PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Reverse engineering or Malware analysis.

From: Michael Yemane <miketyhs () gmail com>
Date: Thu, 25 Apr 2013 16:53:26 -0400
+1 to ' Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code' and 'Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software' 

Some good blogs/sites to help you get started:

SecurityTube
http://reddit.com/r/ReverseEngineering
http://blog.zeltser.com/
https://www.corelan.be/
http://0xdabbad00.com/
http://contagiodump.blogspot.com/
http://forum.tuts4you.com/
https://www.mandiant.com/blog/

Tools you'll need:

-Vmware or VirtualBox

For Static analysis
HashCalc, TrID-File Identifier, PEview, PEID, BinText, Dependency Walker, Heap Inspector, Unix Strings, IDA, OllyDBG, 

For Dynamic analysis
RegShot, InCtrl5, RegMon, ProcMon, FileMon, NetCat, BinText, LordPE, Wireshark, FakeDNS, FakeNet, Multipot, APIMonitor, SysAnalyzer, MCaptureBAT, Memoryze, HBGary Fast Dump, Volatility 

Automated Malware Analysis
Cuckoo Sandbox (if you still have the energy and want to impress your colleagues and upper mgmt, integrate it with Maltego via CuckooForCanari) 


Good luck,
Mike Y
P.S. I know some of the tools are a little dated, I just copied/pasted from a doc I put together a while back. 


On 4/25/13 6:43 AM, Jason Long wrote:

Hello Folks.
Can you offer me some information about Malware analysis? How can I do it? Can you show me a book in this field? 

Cheers.



_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com



_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
Previous By Date Next
Previous By Thread Next

Current thread: