Malware Analysis Resources
This post encompasses all of the resources I have collected during my tenure as a cybersecurity professional and malware analyst. Although all of these resources may not be directly related to malware analysis, the information will assist in malware analysis efforts, in my opinion.
If any of the hyperlinks are out of date or you believe a resource can be added to the list, I’d be glad to add it if applicable. You can contact me and I will attempt to get back to you as soon as possible.
I will eventually move this master list to a more easily navigatable format such as seperate pages for each topic and subpages.
Last Updated: Jan 19, 2023
Table of Contents
- Books and PDFs
- Malware News Resources
- Misc. Resources
- Online Sandboxes and Analyzers
- Packer and Anti-Debug Resources
- PE Header Resources
- Supplemental Learning
- Tools
- Virtual Machines and Distros
Books and PDFs
This section encompasses all of the books geared towards malware analysis and also PDFs to supplement learning. The resources in this section are below.
Books:
Antivirus Bypass Techniques: Learn practical techniques and tactics to combat, bypass, and evade antivirus software (https://www.amazon.com/AntivirusBypass-Techniques-practical-techniques/dp/1801079749)
Applied Network Security Monitoring: Collection, Detection, and Analysis (https://www.amazon.com/Applied-Network-Security-Monitoring-Collection/dp/0124172083)
Art of Computer Virus Research and Defense (https://www.amazon.com/SZOR-VIRUS-DEFENSE-Symantec-Press-ebook/dp/B003DQ4WLQ/)
C Programming Language (https://www.amazon.com/Programming-Language-2nd-Brian-Kernighan/dp/0131103628)
C++ Programming Language (https://www.amazon.com/C-Programming-Language-4th/dp/0321563840)
Digital Forensics and Incident Response: Incident response techniques and procedures to respond to modern cyber threats, 2nd Edition (https://www.amazon.com/Digital-Forensics-Incident-Response-techniques-dp-183864900X/dp/183864900X/ref=mt_other?_encoding=UTF8&me=&qid=1589730602)
Digital Forensics with Open Source Tools (https://www.amazon.com/Digital-Forensics-Open-Source-Tools-dp-1597495867/dp/1597495867/ref=mt_other?_encoding=UTF8&me=&qid=1589730602)
Gray Hat Python (https://nostarch.com/ghpython.htm)
Hacker Disassembling Uncovered (https://www.amazon.com/Hacker-Disassembling-Uncovered-Kris-Kaspersky/dp/1931769648/)
Intel 64 and IA-32 Architectures Software Developer’s Manual Volume 2 (https://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia32-architectures-software-developer-instruction-set-reference-manual-325383.pdf)
Learning Malware Analysis (https://www.packtpub.com/product/learning-malware-analysis/9781788392501)
Malware Analysis Techniques (https://www.amazon.com/Malware-Analysis-Techniques-adversarial-software-ebook/dp/B093QJ9Q2B)
Malware Analysis and Detection Engineering (https://www.amazon.com/Malware-Analysis-Detection-Engineering-Comprehensive/dp/1484261925)
Malware Analyst’s Cookbook (https://www.amazon.com/dp/0470613033)
Malware Data Science (https://nostarch.com/malwaredatascience)
Malware Reverse Engineering Handbook (https://ccdcoe.org/library/publications/malware-reverse-engineering-handbook/)
Mastering Malware Analysis (https://www.packtpub.com/product/mastering-malware-analysis/9781789610789)
Mastering Reverse Engineering (https://www.packtpub.com/product/mastering-reverse-engineering/9781788838849)
Open Source Intelligence Techniques: Resources for Searching and Analyzing Online Information (https://www.amazon.com/Open-Source-IntelligenceTechniques-Information-dp-B09PHL6Q4G/dp/B09PHL6Q4G/ref=dp_ob_title_bk)
Practical Binary Analysis (https://nostarch.com/binaryanalysis)
Practical Forensic Imaging (https://nostarch.com/forensicimaging)
Practical Linux Forensics (https://nostarch.com/practical-linux-forensics)
Practical Malware Analysis (https://nostarch.com/malware)
- Samples (https://practicalmalwareanalysis.com/labs/)
Practical Mobile Forensics: Forensically investigate and analyze iOS, Android, and Windows 10 devices, 4th Edition (https://www.amazon.com/PracticalMobile-Forensics-Forensically-investigate/dp/183864752X/ref=tmm_pap_swatch_0?_encoding=UTF8&qid=&sr=)
Practical Packet Analysis (https://nostarch.com/packetanalysis3)
Practical Reverse Engineering (https://www.amazon.com/gp/product/1118787315/)
Programming Windows (https://www.amazon.com/Programming-Windows%C2%AE-Fifth-Microsoft/dp/157231995X/ref=ntt_at_ep_dpt_3/185-4090500-7860862)
RE4B/Understanding Assembly Language (https://challenges.re/handbook) (https://beginners.re/)
Real Digital Forensics (https://www.amazon.com/gp/product/0321240693)
Reversing Secrets of Reverse Engineering (https://www.amazon.com/Reversing-Secrets-Engineering-Eldad-Eilam/dp/0764574817)
Rootkits and Bootkits (https://nostarch.com/rootkits)
Rootkits: Subverting the Windows Kernel (https://www.amazon.com/Rootkits-Subverting-Windows-Greg-Hoglund/dp/0321294319/ref=sr_1_1?s=books&ie=UTF8&qid=1347658166&sr=1-1&keywords=Rootkits)
The Art of Assembly Language (https://nostarch.com/assembly2.htm)
The Art of Cyberwarfare (https://nostarch.com/art-cyberwarfare)
The Art of Mac Malware (https://nostarch.com/art-mac-malware)
The Art of Memory Forensics (https://www.amazon.com/dp/1118825098)
