https://www.crowdstrike.

com/
cybersecurity-101/malware/malware-
analysis/

https://en.wikipedia.org/wiki/Malware_
analysis

https://sectigostore.com/blog/malware-
analysis-what-it-is-how-it-works/

https://digitalguardian.com/blog/what-
malware-analysis-defining-and-outlining-
process-malware-analysis

https://www.sans.org/reading-room/
whitepapers/malicious/paper/2103

https://www.sans.org/blog/how-you-can-
start-learning-malware-analysis/

https://www.logsign.com/blog/malware-
analysis-things-you-should-know/

https://www.first.org/global/sigs/malware/

https://www.opswat.com/solutions/
malware-analysis

https://medium.com/techiepedia/malware-
analysis-the-art-of-understanding-
malware-ffc5e69feb3e
What is?
https://www.jigsawacademy.com/blogs/
cyber-security/malware-analysis/

https://astromachineworks.com/what-is-
reverse-engineering/#:~:text=Reverse%
20engineering%2C%20sometimes%
20called%20back,individual%
20components%20of%20larger%
20products.

https://www.youtube.com/watch?v=
oxo1FBScEAs

https://www.youtube.com/watch?v=
a2EkORFcSZo

https://www.youtube.com/watch?v=
7v7UaMsgg_c

https://www.wevolver.com/article/what-is-
reverse-engineering-

https://www.computerworld.com/article/
2585652/reverse-engineering.html

https://www.geeksforgeeks.org/software-
engineering-reverse-engineering/

Web traffic anonymizers for analysts.

Anonymouse.org - A free, web based

anonymizer.

OpenVPN - VPN software and hosting

Anonymizers solutions.

Privoxy - An open source proxy server with

some privacy features.

Tor - The Onion Router, for browsing the

web without leaving traces of the client IP.

Trap and collect your own samples.

Conpot - ICS/SCADA honeypot.

Cowrie - SSH honeypot, based on Kippo.

DemoHunter - Low interaction Distributed

Honeypots.

Dionaea - Honeypot designed to trap

malware.

Glastopf - Web application honeypot.

Honeyd - Create a virtual honeynet.

HoneyDrive - Honeypot bundle Linux

Honeypots distro.

Honeytrap - Opensource system for

running, monitoring and managing
honeypots.

MHN - MHN is a centralized server for

management and data collection of
honeypots. MHN allows you to deploy
sensors quickly and to collect data
immediately, viewable from a neat web
interface.

Mnemosyne - A normalizer for honeypot

data; supports Dionaea.

Thug - Low interaction honeyclient, for

investigating malicious websites.

Malware samples collected for analysis.

Clean MX - Realtime database of malware

and malicious domains.

Contagio - A collection of recent malware

samples and analyses.

Exploit Database - Exploit and shellcode

samples.

Infosec - CERT-PA - Malware samples

collection and analysis.

InQuest Labs - Evergrowing searchable

corpus of malicious Microsoft documents.

Javascript Mallware Collection - Collection

of almost 40.000 javascript malware
samples

Malpedia - A resource providing rapid

identification and actionable context for
malware investigations.

Malshare - Large repository of malware

actively scrapped from malicious sites.

Open Malware Project - Sample

information and downloads. Formerly
Offensive Computing.

Ragpicker - Plugin based malware crawler

Malware Corpora with pre-analysis and reporting
functionalities

theZoo - Live malware samples for analysts.

Tracker h3x - Agregator for malware

corpus tracker and malicious download
sites.

vduddu malware repo - Collection of

various malware files and source code.

VirusBay - Community-Based malware

repository and social network.

ViruSign - Malware database that detected

by many anti malware programs except
ClamAV.

VirusShare - Malware repository,

registration required.

VX Vault - Active collection of malware

samples.

Zeltser's Sources - A list of malware

sample sources put together by Lenny
Zeltser.

Zeus Source Code - Source for the Zeus

trojan leaked in 2011.

VX Underground - Massive and growing

collection of free malware samples.

Harvest and analyze IOCs.

AbuseHelper - An open-source framework

for receiving and redistributing abuse
feeds and threat intel.

AlienVault Open Threat Exchange - Share

and collaborate in developing Threat
Intelligence.

Combine - Tool to gather Threat

Intelligence indicators from publicly
available sources.

Fileintel - Pull intelligence per file hash.

Hostintel - Pull intelligence per host.

IntelMQ - A tool for CERTs for processing

incident data using a message queue.

IOC Editor - A free editor for XML IOC files.

iocextract - Advanced Indicator of

Compromise (IOC) extractor, Python library
and command-line tool.

ioc_writer - Python library for working with

OpenIOC objects, from Mandiant.

MalPipe - Malware/IOC ingestion and

processing engine, that enriches collected
data.

Massive Octo Spice - Previously known as

CIF (Collective Intelligence Framework).
Aggregates IOCs from various lists. Curated
by the CSIRT Gadgets Foundation.

MISP - Malware Information Sharing

Platform curated by The MISP Project.

Pulsedive - Free, community-driven threat

intelligence platform collecting IOCs from
open-source feeds.

PyIOCe - A Python OpenIOC editor.

RiskIQ - Research, connect, tag and share

IPs and domains. (Was PassiveTotal.)

threataggregator - Aggregates security

threats from a number of sources,
including some of those listed below in
other resources.

ThreatConnect - TC Open allows you to see

and share open source threat data, with
support and validation from our free
community.

ThreatCrowd - A search engine for threats,

with graphical visualization.

ThreatIngestor - Build automated threat

intel pipelines sourcing from Twitter, RSS,
GitHub, and more.

ThreatTracker - A Python script to monitor

and generate alerts based on IOCs indexed
by a set of Google Custom Search Engines.

TIQ-test - Data visualization and statistical

analysis of Threat Intelligence feeds.

Autoshun (list) - Snort plugin and blocklist.

Bambenek Consulting Feeds - OSINT feeds

based on malicious DGA algorithms.

Fidelis Barncat - Extensive malware config

database (must request access).

CI Army (list) - Network security blocklists.

Critical Stack- Free Intel Market - Free intel

aggregator with deduplication featuring
90+ feeds and over 1.2M indicators.
Open Source Threat Intelligence
Cybercrime tracker - Multiple botnet
active tracker.

FireEye IOCs - Indicators of Compromise

shared publicly by FireEye.

FireHOL IP Lists - Analytics for 350+ IP lists

with a focus on attacks, malware and
abuse. Evolution, Changes History, Country
Maps, Age of IPs listed, Retention Policy,
Overlaps.

HoneyDB - Community driven honeypot

sensor data collection and aggregation.

hpfeeds - Honeypot feed protocol.

Infosec - CERT-PA lists (IPs - Domains -

URLs) - Blocklist service.

InQuest REPdb - Continuous aggregation

of IOCs from a variety of open reputation
sources.

InQuest IOCdb - Continuous aggregation

of IOCs from a variety of blogs, Github
repos, and Twitter.

Internet Storm Center (DShield) - Diary

and searchable incident database, with a
web API. (unofficial Python library).

malc0de - Searchable incident database.

Malware Domain List - Search and share

malicious URLs.

MetaDefender Threat Intelligence Feed -

List of the most looked up file hashes from
MetaDefender Cloud.

OpenIOC - Framework for sharing threat

intelligence.

Proofpoint Threat Intelligence - Rulesets

and more. (Formerly Emerging Threats.)

Ransomware overview - A list of

ransomware overview with details,
detection and prevention.

STIX - Structured Threat Information

eXpression - Standardized language to
represent and share cyber threat
information. Related efforts from MITRE:

CAPEC - Common Attack Pattern

Enumeration and Classification

CybOX - Cyber Observables eXpression

MAEC - Malware Attribute Enumeration

and Characterization

TAXII - Trusted Automated eXchange of

Indicator Information

SystemLookup - SystemLookup hosts a

collection of lists that provide information
on the components of legitimate and
potentially unwanted programs.

ThreatMiner - Data mining portal for threat

intelligence, with search.

threatRECON - Search for indicators, up to

1000 free per month.

ThreatShare - C2 panel tracker

Yara rules - Yara rules repository.

YETI - Yeti is a platform meant to organize

observables, indicators of compromise,
TTPs, and knowledge on threats in a single,
unified repository.

ZeuS Tracker - ZeuS blocklists.

AnalyzePE - Wrapper for a variety of tools

for reporting on Windows PE files.

Assemblyline - A scalable distributed file

analysis framework.

BinaryAlert - An open source, serverless

AWS pipeline that scans and alerts on
uploaded files based on a set of YARA
rules.

capa - Detects capabilities in executable

files.

chkrootkit - Local Linux rootkit detection.

ClamAV - Open source antivirus engine.

Detect It Easy(DiE) - A program for

determining types of files.

Exeinfo PE - Packer, compressor detector,

unpack info, internal exe tools.

ExifTool - Read, write and edit file

metadata.

File Scanning Framework - Modular,

recursive file scanning solution.

fn2yara - FN2Yara is a tool to generate Yara

signatures for matching functions (code)
in an executable program.

Generic File Parser - A Single Library Parser

to extract meta information,static analysis
and detect macros within the files.

hashdeep - Compute digest hashes with a

variety of algorithms.

HashCheck - Windows shell extension to

compute hashes with a variety of
algorithms.

Loki - Host based scanner for IOCs.

Malfunction - Catalog and compare

malware at a function level.

Manalyze - Static analyzer for PE

executables.

MASTIFF - Static analysis framework.

Detection and Classification
MultiScanner - Modular file scanning/
analysis framework

Nauz File Detector(NFD) - Linker/Compiler/

Tool detector for Windows, Linux and
MacOS.

nsrllookup - A tool for looking up hashes in

NIST's National Software Reference Library
database.

packerid - A cross-platform Python

alternative to PEiD.

PE-bear - Reversing tool for PE files.

PEframe - PEframe is an open source tool

to perform static analysis on Portable
Executable malware and malicious MS
Office documents.

PEV - A multiplatform toolkit to work with

PE files, providing feature-rich tools for
proper analysis of suspicious binaries.

PortEx - Java library to analyse PE files with

a special focus on malware analysis and PE
malformation robustness.

Quark-Engine - An Obfuscation-Neglect
Android Malware Scoring System

Rootkit Hunter - Detect Linux rootkits.

ssdeep - Compute fuzzy hashes.

totalhash.py - Python script for easy

searching of the TotalHash.cymru.com
database.

TrID - File identifier.

YARA - Pattern matching tool for analysts.

Yara rules generator - Generate yara rules

based on a set of malware samples. Also
contains a good strings DB to avoid false
positives.

Yara Finder - A simple tool to yara match

the file against various yara rules to find
the indicators of suspicion.

anlyz.io - Online sandbox.

any.run - Online interactive sandbox.

AndroTotal - Free online analysis of APKs

against multiple mobile antivirus apps.

AVCaesar - Malware.lu online scanner and

malware repository.

BoomBox - Automatic deployment of

Cuckoo Sandbox malware lab using
Packer and Vagrant.

Cryptam - Analyze suspicious office

documents.

Cuckoo Sandbox - Open source, self

hosted sandbox and automated analysis
system.

cuckoo-modified - Modified version of

Cuckoo Sandbox released under the GPL.
Not merged upstream due to legal
concerns by the author.

cuckoo-modified-api - A Python API used

to control a cuckoo-modified sandbox.

DeepViz - Multi-format file analyzer with

machine-learning classification.

detux - A sandbox developed to do traffic

analysis of Linux malwares and capturing
IOCs.

DRAKVUF - Dynamic malware analysis

system.

firmware.re - Unpacks, scans and analyzes

almost any firmware package.

HaboMalHunter - An Automated Malware

Analysis Tool for Linux ELF Files.

Hybrid Analysis - Online malware analysis

tool, powered by VxSandbox.

Intezer - Detect, analyze, and categorize

malware by identifying code reuse and
code similarities.

IRMA - An asynchronous and

customizable analysis platform for
suspicious files.

Joe Sandbox - Deep malware analysis with

Joe Sandbox.

Jotti - Free online multi-AV scanner.

Limon - Sandbox for Analyzing Linux

Malware.

