【福利分享】恶意软件分析入门与实战资源
点击蓝字关注我们
天道有轮回,苍天饶过谁,历史总是惊人的相似,善有善报,恶有恶报,有些事,人在做,天在看,就不多说了, 2020年注定是不平凡的一年,各位加油,平安过年,好好学习,天天向上,积极乐观,相信这一切都会过去,这一生但行好事,莫问前程,人生的最佳选择,是追随自己的心意,做点自己喜欢的事,按照自己喜欢的方式过一生!
笔者在过年之前就已经决定,今年过年哪里不去,就在家好好呆着,学习,看书,思考!最近也开始面试一些候选人,希望能找几个志同道合的人,明年一起努力,有兴趣的朋友,可以跟我联系,找一个懂你的团队,跟一个懂你的老板,很重要,因为他知道你的价值,愿意给你更多的回报,我不敢保证所有人都懂你,但只要是跟我的人,我一定懂你,咱们要做的就是做最专业的恶意软件研究员!
今天给大家再分享一些恶意软件分析入门与实战的一些学习资料,大家在家呆着没事,可以多多学习,不要浪费青春,多做一些有意义的事,一起努力,相信明天一定会更好,未来一定会更好!
很多新人常常问笔者,怎么入门恶意软件分析,需要看什么书籍,之前笔者整理过,可以按照下面的顺序进行学习
如果没有汇编基础的,可以从上到下进行学习,如果有基础的,可以根据自身的需求,选择性进行学习
恶意软件分析工具
Windows平台恶意样本分析工具
https://malwareanalysis.co/resources/tools/windows/
Mac平台恶意样本分析工具
https://malwareanalysis.co/resources/tools/macos/
Linux平台恶意样本分析工具
https://malwareanalysis.co/resources/tools/linux/
Android平台恶意样本分析工具
https://malwareanalysis.co/resources/tools/android/
在线分析沙箱
Hybrid Analysis
https://malwareanalysis.co/resources/tools/android/
SNDBOX
https://app.sndbox.com/
Intezer
https://analyze.intezer.com/
App AnyRun
https://app.any.run/
anlyz.io
https://sandbox.anlyz.io/dashboard
YOMI
https://yomi.yoroi.company/
AmnpardazSandbox
http://jevereg.amnpardaz.com/
iobit
http://cloud.iobit.com/
CAPE
https://cape.contextis.com/
AVCaesar
https://avcaesar.malware.lu/
Noriben
https://github.com/Rurik/Noriben
AVC(APK分析沙箱)
https://undroid.av-comparatives.org/
威胁情报源
ThreatConnect
https://app.threatconnect.com/
IBM Xforce
https://exchange.xforce.ibmcloud.com/
RiskIQ
https://community.riskiq.com/
BlueLivCommunity
https://community.blueliv.com/#!/discover
pulsedive
https://pulsedive.com/
AbuseIPDB
https://www.abuseipdb.com/
IntelStack
https://intelstack.com/
AlienVaultOTX
https://otx.alienvault.com/
MISP
https://www.misp-project.org/
OpenCTI
https://github.com/OpenCTI-Platform/opencti
MalDatabase
https://maldatabase.com/
Threatfeeds
https://threatfeeds.io/
ThreatPipes
https://www.threatpipes.com/
Shodan
https://www.shodan.io/
Censys
https://censys.io/
一些有用的Cheat Sheets表
Hunting Process Injection by Windows API Calls
https://malwareanalysis.co/wp-content/uploads/2019/11/Hunting-Process-Injection-by-Windows-API-Calls.pdf
List of FileSignatures
https://en.wikipedia.org/wiki/List_of_file_signatures
APT Groupsand Operations
https://docs.google.com/spreadsheets/d/1H9_xaxQHpWaa4O_Son4Gx0YOIzlcBWMsdvePFX68EKU/pubhtml#
RansomwareOverview
https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml
APTnotes
https://github.com/kbandla/APTnotes
PDF Tricks
https://github.com/corkami/docs/blob/master/PDF/PDF.md
PE101
https://github.com/corkami/pics/blob/master/binary/pe101/pe101.pdf
WindowsForensics Analysis
https://www.sans.org/security-resources/posters/windows-forensic-analysis/170/download
WindowsArtifact Analysis
https://blogs.sans.org/computer-forensics/files/2012/06/SANS-Digital-Forensics-and-Incident-Response-Poster-2012.pdf
NetworkForensics and Analysis Poster