The Basics of Digital Forensics: The Primer for Getting Started in Digital Forensics (https://www.amazon.com/Basics-Digital-Forensics-Getting-Started-dp0128016353/dp/0128016353/ref=mt_other?_encoding=UTF8&me=&qid=1589730602)
The Ghidra Book (https://nostarch.com/GhidraBook)
The IDA Pro Book (https://nostarch.com/idapro2.htm)
The Practice of Network Security Monitoring: Understanding Incident Detection and Response (https://www.amazon.com/Practice-Network-SecurityMonitoring-Understanding-ebook/dp/B00E5REN34)
The Rootkit Arsenal (https://www.amazon.com/dp/144962636X)
Windows Internals Part 1 (https://www.microsoftpressstore.com/store/windows-internals-part-1-system-architecture-processes-9780735684188)
Windows Internals Part 2 (https://www.microsoftpressstore.com/store/windows-internals-part-2-9780135462331)
Windows Kernel Programming (https://leanpub.com/windowskernelprogramming)
- Samples (https://github.com/zodiacon/windowskernelprogrammingbook)
Windows Malware Analysis Essentials (https://www.amazon.com/Windows-Malware-Analysis-Essentials-Victor/dp/1785281518)
Windows System Programming (https://www.amazon.com/Programming-Paperback-Addison-Wesley-Microsoft-Technology/dp/0134382250)
PDFs:
Azeria ARM Assembly Basics Cheatsheet (https://azeria-labs.com/assembly-basics-cheatsheet/)
CodeBreakers Magazine Portable Executable File Format – A Reverse Engineer View (http://index-of.es/Windows/pe/CBM_1_2_2006_Goppit_PE_Format_Reverse_Engineer_View.pdf)
Common Ports (https://packetlife.net/media/library/23/common-ports.pdf)
Corkami PE File Infographics (https://github.com/corkami/pics)
- PE101 (https://raw.githubusercontent.com/corkami/pics/master/binary/PE101.png)
- PE102 (https://raw.githubusercontent.com/corkami/pics/master/binary/PE102.png)
DFIRonline Filesystem Cheatsheets (https://writeblocked.org/6Resources)
Ero Carrera’s PE File Format Graphs (http://blog.dkbza.org/)
Hunting Process Injection By Windows API Calls (https://malwareanalysis.co/wp-content/uploads/2019/11/Hunting-Process-Injection-by-Windows-APICalls.pdf)
iOSAppReverseEngineering (https://github.com/iosre/iOSAppReverseEngineering)
IDAPro Cheatsheet (https://www.hex-rays.com/products/ida/support/freefiles/IDA_Pro_Shortcuts.pdf)
Katjahahn Master’s Thesis: Robust Static Analysis of Portable Executable Malware (https://github.com/katjahahn/PortEx/blob/master/masterthesis/masterthesis.pdf)
- PortEx (https://github.com/katjahahn/PortEx)
Lenny Zeltser IT and Information Security Cheat Sheets (https://zeltser.com/cheat-sheets/)
Malware Analysis Co Windows Registry Forensics Mindmap (https://malwareanalysis.co/wp-content/uploads/2020/05/mindmap-forensics-windows-registrycheat-sheet-1-1024.jpg)
Reverse Engineering For Malware Analysis Cheat Sheet by @rootbsd (https://eforensicsmag.com/reverse_engi_cheatsheet/)
Reversing iOS Apps (https://s3.amazonaws.com/s3.synack.com/T2_reversingIOSApps.pdf)
SafeBreach Labs Windows Process Injection in 2019 (https://i.blackhat.com/USA-19/Thursday/us-19-Kotler-Process-Injection-Techniques-Gotta-CatchThem-All-wp.pdf)
SANS Posters & Cheat Sheets (https://www.sans.org/posters/?focus-area=digital-forensics)
Sekoia Rootkit Analysis Use Case on HideDRV (http://www.sekoia.fr/blog/wp-content/uploads/2016/10/Rootkit-analysis-Use-case-on-HIDEDRV-v1.6.pdf)
VX Underground Papers (https://vxug.fakedoma.in/papers.html)
X86 Opcode and Instruction Reference (http://ref.x86asm.net/)
X86 and amd64 instruction reference (https://www.felixcloutier.com/x86/)
X86-64 Intel Instruction set in JSON format (https://github.com/astocko/json-x86-64)
Malware News Resources
This section includes all resources for collecting relevant malware-related information. The subsections provided herein include:
- Blogs
- Forums
- Social Media
- Threat Intelligence
Blogs
This subsection encompasses all of the malware-related blogs. They are found below:
0xPat Blog (https://0xpat.github.io/)
AT&T Cybersecurity Blog (https://cybersecurity.att.com/blogs)
Anomali Blog (https://www.anomali.com/blog/category/malware)
Avast Blog (https://blog.avast.com/tag/malware)
Binary Reverse Engineering Blog (https://bin.re/)
BitDefender Blog (https://www.bitdefender.com/blog/)
BlackBerry ThreatVector Blog (https://blogs.blackberry.com/en#nav)
CISA US-CERT(https://www.cisa.gov/uscert)
Cert.pl News (https://cert.pl/en/news/)
Cisco Talos Intelligence Blog (https://blog.talosintelligence.com/)
ClamAV Blog (https://blog.clamav.net/)
Cofense Blog (https://cofense.com/blog/)
CrowdStrike Blog (https://www.crowdstrike.com/blog/)
CyberArk: Fantastic Rootkits: And Where to Find Them (https://www.cyberark.com/resources/threat-research-blog/fantastic-rootkits-and-where-to-find-them-part-1)
Cybereason Blog (https://www.cybereason.com/blog)
Dancho Danchev’s Blog (https://ddanchev.blogspot.com/)
DarkReading (https://www.darkreading.com/)
Didier Stevens Blog (https://blog.didierstevens.com/)
Emsisoft Blog (https://blog.emsisoft.com/en/)
Exploit Reversing (https://exploitreversing.com/)
FireEye Blogs (https://www.fireeye.com/blog.html)
ForcePoint Security Insights (https://www.forcepoint.com/blog)
Fortinet Blog (https://www.fortinet.com/blog)
Hacker News (https://thehackernews.com/search/label/Malware)
Hasherezade’s 1001 Nights (https://hshrzd.wordpress.com/)
Hexacorn Autostart (Persistence) Series (https://www.hexacorn.com/blog/category/autostart-persistence/)
Intel 471 Blog (https://intel471.com/blog)