Malheur - Automatic sandboxed analysis

of malware behavior.
https://www.youtube.com/watch?v= Online Scanners and Sandboxes
NCO9F7U3d6c malice.io - Massively scalable malware
analysis framework.
https://www.youtube.com/watch?v=
LQDRophNaRU malsub - A Python RESTful API framework
for online malware and URL analysis
https://www.youtube.com/watch?v=285b_ services.
DEmvHY
Malware config - Extract, decode and
https://www.youtube.com/watch?v= display online the configuration settings
kx2xp7IQNSc from common malwares.

https://www.youtube.com/watch?v= MalwareAnalyser.io - Online malware

irhcfHBkfe0 anomaly-based static analyser with
heuristic detection engine powered by
https://www.youtube.com/watch?v=
data mining and machine learning.
D4pc63SeHxI
Malwr - Free analysis with an online
https://www.youtube.com/watch?v=lR0nh-
Cuckoo Sandbox instance.
TdpVg
MetaDefender Cloud - Scan a file, hash, IP,
https://www.youtube.com/watch?v=
URL or domain address for malware for
mhOWdH2zwMk
free.
https://www.youtube.com/watch?v=
NetworkTotal - A service that analyzes
yf6J8XO_wpY
pcap files and facilitates the quick
https://www.youtube.com/watch?v= detection of viruses, worms, trojans, and all
3aCLFzCzPFI kinds of malware using Suricata
configured with EmergingThreats Pro.
https://www.youtube.com/watch?v=
q7VZtCUphgg Noriben - Uses Sysinternals Procmon to
collect information about malware in a
https://www.youtube.com/watch?v= sandboxed environment.
OeG4KBWB-EY
PacketTotal - PacketTotal is an online
https://www.youtube.com/watch?v= engine for analyzing .pcap files, and
QhCzYdqHlrs visualizing the network traffic within.

https://www.youtube.com/watch?v= PDF Examiner - Analyse suspicious PDF

lF4vJVzk68Y files.

https://www.youtube.com/watch?v= ProcDot - A graphical malware analysis

v7XcyCjUTWk&t=8s tool kit.

https://www.youtube.com/watch?v=upe2- Recomposer - A helper script for safely

1UfEaM uploading binaries to sandbox sites.

https://www.youtube.com/watch?v= sandboxapi - Python library for building

xcicWCxdmSU integrations with several open source and
commercial malware sandboxes.
https://www.youtube.com/watch?v=
3pH13DxClag SEE - Sandboxed Execution Environment (
SEE) is a framework for building test
https://www.youtube.com/watch?v= automation in secured Environments.
qLCE8spVX9Q
SEKOIA Dropper Analysis - Online dropper
https://www.youtube.com/watch?v=- analysis (Js, VBScript, Microsoft Office, PDF).
cZ7eDV2n5Y
VirusTotal - Free online analysis of malware
https://www.youtube.com/watch?v=B- samples and URLs
XELDUtaa8
Visualize_Logs - Open source visualization
https://www.youtube.com/watch?v= library and command line tools for logs. (
i3I8wtrjYY4 Cuckoo, Procmon, more to come...)

https://www.youtube.com/watch?v= Zeltser's List - Free automated sandboxes

9fAnRkJ6N3s and services, compiled by Lenny Zeltser.

https://www.youtube.com/watch?v=
AbuseIPDB - AbuseIPDB is a project
TDk2RId8LFo
dedicated to helping combat the spread
of hackers, spammers, and abusive activity
https://www.youtube.com/watch?v=
on the internet.
6Chp12sEnWk
badips.com - Community based IP
https://www.youtube.com/watch?v=-MaO-
blacklist service.
lmteeQ
boomerang - A tool designed for
https://www.youtube.com/watch?v=
consistent and safe capture of off network
FGCle6T0Jpc
web resources.
https://www.youtube.com/watch?v=
2NawGCUOYT4 Cymon - Threat intelligence tracker, with
IP/domain/hash search.
https://www.youtube.com/watch?v=
KSA2ZIDS1ec Desenmascara.me - One click tool to
retrieve as much metadata as possible for
https://www.youtube.com/watch?v= a website and to assess its good standing.
3pH13DxClag
Dig - Free online dig and other network
https://www.youtube.com/watch?v= tools.
L8lA1pNvcz4
dnstwist - Domain name permutation
https://www.youtube.com/watch?v= engine for detecting typo squatting,
BMFCdAGxVN4 phishing and corporate espionage.

https://www.youtube.com/watch?v= IPinfo - Gather information about an IP or

Talks
bU1F5TdzLDM domain by searching online resources.

https://www.youtube.com/watch?v= Machinae - OSINT tool for gathering

zm7CLH4qrWE information about URLs, IPs, or hashes.
Similar to Automator.
https://www.youtube.com/watch?v=
VBuWOPHQnZI mailchecker - Cross-language temporary
email detection library.
https://www.youtube.com/watch?v=j_
DRFWg1arw MaltegoVT - Maltego transform for the
VirusTotal API. Allows domain/IP research,
https://www.youtube.com/watch?v= and searching for file hashes and scan
y2lhY18f578 reports.

https://www.youtube.com/watch?v= Multi rbl - Multiple DNS blacklist and

l5sMPGjtKn0&t=10s forward confirmed reverse DNS lookup
over more than 300 RBLs.
https://www.youtube.com/watch?v=
Hw2HclZV2Kw NormShield Services - Free API Services for
detecting possible phishing domains,
https://www.youtube.com/watch?v= blacklisted ip addresses and breached
EDBtJhQlr_0 Domain Analysis accounts.

https://www.youtube.com/watch?v= PhishStats - Phishing Statistics with search

sObGrnesxv4 for IP, domain and website title

https://www.youtube.com/watch?v=wDNQ-
Spyse - subdomains, whois, realted
8aWLO0
domains, DNS, hosts AS, SSL/TLS info,
https://www.youtube.com/watch?v=
SecurityTrails - Historical and current
2kyFLB9aK8Q
WHOIS, historical and current DNS
records, similar domains, certificate
https://www.youtube.com/watch?v=
information and other domain and IP
OcuzaOLs7dM
related API and tools.
https://www.youtube.com/watch?v=Y6e_
SpamCop - IP based spam block list.
ctKqSqM

https://www.youtube.com/watch?v= SpamHaus - Block list based on domains

N0Ne623fKWc and IPs.

