Friday, February 15, 2019

Reverse Engineering the FOR610

 I don't have $7,000, but what I do have is a (non-comprehensive) list of tools and course targets graciously provided by the SANS institute, as well as access to a library of Malware Analysis resources and a few video courses within my reach. Here's what I've come up with.
Tools and Targets of FOR610
https://www.sans.org/course/reverse-engineering-malware-malware-analysis-tools-techniques/course/asc/ - Targets
Tools:
Malware Analysis Fundementals:
*pestr
*peframe
*PeStudio
*Process Hacker
*Process Monitor
*Regshot
*ProcDOT
*x64dbg
*API Monitor
*INetSim

Reverseing Malicious Code:
*IDA Pro

Malicious Web and Document Files:
*Fiddler
*SpiderMonkey
*box-js
*base64dump.py
*pdf-parser.py
*peepdf.py
*scdbg
*olevba.py
*oledump.py
*rtfdump.py
*jmp2it

In Depth Malware Analysis (Packers, Debugging, API Hooks, Memory Forensics):
*Detect It Easy
*Exeinfo Pe
*Bytehist
*CFF Explorer
*Scylla
*OllyDumpEx
*Volatility

Self Defending Malware (Antidebugging, unconventional packing):
*FLOSS
*bbcrack.py
*ScyllaHide
*pe_unmapper

No comments:

Post a Comment

Finding Undocumented Intel Atom MSR's in the Viliv S5 Pt 2: Software RE

Sandsifter  logs were a bust, was unable to get the summarize started so I decided to try other  means of finding MSR's. I decided ...