Intezer Blog (https://www.intezer.com/blog/)
Intezer ELF Format Series (https://www.intezer.com/blog/research/executable-linkable-format-101-part1-sections-segments/)
Kaspersky Blog (https://www.kaspersky.com/blog/)
KnowBe4 Security Awareness Training Blog - Malware Blog (https://blog.knowbe4.com/topic/malware)
KrebsonSecurity (https://krebsonsecurity.com/)
Lenny Zeltser (https://zeltser.com/blog/)
Malware Must Die! Blog (https://blog.malwaremustdie.org/)
Malware Patrol Blog (https://www.malwarepatrol.net/onpatrol4malware-blog/)
Malware-Traffic-Analysis.Net (https://www.malware-traffic-analysis.net/)
Malware.News (https://malware.news/)
Malware.re Blog (https://blog.malware.re/)
MalwareFox Blog (https://www.malwarefox.com/blog/)
MalwareTech (https://www.malwaretech.com/)
Malwarebytes Labs (https://blog.malwarebytes.com/)
McAfee Blog (https://www.mcafee.com/blogs)
McAfee Labs (https://www.mcafee.com/blogs/other-blogs/mcafee-labs/)
Microsoft Security Blog (https://www.microsoft.com/security/blog/)
Packet Storm (https://packetstormsecurity.com/)
Palo Alto Networks Unit 42 (https://unit42.paloaltonetworks.com/)
Panda Security MediaCenter (https://www.pandasecurity.com/en/mediacenter/)
Proofpoint Threat Insight Blog (https://www.proofpoint.com/us/blog/threat-insight)
Rapid7 Blog (https://www.rapid7.com/blog/)
ReversingLabs Blog (https://blog.reversinglabs.com/blog)
Secplicity (https://www.secplicity.org/)
SecureWorks Blog (https://www.secureworks.com/blog)
SentinelOne Blog (https://www.sentinelone.com/)
Sophos Naked Security (https://nakedsecurity.sophos.com/)
Sucuri Blog (https://blog.sucuri.net/)
The Defender’s Guide (https://github.com/Defenders-Guide/TheDefendersGuide)
TheEvilBit Blog (https://theevilbit.github.io/beyond/)
ThreatPost (https://threatpost.com/)
Trend Micro News (https://www.trendmicro.com/en_us/research.html)
TrustWave SpiderLabs Blog (https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/)
UpGuard Blog (https://www.upguard.com/blog)
VMRay Blog (https://www.vmray.com/cyber-security-blog/)
Varonis Inside Out Security (https://www.varonis.com/blog)
VirusBay Blog (https://www.blog.virusbay.io/)
VirusBulletin Blog (https://www.virusbulletin.com/blog/)
VirusTotal Blog (https://blog.virustotal.com/)
Vitali Kremez (https://www.vkremez.com/)
Webroot Blog (https://www.webroot.com/blog/)
Winitor Articles (https://www.winitor.com/articles)
ZScaler Blog (https://www.zscaler.com/blogs)
Forums
This subsection encompasses all of the malware-related forums. They are found below:
0x00sec (https://0x00sec.org/)
Bleeping Computer.com Forums (https://www.bleepingcomputer.com/forums/f/25/anti-virus-anti-malware-and-privacy-software/)
Hack Forums (https://hackforums.net/forumdisplay.php?fid=229)
Malwarebytes Research Center Forums (https://forums.malwarebytes.com/forum/44-research-center/)
MalwareTips Community (https://malwaretips.com/)
r/ReverseEngineering (https://www.reddit.com/r/ReverseEngineering/)
RaidForums (https://raidforums.com/)
Social Media
This subsection encompasses all of the malware-related social media accounts. They are found below:
3xp0rt (https://twitter.com/3xp0rtblog)
Adam (https://twitter.com/Hexacorn)
Albert Zsigovits (https://twitter.com/albertzsigovits)
Alexander Sevstov (https://twitter.com/alexsevtsov)
Alexandre Borges (https://twitter.com/ale_sp_brazil)
Amigo-A (https://twitter.com/amigo_a_)
Andrew Case (https://twitter.com/attrc)
Aypex (https://twitter.com/AypexTools)
Binni Shah (https://twitter.com/binitamshah)
Brad (https://twitter.com/malware_traffic)
CERT Polska (https://twitter.com/cert_polska_en)
Charlie Miller (https://twitter.com/0xcharlie)
DarkFeed (https://twitter.com/ido_cohen2)
Glenn (https://twitter.com/hiddenillusion)
Hasherezade (https://twitter.com/hasherezade)
Ido Naor (https://twitter.com/idonaor1)
JAMESWT (https://twitter.com/JAMESWT_MHT)
Jakub Kroustek (https://twitter.com/JakubKroustek)
JaromirHorejsi (https://twitter.com/JaromirHorejsi)
Jimmy Wylie (https://twitter.com/mayahustle)
John Hammond (https://twitter.com/_JohnHammond)
Karsten Hahn (https://twitter.com/struppigel)
Lenny Zeltser (https://twitter.com/lennyzeltser)
Lukas Stefano (https://twitter.com/LukasStefanko)
MalShare (https://twitter.com/mal_share)
Malware Patrol (https://twitter.com/MalwarePatrol)
MalwareHunterTeam (https://twitter.com/malwrhunterteam)
Marcelo Rivero (https://twitter.com/MarceloRivero)
Mark Schloesser (https://twitter.com/repmovsb)
Matt Nelson (https://twitter.com/enigma0x3)
Michael Gillespie (https://twitter.com/demonslay335)
Microsoft Security Intelligence (https://twitter.com/MsftSecIntel)
Monnappa K A (https://twitter.com/monnappa22)
Reverse Engineering and More (https://twitter.com/re_and_more)
Richard Bejtlich (https://twitter.com/taosecurity)
Unit 42 (https://twitter.com/Unit42_Intel)
VirusBay (https://twitter.com/virusbay_io)
Vitali Kremez (https://twitter.com/vk_intel)
X0rz (https://twitter.com/x0rz)
idatips (https://twitter.com/idatips)
marc ochsenmeier (https://twitter.com/ochsenmeier)
patrick wardle (https://twitter.com/patrickwardle)
sigpwn (https://twitter.com/GHIDRA_RE)
tomchop (https://twitter.com/tomchop_)
volatility (https://twitter.com/volatility)
Threat Intelligence
This subsection encompasses all of the malware-related threat intelligence feeds, digestions, and exchanges. They are found below:
AlienVault (https://otx.alienvault.com/)