https://www.youtube.com/watch?v= Sucuri SiteCheck - Free Website Malware

HlUe0TUHOIc and Security Scanner.

https://www.youtube.com/watch?v= Talos Intelligence - Search for IP, domain

s0Tqi7fuOSU or network owner. (Previously SenderBase.)

https://www.youtube.com/watch?v= TekDefense Automater - OSINT tool for

g6dtjtYOw2w gathering information about URLs, IPs, or
hashes.
https://www.youtube.com/watch?v=
lyeko1GILU4 URLhaus - A project from abuse.ch with
the goal of sharing malicious URLs that are
https://www.youtube.com/watch?v= being used for malware distribution.
q9KWeXRk8UU
URLQuery - Free URL Scanner.
https://www.youtube.com/watch?v=
icJ8HV22cbc urlscan.io - Free URL Scanner & domain
information.
https://www.youtube.com/watch?v=
hOKWTeiyy-Q Whois - DomainTools free online whois
search.
https://www.youtube.com/watch?v=
cHo0zl8gtrU Zeltser's List - Free online tools for
researching malicious websites, compiled
https://www.youtube.com/watch?v= by Lenny Zeltser.
YM5I8yR7yCw
ZScalar Zulu - Zulu URL Risk Analyzer.
https://www.youtube.com/watch?v=
hbqVNlwfjxo Bytecode Viewer - Combines multiple Java
bytecode viewers and decompilers into
https://www.youtube.com/watch?v= one tool, including APK/DEX support.
HlUe0TUHOIc
Firebug - Firefox extension for web
https://www.youtube.com/watch?v= development.
6FzGGKnzO20
Java Decompiler - Decompile and inspect
https://www.youtube.com/watch?v= Java apps.
DHsqb2poGII&t=128s
Java IDX Parser - Parses Java IDX cache
https://www.youtube.com/watch?v=
files.
2NawGCUOYT4&t=4s
JSDetox - JavaScript malware analysis tool.
https://www.youtube.com/watch?v=hABj_
mrP-no
jsunpack-n - A javascript unpacker that
emulates browser functionality.
https://www.youtube.com/watch?v=
HsievGJQG0w Browser Malware
Krakatau - Java decompiler, assembler,
and disassembler.
https://www.youtube.com/watch?v=
ZDXTdgfG5HE
Malzilla - Analyze malicious web pages.
https://www.youtube.com/watch?v=
LAkYW5ixvhg RABCDAsm - A "Robust ActionScript
Bytecode Disassembler."

SWF Investigator - Static and dynamic

https://project-awesome.org/carpedm20/ analysis of SWF applications.
awesome-hacking
swftools - Tools for working with Adobe
https://github.com/wtsxDev/reverse- Flash files.
engineering
xxxswf - A Python script for analyzing Flash
https://github.com/mytechnotalent/ Reverse Engineering files.
Reverse-Engineering
AnalyzePDF - A tool for analyzing PDFs
https://github.com/tylerha97/awesome-
and attempting to determine whether
reversing
they are malicious.

box-js - A tool for studying JavaScript

https://www.youtube.com/watch?v= malware, featuring JScript/WScript
h6BXMcRqYhA support and ActiveX emulation.

https://www.youtube.com/watch?v= diStorm - Disassembler for analyzing

gBkvAO02qUY malicious shellcode.

https://twitter.com/zodiacon InQuest Deep File Inspection - Upload

common malware lures for Deep File
https://github.com/zodiacon Inspection and heuristical analysis.

https://www.pluralsight.com/authors/pavel- JS Beautifier - JavaScript unpacking and

yosifovich deobfuscation.

https://www.youtube.com/watch?v= https://github.com/rshipp/awesome-
libemu - Library and tools for x86
AsSMKL5vaXw malware-analysis
Awesome Malware Analysis shellcode emulation.
Pavel Yosifovich
https://scorpiosoftware.net/recorded-talks/ malpdfobj - Deconstruct malicious PDFs
into a JSON representation.
https://www.youtube.com/watch?v=
dXSUrCyWqfw
OfficeMalScanner - Scan for malicious
traces in MS Office documents.
https://www.youtube.com/watch?v=
Documents and Shellcode
k7nAtrwPhR8
olevba - A script for parsing OLE and
OpenXML documents and extracting
https://channel9.msdn.com/Shows/Defrag-
useful information.
Tools/Defrag-Tools-177-Windows-Internals-
7th-Edition-Part-1
Origami PDF - A tool for analyzing
malicious PDFs, and more.
https://www.amazon.it/Pavel-Yosifovich/e/
B00A2OTORO
PDF Tools - pdfid, pdf-parser, and more
from Didier Stevens.

https://github.com/filipi86 PDF X-Ray Lite - A PDF analysis tool, the

backend-free version of PDF X-RAY.
https://twitter.com/FilipiPires?ref_src=
twsrc%5Egoogle%7Ctwcamp%5Eserp% peepdf - Python tool for exploring possibly
7Ctwgr%5Eauthor malicious PDFs.

https://www.youtube.com/watch?v=HYut- QuickSand - QuickSand is a compact C

Xaapow framework to analyze suspected malware
documents to identify exploits in streams
https://www.youtube.com/watch?v= of different encodings and to locate and
TGNtFUkmdBg extract embedded executables.

https://www.youtube.com/watch?v=
Spidermonkey - Mozilla's JavaScript
IqFOL7etSCc&t
engine, for debugging malicious JS.
https://www.youtube.com/watch?v=
For extracting files from inside disk and
yAjvfTYEhOw
memory images.
https://www.youtube.com/watch?v=
bulk_extractor - Fast file carving tool.
nxlqxLWO16k Filipi Pires
EVTXtract - Carve Windows Event Log files
https://www.youtube.com/watch?v=
from raw binary data.
ixtzZdDvJZA&t

https://www.youtube.com/watch?v= Foremost - File carving tool designed by

9S41xfTGQDo File Carving the US Air Force.

https://www.youtube.com/watch?v= hachoir3 - Hachoir is a Python library to

NVXpBy3RNTE view and edit a binary stream field by field.

https://www.youtube.com/watch?v= Scalpel - Another data carving tool.