https://www.dfir.training/resources/downloads/cheatsheets-infographics/239-network-forensics-sans/file
CommonPorts
https://packetlife.net/media/library/23/common-ports.pdf
IDA ProShortcuts
https://www.hex-rays.com/products/ida/support/freefiles/IDA_Pro_Shortcuts.pdf
MalwareAnalysis Cheat Sheet
https://digital-forensics.sans.org/media/malware-analysis-cheat-sheet.pdf
AnalyzingMalicious Documents
https://zeltser.com/media/docs/analyzing-malicious-document-files.pdf
Tips forReverse Engineering Malicious Code
https://zeltser.com/media/docs/reverse-engineering-malicious-code-tips.pdf
ARMAssembly
https://azeria-labs.com/assembly-basics-cheatsheet/
Dalvikopcodes
http://pallergabor.uw.hu/androidblog/dalvik_opcodes.html
恶意样本分析书籍
Practical Malware Analysis
https://malwareanalysis.co/wp-content/uploads/2019/09/Practical_Malware_Analysis.pdf
The IDAPro Book-2nd Edition
https://malwareanalysis.co/wp-content/uploads/2019/09/The-IDA-Pro-Book-2nd-Edition-2011.pdf
The Art ofMemory Forensics
https://malwareanalysis.co/wp-content/uploads/2019/09/The-Art-of-Memory-Forensics.pdf
MalwareAnalyst Cookbook
https://malwareanalysis.co/wp-content/uploads/2019/09/Malware-Analysts-Cookbook.pdf
PracticalReverse Engineering
https://malwareanalysis.co/wp-content/uploads/2019/09/Practical-Reverse-Engineering.pdf
Rootkitsand Bootkits
https://www.amazon.com/Rootkits-Bootkits-Reversing-Malware-Generation/dp/1593277164/
Art ofComputer Virus Research and Defense
https://www.amazon.com/The-Computer-Virus-Research-Defense/dp/0321304543
Reversing:Secrets of Reverse Engineering
https://www.amazon.com/Reversing-Secrets-Engineering-Eldad-Eilam/dp/0764574817
LearningMalware Analysis: Explore the concepts, tools, and techniques to analyze andinvestigate Windows malware
https://www.amazon.com/Learning-Malware-Analysis-techniques-investigate/dp/1788392507
MasteringMalware Analysis
https://www.amazon.com/Mastering-Malware-Analysis-combating-cybercrime/dp/1789610788
MalwareData Science
https://www.amazon.com/Malware-Data-Science-Detection-Attribution/dp/1593278594
PracticalBinary Analysis
https://www.amazon.com/Practical-Binary-Analysis-Instrumentation-Disassembly/dp/1593279124
WindowsInternals 7th Edition
https://www.amazon.com/Windows-Internals-Part-architecture-management/dp/0735684189/
https://www.amazon.com/Windows-Internals-Part-2-7th/dp/0135462401
PracticalPacket Analysis 3rd Edition
https://malwareanalysis.co/wp-content/uploads/2019/10/Practical-Packet-Analysis-Using-Wireshark-to-Solve-Real-World-Problems.pdf
AndroidMalware and Analysis
https://malwareanalysis.co/wp-content/uploads/2019/12/Android_Malware_and_Analysis.pdf
AndroidSecurity Internals
https://malwareanalysis.co/wp-content/uploads/2019/12/Android_Security_Internals.pdf
恶意样本培训课程
Intro to Malware Analysis and Reverse Engineering
https://www.cybrary.it/course/malware-analysis/
FOR610:Reverse-Engineering Malware: Malware Analysis Tools and Techniques