Blueliv (https://community.blueliv.com/#!/discover)
EternalLibrary Threat Actor Profiles (https://github.com/StrangerealIntel/EternalLiberty)
IBM X-Force Exchange (https://exchange.xforce.ibmcloud.com/activity/map)
MISP (https://www.misp-project.org/)
Maldatabase (https://maldatabase.com/)
Maltiverse (https://maltiverse.com/search)
OpenCTI (https://github.com/OpenCTI-Platform/opencti)
PulseDive (https://pulsedive.com/explore/)
RiskIQ (https://community.riskiq.com/home)
ThreatABLE (https://www.threatable.io/)
ThreatBook TI (https://threatbook.io/)
ThreatConnect (https://app.threatconnect.com/auth/index.xhtml)
threatfeeds.io (https://threatfeeds.io/)
Misc Resources
This section was created to include any resources that didn’t particularly fall into any other category. They are found below:
CyberChef (https://gchq.github.io/CyberChef/)
Data Converters:
- Branah (https://www.branah.com/ascii-converter)
- Calculators Tech (https://www.calculators.tech/ascii-to-decimal)
- CalculatorX (https://www.calculatorx.com/convert/number/ascii-hex-bin-dec-converter.htm)
- EasyUnitConverter (https://www.easyunitconverter.com/ascii-hex-binary-decimal-converter)
- IBM (https://www.ibm.com/docs/en/aix/7.1?topic=adapters-ascii-decimal-hexadecimal-octal-binary-conversion-table)
- OnlineHexTools (https://onlinehextools.com/)
- Rapid Tables (https://www.rapidtables.com/convert/number/ascii-hex-bin-dec-converter.html)
evil.site (https://evil.site/)
ExplainShell (https://explainshell.com/)
Gary Kessler’s File Signature Table (https://www.garykessler.net/library/file_sigs.html)
GlassWire (https://www.glasswire.com/)
GTFOBins (https://gtfobins.github.io/)
GuidedHacking: Injector (https://github.com/guided-hacking/GuidedHacking-Injector)
Hack+ (https://hack.plus/)
Hijack Libs (https://hijacklibs.net/)
MalAPI.io (https://malapi.io/)
IBM (https://www.ibm.com/docs/en/aix/7.1?topic=adapters-ascii-decimal-hexadecimal-octal-binary-conversion-table)
Indetectables (https://indetectables.net/)
Kernelmode.Info Forum (https://www.kernelmode.info/forum/)
LOTS-Project (https://lots-project.com/)
MITRE ATT&CK Matrix (https://attack.mitre.org/)
Maltiverse (https://maltiverse.com/search)
MalwareTech Creating a Simple Free Malware Analysis Environment (https://www.malwaretech.com/2017/11/creating-a-simple-free-malware-analysisenvironment.html)
MÖBIUS STRIP REVERSE ENGINEERING (https://www.msreverseengineering.com/)
Regex Tools:
- CyrilEx Regex Tester (https://extendsclass.com/regex-tester.html)
- Debuggex (https://www.debuggex.com/)
- MyRegexTester (https://myregextester.com/index.php)
- RegEx Tester (https://www.regextester.com/)
- RegExLib (https://regexlib.com/?AspxAutoDetectCookieSupport=1)
- RegExr (https://regexr.com/)
- Regex101 (https://regex101.com/)
- RegexGenerator++ (http://regex.inginf.units.it/)
- RegexGuide (https://regex.guide/)
- Regexper (https://regexper.com/)
- Rexv (http://www.rexv.org/)
Reverse Engineering Team (http://reteam.org/index.php)
Todd Cullum Research GIANT Intro of Windows Malware Analysis Tools (https://toddcullumresearch.com/2017/07/01/todds-giant-intro-of-windowsmalware-analysis-tools/)
Unprotect Project – Evasion Techniques (https://unprotect.it/)
Online Sandboxes and Analyzers
This section includes links to external websites that perform additional analysis from online sandboxes and online analysis tools. The types of online analyzers included in this section are as follows:
- Domain, URL, and IP Address Analyzers
- File Analyzers
- Hash Checkers
- Packer Analyzers
- Packet Analyzers
- Ransomware Analyzers and Tools
Domain, URL, and IP Address Analyzers
This subsection encompasses all of the online resources for analyzing domains, URLs, and IP Addresses. They are found below:
AbuseIPDB (https://www.abuseipdb.com/)
AlienVault (https://otx.alienvault.com/browse/global/pulses?include_inactive=0&sort=-modified&page=1)
BrightCloud (https://www.brightcloud.com/tools/url-ip-lookup.php)
CentrlOps Online Network Tools (https://centralops.net/co/)
CheckPhish (https://checkphish.ai/)
Desenmascara.me (http://desenmascara.me/)
DomainTools Whois Lookup (https://whois.domaintools.com/)
Dr. Web Check Link (https://vms.drweb.com/online/)
Email Veritas (https://www.emailveritas.com/url-checker)
FortiGuard Labs Web Filter Lookup (https://www.fortiguard.com/webfilter)
GoDaddy Whois Lookup (https://www.godaddy.com/whois)
Google Safe Browsing Status (https://transparencyreport.google.com/safe-browsing/search?hl=en)
IBM X-Force Exchange (https://exchange.xforce.ibmcloud.com/)
ICANN Lookup (https://lookup.icann.org/)
IPQualityScore Domain Reputation Test (https://www.ipqualityscore.com/domain-reputation)
IPVoid (https://www.ipvoid.com/)
IronScales Phishing URL Scanner (https://ironscales.com/free-url-scanner/#/)
Is It Hacked? (https://www.isithacked.com/)
IsItPhishing (https://isitphishing.org/)
Joe Sandbox URL Lookup (https://www.joesandbox.com/#windows)
Kaspersky Lookup (https://opentip.kaspersky.com/)
MXToolbox (https://mxtoolbox.com/domain/)
MalwareDomainList (https://www.malwaredomainlist.com/mdl.php)
MalwareURL (https://www.malwareurl.com/listing-urls.php)
McAfee TrustSource (https://www.trustedsource.org/)
Netcore Tools Blocklist Checker (https://grademyemail.co/email-blocklist-checker)
Network Solutions WHOIS Lookup (https://www.networksolutions.com/domains/whois)
