. Thanks!