bEyzxrLqX6Y
Malware and SFlock - Nested archive extraction/
https://www.youtube.com/watch?v= unpacking (used in Cuckoo Sandbox).
F2ClgsBZiFk Reverse Engineering
Balbuzard - A malware analysis tool for
https://www.youtube.com/watch?v= Complete Collection reversing obfuscation (XOR, ROL, etc) and
cev5YF64H58 more.
by Joas
de4dot - .NET deobfuscator and unpacker.
https://www.linkedin.com/in/joas-antonio-
ex_pe_xor & iheartxor - Two tools from
dos-santos
Alexander Hanel for working with single-
byte XOR encoded files.
https://twitter.com/C0d3Cr4zy
My Social Networks
FLOSS - The FireEye Labs Obfuscated
https://medium.com/@joasantonio108
String Solver uses advanced static analysis
techniques to automatically deobfuscate
strings from malware binaries.
https://www.youtube.com/c/KasperskyLab/
videos NoMoreXOR - Guess a 256 byte XOR key
using frequency analysis.
https://www.youtube.com/user/
TrendMicroInc PackerAttacker - A generic hidden code
Vendor Research extractor for Windows malware.
https://www.youtube.com/user/
SecureNetworks PyInstaller Extractor - A Python script to
extract the contents of a PyInstaller
generated Windows executable file. The
https://www.mentebinaria.com.br/ contents of the pyz file (usually pyc files)
treinamentos/programa%C3%A7%C3% present inside the executable are also
A3o-moderna-em-c/ extracted and automatically fixed so that a
Python bytecode decompiler will
https://www.mentebinaria.com.br/ recognize it.
treinamentos/an%C3%A1lise-de-malware-
Deobfuscation
online-amo-r11/ uncompyle6 - A cross-version Python
bytecode decompiler. Translates Python
https://www.mentebinaria.com.br/ bytecode back into equivalent Python
treinamentos/curso-de-engenharia- source code.
reversa-online-cero-r6/
un{i}packer - Automatic and platform-
https://www.mentebinaria.com.br/ independent unpacker for Windows
treinamentos/curso-de-explora%C3%A7% Mente Binaria binaries based on emulation.
C3%A3o-de-bin%C3%A1rios-ceb-r8/
unpacker - Automated malware unpacker
https://www.mentebinaria.com.br/ for Windows malware based on
treinamentos/curso-de-ghidra-r9/ WinAppDbg.

https://github.com/mentebinaria/ unxor - Guess XOR keys using known-

plaintext attacks.
https://github.com/mentebinaria/
fundamentos-engenharia-reversa VirtualDeobfuscator - Reverse engineering
tool for virtualization wrappers.

http://index-of.co.uk/Malware/WINDOWS% XORBruteForcer - A Python script for brute

20SYSINTERNALS%20ADMINISTRATOR'S% forcing single-byte XOR keys.
20REFERENCE.pdf
XORSearch & XORStrings - A couple
https://ptgmedia.pearsoncmg.com/images/ programs from Didier Stevens for finding
9780735684447/samplepages/ XORed data.
9780735684447.pdf
xortool - Guess XOR key length, as well as
https://neprisstore.blob.core.windows.net/ the key itself.
sessiondocs/doc_c67d889c-039a-4977-
8266-3e025c1408e3.pdf angr - Platform-agnostic binary analysis
framework developed at UCSB's Seclab.
https://docs.microsoft.com/en-us/
sysinternals/downloads/ bamfdetect - Identifies and extracts
information from bots and other malware.
https://www.ebooks.com/en-us/book/
Sysinternals
95824138/troubleshooting-with-the- BAP - Multiplatform and open source (MIT)
windows-sysinternals-tools/mark-e- binary analysis framework developed at
russinovich/ CMU's Cylab.

https://repo.zenk-security.com/Linux% BARF - Multiplatform, open source Binary

20et%20systemes%20d.exploitations/ Analysis and Reverse engineering
Windows%20Internals%20Part%201_6th% Framework.
20Edition.pdf
binnavi - Binary analysis IDE for reverse
http://index-of.es/Linux/Other/Windows% engineering based on graph visualization.
20Internals%20Part%202_6th%20Edition.
pdf Binary ninja - A reversing engineering
platform that is an alternative to IDA.

https://www.unf.edu/~wkloster/2220/ppts/ Binwalk - Firmware analysis tool.

cprogramming_tutorial.pdf
BluePill - Framework for executing and
https://www.microsoft.com/en-us/research/ debugging evasive malware and protected
wp-content/uploads/1998/01/pal-manual. executables.
pdf
Capstone - Disassembly framework for
http://cosmicsoftware.com/pdf/Clanguage. binary analysis and reversing, with support
pdf for many architectures and bindings in
several languages.
https://public.support.unisys.com/
framework/publicterms.aspx?returnurl=% codebro - Web based code browser using
2faseries%2fdocs%2fclearpath-mcp-17.0% clang to provide basic code analysis.
2fpdf%2f86002268-206.pdf
Cutter - GUI for Radare2.
https://www-personal.acfr.usyd.edu.au/
tbailey/ctext/ctext.pdf DECAF (Dynamic Executable Code
Analysis Framework) - A binary analysis
http://www.cs.columbia.edu/~sedwards/ platform based on QEMU. DroidScope is
papers/sgi1999c.pdf now an extension to DECAF.

https://www.tutorialspoint.com/ dnSpy - .NET assembly editor, decompiler

cprogramming/cprogramming_tutorial.pdf and debugger.

http://cslibrary.stanford.edu/101/EssentialC. dotPeek - Free .NET Decompiler and

pdf Assembly Browser.
C Language
https://www.engr.uvic.ca/~mech410/ACAD_ Evan's Debugger (EDB) - A modular
and_C/c_reference.pdf debugger with a Qt GUI.

https://www.gnu.org/software/gnu-c- Fibratus - Tool for exploration and tracing

manual/gnu-c-manual.pdf of the Windows kernel.

https://www.youtube.com/watch?v= FPort - Reports open TCP/IP and UDP ports

KJgsSFOSQv0 in a live system and maps them to the
owning application.
https://www.youtube.com/watch?v=
8PopR3x-VMY
GDB - The GNU debugger.
https://www.youtube.com/watch?v=iT_
GEF - GDB Enhanced Features, for
553vTyzI
exploiters and reverse engineers.
https://www.youtube.com/watch?v=
Ghidra - A software reverse engineering (
EjavYOFoJJ0
SRE) framework created and maintained
by the National Security Agency Research
https://www.youtube.com/watch?v=-
Directorate.
CpG3oATGIs

https://www.youtube.com/watch?v= hackers-grep - A utility to search for strings

ZSPZob_1TOk in PE executables including imports,
exports, and debug symbols.