Network Tools WHOIS lookup tool (https://network-tools.com/whois/)
Norton SafeWeb (https://safeweb.norton.com/)
OpenPhish (https://openphish.com/phishing_feeds.html)
Palo Alto Networks Test a Site (https://urlfiltering.paloaltonetworks.com/)
PhishTank (https://www.phishtank.com/)
Polyswarm.Network (https://polyswarm.network/)
Pulsedive (https://pulsedive.com/)
Quttera (https://quttera.com/)
RiskIQ (https://community.riskiq.com/home)
Robtex (https://www.robtex.com/)
ScamAdviser (https://www.scamadviser.com/)
SecurityTrails (https://securitytrails.com/#search)
Sucuri (https://sitecheck.sucuri.net/)
Symantec BlueCoat (https://sitereview.bluecoat.com/#/)
Talos IP & Domain Reputation (https://talosintelligence.com/reputation_center)
ThreatMiner (https://www.threatminer.org/)
ThreatSTOP (https://www.threatstop.com/check-ioc)
TrendMicro (https://global.sitesafety.trendmicro.com/)
URLScan (https://urlscan.io/)
URLVoid (https://www.urlvoid.com/)
VirusTotal (https://www.virustotal.com/gui/home/url)
WHOis[.]net(https://www.whois.net/)
Who[.]is (https://who.is/)
Whois[.]com (https://www.whois.com/whois/)
WhoisXMLAPI (https://main.whoisxmlapi.com/)
ZScaler (https://zulu.zscaler.com/)
zveloLIVE (https://tools.zvelo.com/)
File Analyzers
This subsection encompasses all of the online resources for file analysis. They are found below:
Amnpardaz Sandbox (Jevereg) (https://jevereg.amnpardaz.com/)
AntiScan.Me (https://antiscan.me/)
ANY.RUN (https://any.run/)
Analz (https://sandbox.anlyz.io/dashboard)
CAPE Sandbox (https://capesandbox.com/)
CheckPoint Research SandBlast (https://threatpoint.checkpoint.com/ThreatPortal/emulation)
Cuckoo Sandbox (https://sandbox.pikker.ee/)
Docguard (https://app.docguard.io/)
Dr. Web Scan File (https://vms.drweb.com/scan_file/?lng=en)
F-Secure (https://www.f-secure.com/us-en/business/support-and-downloads/submit-a-sample)
FileScan.IO (https://www.filescan.io/scan)
FortiGuard Online Scanner (https://www.fortiguard.com/faq/onlinescanner)
GateWatcher Intelligence (https://intelligence.gatewatcher.com/upload_sample/)
Hatching Triage (https://tria.ge/)
Hybrid Analysis (https://www.hybrid-analysis.com/)
IOBit (https://cloud.iobit.com/index.php)
IRIS-H Digital Forensics (https://iris-h.services/pages/submit)
InQuest Labs (https://labs.inquest.net/)
Intezer Analyze (https://analyze.intezer.com/)
Joe Sandbox (https://www.joesandbox.com/#windows)
Jotti’s Malware Scan (https://virusscan.jotti.org/)
Kaspersky OpenTip (https://opentip.kaspersky.com/)
Manalyzer (https://manalyzer.org/)
OPSWAT MetaDefender Cloud (https://metadefender.opswat.com/?lang=en)
PolySwarm (https://polyswarm.network/)
SecondWrite DeepView Sandbox (https://www.secondwrite.com/products/deepview-sandbox/)
ThreatPoint (https://threatpoint.checkpoint.com/ThreatPortal/emulation)
Threat Zone (https://app.threat.zone/scan)
TyLabs Quicksand (https://scan.tylabs.com/)
Valkyrie (https://valkyrie.comodo.com/)
VirScan (https://www.virscan.org/)
VirusTotal (https://www.virustotal.com/gui/home/upload)
Yomi By Yoroi (https://yomi.yoroi.company/upload)
Hash Checkers
This subsection encompasses all of the online resources for checking file hashes. They are found below:
Hashdd (https://hashdd.com/)
Name That Hash (https://nth.skerritt.blog/)
Malware Hash Registry (https://hash.cymru.com/)
Talos File Reputation (https://talosintelligence.com/talos_file_reputation)
Packer Analyzers
This subsection encompasses all of the online resources for analyzing packers within files. They are found below:
UnpacMe (https://www.unpac.me/#/)
Packet Analyzers
This subsection encompasses all of the online resources for packet analysis (PCAPs). They are found below:
A-Packets (https://apackets.com/upload)
MyCERT PCAP Analyzer (https://pcap.honeynet.org.my/v1/)
Online PCAP Viewer (https://fileproinfo.com/tools/viewer/pcap#)
PacketTotal (https://packettotal.com/)
Ransomware Analyzers and Tools
This subsection encompasses all of the online resources for ransomware analysis and decoding. They are found below:
CryptoTester (https://download.bleepingcomputer.com/demonslay335/CryptoTester.zip)
Emsisoft Free Ransomware Decryption Tool (https://www.emsisoft.com/ransomware-decryption-tools/)
ID Ransomware (https://id-ransomware.malwarehunterteam.com/)
Kaspersky Ransomware Decryptors (https://noransom.kaspersky.com/)
No More Ransom Crypto Sheriff (https://www.nomoreransom.org/crypto-sheriff.php?lang=en)
No More Ransom Decryption Tools (https://www.nomoreransom.org/en/decryption-tools.html)
Trend Micro Ransomware File Decryptor (https://success.trendmicro.com/solution/1114221-downloading-and-using-the-trend-micro-ransomware-filedecryptor)
Packer and Anti-Debug Resources
This section includes resources to help understand packers and how to unpack files that use packers. This section also includes resources to tackle antidebugging tricks and how they work. The list is:
Check Point Research Anti-Debug Tricks (https://anti-debug.checkpoint.com/)
GuidedHacking: Debugme (https://github.com/guided-hacking/anti-debugging)
Hasherezade’s Malware Unpacking Series (https://www.youtube.com/playlist?list=PL3CZ2aaB7m83eYTAVV2knNglB8I4y5QmH)
Malware Crypters – the Deceptive First Layer (https://blog.malwarebytes.com/threat-analysis/2015/12/malware-crypters-the-deceptive-first-layer/)
Pafish (https://github.com/a0rtega/pafish)