https://www.sans.org/course/reverse-engineering-malware-malware-analysis-tools-techniques
MalwareAnalysis Master Course
https://www.fireeye.com/services/training/courses/malware-analysis-master-course.html
CertifiedMalware Reverse Engineer
https://www.crest-approved.org/examination/malware-reverse-engineer/index.html
ARES(Advanced Reverse Engineering of Software)
https://www.elearnsecurity.com/course/advanced_reverse_engineering_of_software/
RPISEC
https://github.com/RPISEC/Malware
MalwareDynamic Analysis / Reverse Engineering Malware
http://opensecuritytraining.info/MalwareDynamicAnalysis.html
http://opensecuritytraining.info/ReverseEngineeringMalware.html
PracticalMalware Analysis Labs
https://github.com/mikesiko/PracticalMalwareAnalysis-Labs
Zero 2Hero
https://www.sentinelone.com/lp/zero2hero/
需要关于的一些Twitter
https://twitter.com/malwrhunterteam
https://twitter.com/taosecurity
https://twitter.com/OpenMalware
https://twitter.com/monnappa22
https://twitter.com/iMHLv2
https://twitter.com/MalwarePatrol
https://twitter.com/repmovsb
https://twitter.com/Hexacorn
https://twitter.com/idonaor1
https://twitter.com/virusbay_io
https://twitter.com/hasherezade
https://twitter.com/patrickwardle
https://twitter.com/attrc
https://twitter.com/vk_intel
https://twitter.com/binitamshah
https://twitter.com/botherder
https://twitter.com/mephux
https://twitter.com/hiddenillusion
https://twitter.com/hectaman
https://twitter.com/lennyzeltser
https://twitter.com/struppigel
https://twitter.com/skier_t
https://twitter.com/0xAmit
https://twitter.com/x0rz
https://twitter.com/demonslay335
https://twitter.com/0xffff0800
https://twitter.com/ochsenmeier
https://twitter.com/idatips
https://twitter.com/enigma0x3
https://twitter.com/GHIDRA_RE
https://twitter.com/volatility
https://twitter.com/Unit42_Intel
https://twitter.com/makflwana
https://twitter.com/mal_share
https://twitter.com/JakubKroustek
https://twitter.com/MarceloRivero
https://twitter.com/0xcharlie
https://twitter.com/ashley_shen_920
https://twitter.com/alexsevtsov
https://twitter.com/ale_sp_brazil
https://twitter.com/mayahustle
https://twitter.com/tomchop_
https://twitter.com/MalwareTechBlog
https://twitter.com/malwrhunterteam
https://twitter.com/bbaskin
https://twitter.com/albertzsigovits
https://twitter.com/JaromirHorejsi
恶意样本分析视频网站、论坛和博客
视频网站
MalwareAnalysis For Hedgehogs-Malware analysis and reverse engineering
https://www.youtube.com/channel/UCVFXrUwuWxNlm6UNZtBLJ-A
ColinHardy – Malware analysis, reverse engineering andmore
https://www.youtube.com/channel/UCND1KVdVt8A580SjdaS4cZg
SANSDigital Forensics and Incident Response – Malwareanalysis, digital forensics and more
https://www.youtube.com/user/robtlee73
OALabs – Malware analysis, reverse engineering and more
https://www.youtube.com/channel/UC–DwaiMV-jtO-6EvmKOnqg
HackerSploit – Malware analysis, reverse engineering and more