Hopper - The macOS and Linux

https://www.ic.unicamp.br/~pannain/ Disassembler.
mc404/aulas/pdfs/Art%20Of%20Intel%
20x86%20Assembly.pdf IDA Pro - Windows disassembler and
debugger, with a free evaluation version.
https://www.ic.unicamp.br/~ducatte/
mc404/2009/docs/beginner_avr.pdf IDR - Interactive Delphi Reconstructor is a
decompiler of Delphi executable files and
https://www.tutorialspoint.com/assembly_ dynamic libraries.
programming/assembly_tutorial.pdf
Immunity Debugger - Debugger for
http://www.ece.utep.edu/courses/web3376/
malware analysis and more, with a Python
Notes_files/ee3376-assembly.pdf
API.
http://www.egr.unlv.edu/~ed/assembly64.
ILSpy - ILSpy is the open-source .NET
pdf
assembly browser and decompiler.
https://docs.oracle.com/cd/E19457-01/801-
Kaitai Struct - DSL for file formats /
7045/801-7045.pdf
network protocols / data structures reverse
engineering and dissection, with code
http://www.staroceans.org/kernel-and-
generation for C++, C#, Java, JavaScript,
driver/The.Art.of.Assembly.Language.2nd.
Perl, PHP, Python, Ruby.
Edition.pdf

http://index-of.co.uk/Assembly/Assembly_ LIEF - LIEF provides a cross-platform library

Language_Step_by_Step_en.pdf to parse, modify and abstract ELF, PE and
MachO formats.
https://www.cs.princeton.edu/courses/
archive/spr18/cos217/lectures/13_Assembly1. ltrace - Dynamic analysis for Linux
pdf executables.

http://arantxa.ii.uam.es/~gdrivera/sed/docs/ mac-a-mal - An automated framework for

ARMBook.pdf mac malware hunting.

https://en.wikipedia.org/wiki/X86_ objdump - Part of GNU binutils, for static

assembly_language Debugging and Reverse Engineering analysis of Linux binaries.

https://github.com/Maijin/awesome-asm OllyDbg - An assembly-level debugger for

Windows executables.
https://www.youtube.com/watch?v=
75gBFiFtAb8 OllyDumpEx - Dump memory from (
unpacked) malware Windows process and
https://www.youtube.com/watch?v= store raw or rebuild PE file. This is a plugin
ViNnfoE56V8 for OllyDbg, Immunity Debugger, IDA Pro,
WinDbg, and x64dbg.
https://hackr.io/tutorials/learn-assembly-
Assembly
language PANDA - Platform for Architecture-Neutral
Dynamic Analysis.
https://www.coursera.org/lecture/build-a-
computer/unit-6-1-assembly-languages- PEDA - Python Exploit Development
and-assemblers-l4EGm Assistance for GDB, an enhanced display
with added commands.
https://www.dca.fee.unicamp.br/~leopini/
DISCIPLINAS/EA869/2018-1/c3-ARM-3.pdf pestudio - Perform static analysis of
Windows executables.
https://www.ic.unicamp.br/~ducatte/
mc404/2009/docs/beginner_pt.pdf Pharos - The Pharos binary analysis
framework can be used to perform
http://www.inf.furb.br/~maw/arquitetura/ automated static analysis of binaries.
aula16x4.pdf
plasma - Interactive disassembler for x86/
http://www4.inf.puc-rio.br/~inf1018// ARM/MIPS.
corrente/aulas/Assembly-Introducao.pdf
PPEE (puppy) - A Professional PE file
https://www.ic.unicamp.br/~pannain/ Explorer for reversers, malware researchers
mc404/aulas/pdfs/Art%20Of%20Intel% and those who want to statically inspect
20x86%20Assembly.pdf PE files in more detail.

https://www.tutorialspoint.com/assembly_
Process Explorer - Advanced task manager
programming/assembly_tutorial.pdf
for Windows.
http://www1.cs.columbia.edu/~sedwards/
Process Hacker - Tool that monitors
classes/2002/w4995-02/assembly.9up.pdf
system resources.
https://home.adelphi.edu/~siegfried/cs174/
Process Monitor - Advanced monitoring
174l2.pdf
tool for Windows programs.
https://home.adelphi.edu/~siegfried/cs174/
PSTools - Windows command-line tools
174l3.pdf
that help manage and investigate live
https://www2.southeastern.edu/ systems.
Academics/Faculty/kyang/2009/Fall/
CMPS293&290/ClassNotes/CMPS293& Pyew - Python tool for malware analysis.
290ClassNotesChap03.pdf
PyREBox - Python scriptable reverse
https://www.cs.dartmouth.edu/~sergey/ engineering sandbox by the Talos team at
cs258/tiny-guide-to-x86-assembly.pdf Cisco.

QKD - QEMU with embedded WinDbg

server for stealth debugging.

Radare2 - Reverse engineering framework,

with debugger support.

RegShot - Registry compare utility that

compares snapshots.

RetDec - Retargetable machine-code

decompiler with an online decompilation
service and API that you can use in your
tools.

ROPMEMU - A framework to analyze,

dissect and decompile complex code-
reuse attacks.

Scylla Imports Reconstructor - Find and fix

the IAT of an unpacked / dumped PE32
malware.

ScyllaHide - An Anti-Anti-Debug library

and plugin for OllyDbg, x64dbg, IDA Pro,
and TitanEngine.

SMRT - Sublime Malware Research Tool, a

plugin for Sublime 3 to aid with malware
analyis.

strace - Dynamic analysis for Linux

executables.

StringSifter - A machine learning tool that

automatically ranks strings based on their
relevance for malware analysis.

Triton - A dynamic binary analysis (DBA)

framework.

Udis86 - Disassembler library and tool for

x86 and x86_64.

Vivisect - Python tool for malware analysis.

WinDbg - multipurpose debugger for the

Microsoft Windows computer operating
system, used to debug user mode
applications, device drivers, and the kernel-
mode memory dumps.