The Art of Unpacking (https://www.blackhat.com/presentations/bh-usa-07/Yason/Whitepaper/bh-usa-07-yason-WP.pdf)
The “Ultimate” Anti-Debugging Reference (https://anti-reversing.com/Downloads/Anti-Reversing/The_Ultimate_Anti-Reversing_Reference.pdf)
Tuts4You IDA Disassembler and Debugging Tutorials (https://forum.tuts4you.com/files/category/78-tutorials-documents/)
PE Header Resources
Understanding the Portable Executable file format for executables in Windows is crucial to understanding malware analysis, and more specifically, reverse engineering of files. As such, this section is supplied to provide useful resources on the PE file format and the inner workings of the PE Header. The resources are as follows:
An In-Depth Look into the Win32 Portable Executable File Format, Part 1 (https://bytepointer.com/resources/pietrek_in_depth_look_into_pe_format_pt1.htm)
An In-Depth Look into the Win32 Portable Executable File Format, Part 2 (https://bytepointer.com/resources/pietrek_in_depth_look_into_pe_format_pt2.htm)
Corkami PE File Infographics (https://github.com/corkami/pocs/tree/master/PE)
- PE Format page (https://github.com/corkami/docs/blob/master/PE/PE.md)
Infosec Institute’s Malware Researcher’s Handbook (https://resources.infosecinstitute.com/topic/2-malware-researchers-handbook-demystifying-pe-file/)
Ivanlef0u PE File Structure (https://ivanlef0u.fr/repo/madchat/vxdevl/papers/winsys/pefile/pefile.htm)
Johannes Plachy PE File Format (https://blog.kowalczyk.info/articles/pefileformat.html)
LIEF Format Tutorials (https://lief-project.github.io/doc/stable/tutorials/01_play_with_formats.html)
Malwology PE Structure (https://malwology.com/category/pe-structure/)
Microsoft Docs PE Format (https://docs.microsoft.com/en-us/windows/win32/debug/pe-format)
PE Format page (https://github.com/corkami/docs/blob/master/PE/PE.md)
Peering Inside the PE: A Tour of the Win32 Portable Executable File Format (https://docs.microsoft.com/en-us/previous-versions/ms809762(v=msdn.10)?redirectedfrom=MSDN)
Supplemental Learning
This section includes all resources to assist an analyst with learning malware analysis concepts including foundational concepts, certifications, additional malware samples to practice on, and much more. The subsections provided herein include:
- Certifications
- Malware Samples
- Reversing Crackmes
- Tutorials and Learning Guides
- Videos and Video Series
Certifications
This subsection encompasses all certifications related to malware analysis. They are found below:
MITRE ATT&CK Defender Training and Certifications (https://mad.mitre-engenuity.org/)
Zero2Automated (https://courses.zero2auto.com/)
CompTIA
CompTIA A+ (https://www.comptia.org/certifications/a)
CompTIA CASP+ (https://www.comptia.org/certifications/comptia-advanced-security-practitioner)
CompTIA CySA+ (https://www.comptia.org/certifications/cybersecurity-analyst)
CompTIA Network+ (https://www.comptia.org/certifications/network)
CompTIA PenTest+ (https://www.comptia.org/certifications/pentest)
CompTIA Security+ (https://www.comptia.org/certifications/security)
CREST
CREST Certified Host Intrusion Analyst (CCHIA) (https://www.crest-approved.org/certification-careers/crest-certifications/crest-certified-host-intrusion-analyst/)
CREST Certified Incident Manager (CCIM) (https://www.crest-approved.org/certification-careers/crest-certifications/crest-certified-incident-manager/)
CREST Certified Network Intrusion Analyst (CCNIA) (https://www.crest-approved.org/certification-careers/crest-certifications/crest-certified-network-intrusion-analyst/)
CREST Certified Simulated Attack Manager (CCSAM) (https://www.crest-approved.org/certification-careers/crest-certifications/crest-certified-simulated-attack-manager/)
CREST Certified Simulated Attack Specialist (CCSAS) (https://www.crest-approved.org/certification-careers/crest-certifications/crest-certified-simulated-attack-specialist/)
CREST Certified Threat Intelligence Manager (CCTIM) (https://www.crest-approved.org/certification-careers/crest-certifications/crest-certified-threat-intelligence-manager/)
CREST Practitioner Intrusion Analyst (CPIA) (https://www.crest-approved.org/certification-careers/crest-certifications/crest-practitioner-intrusion-analyst/)
CREST Practitioner Threat Intelligence Analyst (CPTIA) (https://www.crest-approved.org/certification-careers/crest-certifications/crest-practitioner-threat-intelligence-analyst/)
CREST Registered Intrusion Analyst (CRIA) (https://www.crest-approved.org/certification-careers/crest-certifications/crest-registered-intrusion-analyst/)
CREST Registered Threat Intelligence Analyst (CRTIA) (https://www.crest-approved.org/certification-careers/crest-certifications/crest-registered-threat-intelligence-analyst/)
EC-Council
Certified Encryption Specialist (ECES) (https://www.eccouncil.org/programs/ec-council-certified-encryption-specialist-eces/)
Certified Ethical Hacker (CEHv12) (https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/)
Certified Hacking Forensic Investigator (CHFI) (https://www.eccouncil.org/programs/computer-hacking-forensic-investigator-chfi/)
Certified Incident Handler (ECIHv2) (https://www.eccouncil.org/programs/ec-council-certified-incident-handler-ecih/)
Certified SOC Analyst (CSA) (https://www.eccouncil.org/programs/certified-soc-analyst-csa/)