https://www.youtube.com/channel/UC0ZTPkdxlAKf-V33tqXwi3Q
Ring ZeroLabs – Malware analysis
https://www.youtube.com/user/H4rM0n1cH4cK
KindredSecurity – Malware analysis and more
https://www.youtube.com/channel/UCwTH3RkRCIE35RJ16Nh8V8Q
Monnappa KA – Malware analysis, memory forensics and more
https://www.youtube.com/user/hackycracky22
LukasStefanko – Android malware analysis
https://www.youtube.com/channel/UCg08SXtXlfADk4yAODpShfQ/
论坛
KernelMode
https://www.kernelmode.info/forum/
https://www.reddit.com/r/ReverseEngineering/
HackForums
https://hackforums.net/
oxooSec
https://0x00sec.org/
博客
MalwareTech
https://www.malwaretech.com/
MalwareTraffic Analysis
https://www.malware-traffic-analysis.net/
LennyZeltser Blog
https://zeltser.com/blog/
hasherezade’s 1001 nights
https://hshrzd.wordpress.com/
FireEyeBlog
https://www.fireeye.com/blog.html
VirusBayBlog
https://www.blog.virusbay.io/
CyberBitBlog
https://www.cyberbit.com/blog/
CybereasonBlog
https://www.cybereason.com/blog
MalwareMust Die
https://blog.malwaremustdie.org/
Unit42Palo Alto
https://unit42.paloaltonetworks.com/
EnsiloBreaking Malware
https://blog.ensilo.com/topic/ensilo-breaking-malware
LukasStefanko Blog
https://lukasstefanko.com/
GhettoForensics
http://www.ghettoforensics.com/
Modexp
https://modexp.wordpress.com/
Hexacorn
http://www.hexacorn.com/blog/
Fumik0_’s box
https://fumik0.com/
还有笔者的博客,哈哈哈哈
MalwareAnalysis
https://www.malwareanalysis.cn/
近期国外又推出一本新书叫《Mastering Malware Analysis》,还不错,内容比较丰富,很适合入门学习,里面包含:寄存器基础知识,静态动态分析方法,进程注入,反调试,漏洞原理分析研究,ShellCode,混淆脱壳,以及各种不同语言,不同平台的样本分析技术,网上已经有电子版,可以去搜索下载学习
1.A Crash Course in CISC/RISC and ProgrammingBasics
2.Basic Static and Dynamic Analysis forx86/x64
3.Unpacking, Decryption, and Deobfuscation
4.Inspecting Process Injection and APIHooking
5.Bypassing Anti-Reverse EngineeringTechniques
6.Understanding Kernel-Mode Rootkits
7.Handling Exploits and Shellcode
8.Reversing Bytecode Languages:.NET,Java, andMore
9.Scripts and Macros:Reversing,Deobfuscation,and Debugging
10.Dissecting Linux and IoT Malware
11.Introduction to macOS and iOS Threats
12.Analyzing Android Malware Samples
全球各地每天都在发生各种恶意软件攻击事件,不断有新的恶意软件出现,已知的恶意软件家族也在不断变种,同时新的黑客组织不断涌现,旧的成熟的黑客组织也在研究新的网络攻击武器,开发新型的恶意软件,然而现在国内关注和了解的人可能并不多,深入逆向分析、追踪研究的人就更少了,最近几年其实各种针对企业或特定目标发起的恶意软件攻击事件层出不穷,安全的本质永远是人与人的对抗,黑客组织会永不停止地开发和更新各种新型的恶意软件并对目标发起网络攻击,做安全与做黑产最直接的对抗就是恶意样本,攻与防永不停止,恶意样本更是无处不在,明年笔者将组建一支专业的恶意软件研究攻防小组,专注于全球最新最流行的各种恶意样本的分析与研究,致力于打造全球最专业的恶意样本研究小组,需要更多专业的安全研究人员,有兴趣的可以私聊笔者,加入进来,跟笔者一起努力,同时笔者所在公司需要各种专业的安全人才,有兴趣的都可以私聊发简历给我,微信:pandazhengzheng,希望将来能一起共事!
其实之前也给大家分享过很多资料,做这行需要自己花费大量的时间去研究,不是一朝一夕的事,活到老,学到老,很多人可能只是浅尝而止,还有一些人,只会夸夸其谈,其实根本不懂,不管哪个行业,永远不要去听取一些不专业的人给你的任何建议,任何一个行业都需要专业的人来做专业的事,你要做的就是坚持到底,才能有所收获,才能成为行业真正的领者导!
想解锁更多安全分析与研究的各种姿势,想在安全的路上多几个引路人,可以加入知识星球进行学习讨论,加入星球的朋友可以加入《安全分析与研究》专业群,与群里的各位安全研究员一起交流,讨论,研究各种安全技术,让你在学习成长的路上多一个伙伴,共同学习,共同成长
加入知识星球,安全的路上,我们一路前行
长按识别二维码加入星球
安全的路还很长,贵在坚持,做安全的要少熬夜,注意身体......
觉得内容还不错的话,给我点个“在看”呗