X64dbg - An open-source x64/x32

debugger for windows.

Bro - Protocol analyzer that operates at

incredible scale; both file and network
protocols.

BroYara - Use Yara rules from Bro.

CapTipper - Malicious HTTP traffic explorer.

chopshop - Protocol analysis and

decoding framework.

CloudShark - Web-based tool for packet

analysis and malware traffic detection.

FakeNet-NG - Next generation dynamic

network analysis tool.

Fiddler - Intercepting web proxy designed

for "web debugging."

Hale - Botnet C&C monitor.

Haka - An open source security oriented

language for describing protocols and
applying security policies on (live)
captured traffic.

HTTPReplay - Library for parsing and

reading out PCAP files, including TLS
streams using TLS Master Secrets (used in
Cuckoo Sandbox).

INetSim - Network service emulation,

useful when building a malware lab.

Laika BOSS - Laika BOSS is a file-centric

malware analysis and intrusion detection
system.

Malcolm - Malcolm is a powerful, easily

deployable network traffic analysis tool
suite for full packet capture artifacts (PCAP
files) and Zeek logs.

Network Malcom - Malware Communications

Analyzer.

Maltrail - A malicious traffic detection

system, utilizing publicly available (black)
lists containing malicious and/or generally
suspicious trails and featuring an reporting
and analysis interface.

mitmproxy - Intercept network traffic on

the fly.

Moloch - IPv4 traffic capturing, indexing

and database system.

NetworkMiner - Network forensic analysis

tool, with a free version.

ngrep - Search through network traffic like

grep.

PcapViz - Network topology and traffic

visualizer.

Python ICAP Yara - An ICAP Server with

yara scanner for URL or content.

Squidmagic - squidmagic is a tool

designed to analyze a web-based network
traffic to detect central command and
control (C&C) servers and malicious sites,
using Squid proxy server and Spamhaus.

Tcpdump - Collect network traffic.

tcpick - Trach and reassemble TCP

streams from network traffic.

tcpxtract - Extract files from network

traffic.

Wireshark - The network traffic analysis

tool.

BlackLight - Windows/MacOS forensics

client supporting hiberfil, pagefile, raw
memory analysis.

DAMM - Differential Analysis of Malware in

Memory, built on Volatility.

evolve - Web interface for the Volatility

Memory Forensics Framework.

FindAES - Find AES encryption keys in

memory.

inVtero.net - High speed memory analysis

framework developed in .NET supports all
Windows x64, includes code integrity and
write support.

Muninn - A script to automate portions of

analysis using Volatility, and create a
readable report.

Memory Forensics Rekall - Memory analysis framework,

forked from Volatility in 2013.

TotalRecall - Script based on Volatility for

automating various malware analysis tasks.

VolDiff - Run Volatility on memory images

before and after malware execution, and
report changes.

Volatility - Advanced memory forensics

framework.

VolUtility - Web Interface for Volatility

Memory Analysis framework.

WDBGARK - WinDBG Anti-RootKit

Extension.

WinDbg - Live memory inspection and

kernel debugging for Windows systems.

Aleph - Open Source Malware Analysis

Pipeline System.

CRITs - Collaborative Research Into

Threats, a malware and threat repository.

FAME - A malware analysis framework

featuring a pipeline that can be extended
with custom modules, which can be
chained and interact with each other to
perform end-to-end analysis.

Malwarehouse - Store, tag, and search

Storage and Workflow malware.

Polichombr - A malware analysis platform

designed to help analysts to reverse
malwares collaboratively.

stoQ - Distributed content analysis

framework with extensive plugin support,
from input to output, and everything in
between.

Viper - A binary management and analysis

framework for analysts and researchers.

al-khaser - A PoC malware with good

intentions that aimes to stress anti-
malware systems.

CryptoKnight - Automated cryptographic

algorithm reverse engineering and
classification framework.

DC3-MWCP - The Defense Cyber Crime

Center's Malware Configuration Parser
framework.

FLARE VM - A fully customizable, Windows-

based, security distribution for malware
analysis.

MalSploitBase - A database containing

exploits used by malware.

Malware Museum - Collection of malware

programs that were distributed in the
1980s and 1990s.

Malware Organiser - A simple tool to

organise large malicious/benign files into a
organised Structure.

Pafish - Paranoid Fish, a demonstration

tool that employs several techniques to
detect sandboxes and analysis
environments in the same way as malware
families do.

REMnux - Linux distribution and docker

images for malware reverse engineering
and analysis.

Tsurugi Linux - Linux distribution designed

to support your DFIR investigations,
malware analysis and OSINT (Open Source
INTelligence) activities.

Santoku Linux - Linux distribution for

mobile forensics, malware analysis, and
security.

Learning Malware Analysis - Learning

Malware Analysis: Explore the concepts,
tools, and techniques to analuze and
investigate Windows malware

Malware Analyst's Cookbook and DVD -

Tools and Techniques for Fighting
Malicious Code.

Mastering Malware Analysis - Mastering

Malware Analysis: The complete malware
analyst's guide to combating malicious
software, APT, cybercime, and IoT attacks

Mastering Reverse Engineering - Mastering

Reverse Engineering: Re-engineer your
ethical hacking skills

Practical Malware Analysis - The Hands-On

Guide to Dissecting Malicious Software.

Practical Reverse Engineering -

Intermediate Reverse Engineering.

Real Digital Forensics - Computer Security

and Incident Response.

Rootkits and Bootkits - Rootkits and

Bootkits: Reversing Modern Malware and
Next Generation Threats

The Art of Memory Forensics - Detecting

Malware and Threats in Windows, Linux,
and Mac Memory.

The IDA Pro Book - The Unofficial Guide to

the World's Most Popular Disassembler.

The Rootkit Arsenal - The Rootkit Arsenal:

Escape and Evasion in the Dark Corners of
the System

APT Notes - A collection of papers and

notes related to Advanced Persistent
Threats.

Ember - Endgame Malware BEnchmark

for Research, a repository that makes it
easy to (re)create a machine learning
model that can be used to predict a score
for a PE file based on static analysis.
Resources
File Formats posters - Nice visualization of
commonly used file format (including PE &
ELF).