Certified Threat Intelligence Analyst (CTIA) (https://www.eccouncil.org/programs/threat-intelligence-training/)
eLearnSecurity
eLearnSecurity Certified Digital Forensics Professional (eCDFP) (https://elearnsecurity.com/product/ecdfp-certification/)
eLearnSecurity Certified Incident Responder (eCIR) (https://elearnsecurity.com/product/ecir-certification/)
eLearnSecurity Certified Malware Analysis Professional (eCMAP) (https://elearnsecurity.com/product/ecmap-certification/)
eLearnSecurity Certified Penetration Tester eXtreme (eCPTX) (https://elearnsecurity.com/product/ecptx-certification/)
eLearnSecurity Certified Professional Penetration Tester (eCPPTv2) (https://elearnsecurity.com/product/ecpptv2-certification/)
eLearnSecurity Certified Threat Hunting Professional (eCTHPv2) (https://elearnsecurity.com/product/ecthpv2-certification/)
eLearnSecurity Certified eXploit Developer (eCXD) (https://elearnsecurity.com/product/ecxd-certification/)
eLearnSecurity Mobile Application Penetration Tester (eMAPT) (https://elearnsecurity.com/product/emapt-certification/)
eLearnSecurity Network Defense Professional (eNDP) (https://elearnsecurity.com/product/endp-certification/)
eLearnSecurity Web Defense Professional (eWDP) (https://elearnsecurity.com/product/ewdp-certification/)
eLearnSecurity Web application Penetration Tester (eWPT) (https://elearnsecurity.com/product/ewpt-certification/)
eLearnSecurity Web application Penetration Tester eXtreme (eWPTXv2) (https://elearnsecurity.com/product/ewptxv2-certification/)
Mossé Cyber Security Institute (MCSI)
Certified DFIR Specialist (MDFIR) (https://www.mosse-institute.com/certifications/mdfir-certified-dfir-specialist.html)
Certified Deobfuscation Expert (MCD) (https://www.mosse-institute.com/certifications/mcd-certified-code-deobfuscation-specialist.html)
Certified Exploitation Analyst (MVRE) (https://www.mosse-institute.com/certifications/mvre-vulnerability-researcher-and-exploitation-specialist.html)
Certified Reverse Engineer (MRE) (https://www.mosse-institute.com/certifications/mre-certified-reverse-engineer.html)
Certified Threat Hunter (MTH) (https://www.mosse-institute.com/certifications/mth-certified-threat-hunter.html)
Certified Threat Intel Analyst (MTIA) (https://www.mosse-institute.com/certifications/mtia-certified-threat-intelligence-analyst.html)
Offensive Security
EXP-301 - Windows User Mode Exploit Development (OSED) (https://www.offensive-security.com/exp301-osed/)
EXP-312 - Evasion Techniques and Breaching Defenses (OSMR) (https://www.offensive-security.com/exp312-osmr/)
EXP-401 - Advanced Windows Exploitation (OSEE) (https://www.offensive-security.com/awe-osee/)
PEN-200 - Offensive Security Certified Professional (OSCP) (https://www.offensive-security.com/pwk-oscp/)
PEN-300 - Evasion Techniques and Breaching Defenses (OSEP) (https://www.offensive-security.com/pen300-osep/)
WEB-200 - Web Attacks with Kali Linux (OSWA) (https://www.offensive-security.com/web200-oswa/)
WEB-300 - Advanced Web Attacks and Exploitation (OSWE) (https://www.offensive-security.com/awae-oswe/)
SANS/GIAC
FOR308 – Digital Forensics Essentials (https://www.sans.org/cyber-security-courses/digital-forensics-essentials)
FOR498 – Battlefield Forensics & Data Acquisition (https://www.sans.org/cyber-security-courses/battlefield-forensics-and-data-acquisition/)
FOR500 – Windows Forensics (https://www.sans.org/cyber-security-courses/windows-forensic-analysis)
FOR508 – Advanced Incident Response, Threat Hunting, and Digital Forensics (https://www.sans.org/cyber-security-courses/advanced-incident-response-threat-hunting-training/)
FOR509 – Enterprise Cloud Forensics and Incident Response (https://www.sans.org/cyber-security-courses/enterprise-cloud-forensics-incident-response/)
FOR518 – Mac and iOS Forensic Analysis and Incident Response (https://www.sans.org/cyber-security-courses/mac-and-ios-forensic-analysis-and-incident-response/)
FOR528 – Ransomware for Incident Responders (https://www.sans.org/cyber-security-courses/ransomware-incident-responders/)
FOR572 – Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response (https://www.sans.org/cyber-security-courses/advanced-network-forensics-threat-hunting-incident-response/)
FOR578 – Cyber Threat Intelligence (https://www.sans.org/cyber-security-courses/cyber-threat-intelligence/)
FOR585 – Smartphone Forensic Analysis In-Depth (https://www.sans.org/cyber-security-courses/advanced-smartphone-mobile-device-forensics/)
FOR608 – Enterprise-Class Incident Response & Threat Hunting (https://www.sans.org/cyber-security-courses/enterprise-incident-response-threat-hunting/)
FOR610 – Reverse-Engineering Malware: Malware Analysis Tools and Techniques (https://www.sans.org/cyber-security-courses/reverse-engineering-malware-malware-analysis-tools-techniques/)
FOR710 – Reverse-Engineering Malware: Advanced Code Analysis (https://www.sans.org/cyber-security-courses/reverse-engineering-malware-advanced-code-analysis)
SEC487 – Open-Source Intelligence (OSINT) Gathering and Analysis (https://www.sans.org/cyber-security-courses/open-source-intelligence-gathering/)
SEC505 – Securing Windows and PowerShell Automation (https://www.sans.org/cyber-security-courses/securing-windows-with-powershell/)
SEC555 – SIEM with Tactical Analytics (https://www.sans.org/cyber-security-courses/siem-with-tactical-analytics/)