Honeynet Project - Honeypot tools, papers,

and other resources.

Kernel Mode - An active community

devoted to malware analysis and kernel
development.

Malicious Software - Malware blog and

resources by Lenny Zeltser.

Malware Analysis Search - Custom Google

search engine from Corey Harrell.

Malware Analysis Tutorials - The Malware

Analysis Tutorials by Dr. Xiang Fu, a great
resource for learning practical malware
analysis.

Malware Analysis, Threat Intelligence and

Reverse Engineering - Presentation
introducing the concepts of malware
analysis, threat intelligence and reverse
engineering. Experience or prior
knowledge is not required. Labs link in
description.

Malware Persistence - Collection of various

information focused on malware
persistence: detection (techniques),
response, pitfalls and the log collection (
tools).

Malware Samples and Traffic - This blog

focuses on network traffic related to
malware infections.

Malware Search+++ Firefox extension

allows you to easily search some of the
most popular malware databases

Practical Malware Analysis Starter Kit - This

package contains most of the software
referenced in the Practical Malware
Analysis book.

RPISEC Malware Analysis - These are the

course materials used in the Malware
Analysis course at at Rensselaer
Polytechnic Institute during Fall 2015.

WindowsIR: Malware - Harlan Carvey's

page on Malware.

Windows Registry specification - Windows

registry file format specification.

/r/csirt_tools - Subreddit for CSIRT tools

and resources, with a malware analysis flair.

/r/Malware - The malware subreddit.

/r/ReverseEngineering - Reverse
engineering subreddit, not limited to just
malware.

Android Security

AppSec

CTFs

Forensics

"Hacking"

Honeypots

Industrial Control System Security

Incident-Response

Infosec

PCAP Tools

Pentesting

Security

Threat Intelligence

YARA

https://github.com/fabacab/awesome-
malware

https://medium.com/@progression.official/
awesome-malware-analysis-24266e0cc348

https://www.youtube.com/watch?v=
rcA2tPp4nSU

https://www.youtube.com/watch?v=
uyjMgzqILoo

https://www.youtube.com/watch?v=
LIBaE6DEgM4

https://www.youtube.com/watch?v=
UB3pVTO5izU

https://www.youtube.com/watch?v=
aYQ4TIcGD2o

https://www.youtube.com/watch?v=
67vesKcxQOQ

Alexandre Borges https://www.youtube.com/watch?v=i_

xwrmDVzJU

https://www.youtube.com/watch?v=
bCaMuHAJcHw

https://www.youtube.com/watch?v=
1fk1t7wL1uI

https://www.youtube.com/watch?v=
WUOVRSZ9Kq4

https://www.youtube.com/watch?v=
20xYpxe8mBg

https://twitter.com/ale_sp_brazil

https://twitter.com/mer0x36

https://blog.trendmicro.com.br/author/
fernandom/

https://www.youtube.com/watch?v=
I06wFfgn5eE

https://www.youtube.com/watch?v=
cpU9U0sqzh4

https://www.youtube.com/watch?v=
PG510bhFgXY

https://www.youtube.com/watch?v=
bEV9Sc8ONXw
Fernando Mercês
https://www.youtube.com/watch?v=L_
WRNs2IAdY

https://www.youtube.com/watch?v=
fnIzyA047EA

https://www.youtube.com/watch?v=
Sp6Y83rdISo

https://www.youtube.com/watch?v=T-
EqzfafU80

https://www.youtube.com/watch?v=
p7nGGaTW9CQ

http://web.mit.edu/6.976/www/notes/
Notes1.pdf

https://www.incose.org/docs/default-
source/wasatch-chapter-documents/the-
big-happy-family-of-architectures-r0.pdf?
sfvrsn=613696c6_2

https://www.gaudisite.nl/
SystemArchitectureProcessPaper.pdf

https://mitocw.ups.edu.ec/courses/
aeronautics-and-astronautics/16-842-
fundamentals-of-systems-engineering-fall-
2015/lecture-notes/MTI16_842F15_Ses4_
Con_Syn.pdf

https://www.regjeringen.no/contentassets/
0de9ab36c5244c3ba9cbafa74c1876a2/
securityarchitecture-ecountingofpvotesv1_
1.pdf

https://www.kean.edu/~gchang/tech2920/
http___professor.wiley.com_CGI-BIN_
System Architecture JSMPROXY_DOCUMENTDIRECTORDEV+
DOCUMENTID&0471715425+
DOCUMENTSUBID&1+PRFVALNAME&pdfs_
ch02.pdf

https://incoseuk.org/Documents/zGuides/
Z8_System_Architecture.pdf

https://hal.archives-ouvertes.fr/hal-
01407372/document

https://en.wikipedia.org/wiki/Systems_
architecture#:~:text=A%20system%
20architecture%20is%20the,and%
20behaviors%20of%20the%20system.

https://thenewstack.io/primer-
understanding-software-and-system-
architecture/

https://www.sebokwiki.org/wiki/System_
Architecture

https://www.cs.sjtu.edu.cn/~kzhu/cs490/9/
9_MemMan.pdf

http://mit.bme.hu/~micskeiz/opre/files/eng/
03-operating-systems-windows-memory-
management.pdf

https://madoc.bib.uni-mannheim.de/3148/
1/
InternalsOfWindowsMemoryMangement2.
pdf

https://www.intellectualheaven.com/
Articles/WinMM.pdf

http://efreidoc.fr/L3/Operating%20System/
Cours/PDF/2010-11/2010-11.cours.13.
memory-management-in-windows-and-
linux.op.pdf

https://www.dc.fi.udc.es/~so-grado/2020-21/
Memory Management Temas/SO-Memoria.pdf

https://warwick.ac.uk/fac/sci/physics/
research/condensedmatt/imr_cdt/
students/david_goodwin/teaching/
operating_systems/l12_realos.pdf

http://www.tfzr.uns.ac.rs/Content/files/0/
Lab08.pdf

https://www2.latech.edu/~box/os/ch08.pdf

https://dcc.ufrj.br/~valeriab/SO-
VirtualMemory.pdf

http://www.cs.umsl.edu/~sanjiv/classes/
cs4760/lectures/memory.pdf

http://www.ifsc.usp.br/~lattice/oldlattice/
mod9.1.pdf