SEC599 – Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses (https://www.sans.org/cyber-security-courses/defeating-advanced-adversaries-kill-chain-defenses/)
Malware Samples
This subsection encompasses all of the online resources to acquire real malware samples and challenges related to malware behavior for additional practice. They are found below:
ANY.RUN Malware Trends (https://any.run/malware-trends/)
APTMalware (https://github.com/cyber-research/APTMalware)
Cantagio Malware Dump (https://contagiodump.blogspot.com/)
CyberCrime Tracker (http://cybercrime-tracker.net/vx.php)
Da2dalus - The MALWARE Repo (https://github.com/Da2dalus/The-MALWARE-Repo)
Das Malwerk (https://dasmalwerk.eu/)
ESET Research Malware IoCs (https://github.com/eset/malware-ioc)
executemalwre Malware-IOCs (https://github.com/executemalware/Malware-IOCs)
Fabrimagic72: malware samples (https://github.com/fabrimagic72/malware-samples)
InQuest Labs (https://labs.inquest.net/dfi/search/ext/ext_code##eyJyZXN1bHRzIjpbIn4iLCJmaXJzdFNlZW4iLDEsIiIsW11dfQ==)
InQuest Labs Malware Samples (https://github.com/InQuest/malware-samples)
jstrosch malware-samples (https://github.com/jstrosch/malware-samples)
MalShare (https://malshare.com/index.php)
Malpedia (https://malpedia.caad.fkie.fraunhofer.de/)
Malware Traffic Analysis (https://www.malware-traffic-analysis.net/)
MalwareBazaar Database (https://bazaar.abuse.ch/browse/)
MalwareMustDie (https://www.mediafire.com/malwaremustdie)
Mr. Malware MalwareSamples (https://github.com/MalwareSamples) and (https://www.virussamples.com/)
Objective-See Mac Malware (https://objective-see.com/malware.html)
PolySwarm (https://polyswarm.network/)
Practical Malware Analysis Labs for Book (https://practicalmalwareanalysis.com/labs/)
Reverse Shell Generator (https://www.revshells.com/)
TekDefense (http://www.tekdefense.com/downloads/malware-samples/)
Tuts4you (https://forum.tuts4you.com/files/categories/)
VX Underground (https://vx-underground.org/samples.html)
VXVault (http://vxvault.net/ViriList.php)
VirusBay (https://beta.virusbay.io/)
VirusShare (https://virusshare.com/)
VirusSign (https://www.virussign.com/downloads.html)
Volatility Memory Samples (https://github.com/volatilityfoundation/volatility/wiki/Memory-Samples)
Yomi by Yoroi (https://yomi.yoroi.company/submissions/public)
theZoo AKA Malware DB (https://thezoo.morirt.com/)
Reversing Crackmes
This subsection encompasses all of the online resources to acquire reverse engineering samples and challenges for additional practice. They are found below:
crackmes.one (https://crackmes.one/)
CTFLearn (https://ctflearn.com/user/login?next=%2Fdashboard)
flAWS Challange (http://flaws.cloud/)
HackTheBox (https://www.hackthebox.com/)
Malware Traffic Analysis (https://www.malware-traffic-analysis.net/)
MalwareTech Beginner Malware Reversing Challenges (https://www.malwaretech.com/beginner-malware-reversing-challenges)
Malwarebytes CrackMe (https://blog.malwarebytes.com/malwarebytes-news/2017/11/how-to-solve-the-malwarebytes-crackme-a-step-by-step-tutorial/)
Malwarebytes CrackMe 2 (https://blog.malwarebytes.com/security-world/2018/04/malwarebytes-crackme-2-another-challenge/)
- Malwarebytes CrackMe2 Summary (https://blog.malwarebytes.com/malwarebytes-news/2018/05/malwarebytes-crackme-2-contest-summary/)
PWN.TN (https://pwn.tn/)
pwnable.kr (http://pwnable.kr/)
pwnable.tw (https://pwnable.tw/challenge/)
Reverse Engineering Challenges (https://challenges.re/)
Reversing.Kr (http://reversing.kr/challenge.php)
The Flare-On Challenge (http://flare-on.com/)
SANS Holiday Hack Challenge (Insert year) (https://holidayhackchallenge.com/2020/)
Tutorials, Learning Guides, and Training
This subsection encompasses all of the online tutorials and guided learning resources, which could include videos not included in the videos subsection. They are found below:
0xInfection: Reverse Engineering For Everyone (https://0xinfection.github.io/reversing/)
0xPat Malware Development Tutorial (https://0xpat.github.io/)
Android App Reverse Engineering 101 (https://www.ragingrock.com/AndroidAppRE/)
Antisyphon Training (https://www.antisyphontraining.com/)
Attack Defense (https://attackdefense.com)
BOLO : Reverse Engineering
- Part 1 (https://infosecwriteups.com/bolo-reverse-engineering-part-1-basic-programming-concepts-f88b233c63b7)
- Part 2 (https://medium.com/@danielabloom/bolo-reverse-engineering-part-2-advanced-programming-concepts-b4e292b2f3e)
Binary Bomb Lab (http://zpalexander.com/binary-bomb-lab-phase-1/)
Blue Cape Security (https://bluecapesecurity.com/)
Blue Team Labs (https://blueteamlabs.online/)
CNIT 126: Practical Malware Analysis (https://samsclass.info/126/126_S17.shtml)
CS6038/CS5138 Malware Analysis; Department of Electrical Engineering and Computing Systems; College of Engineering and Applied Science; University of Cincinnati (https://class.malware.re/)
- YouTube videos (https://www.youtube.com/playlist?list=PLFvh_k-n27CnAyfsMDowQmogkG5MbZkXz)
CTF Time (https://ctftime.org/)
CyberDefenders (https://cyberdefenders.org/)
Cybrary (https://www.cybrary.it/)
FireEye Trainings (https://www.fireeye.com/services/training/courses.html)
GuidedHacking What is reverse engineering? (https://guidedhacking.com/threads/ghb2-beginners-guide-to-reverse-engineering.13446/)
HackerSploit (https://hackersploit.org/)
HackerSploit Academy (https://hackersploit.academy/)
Hasherezade Injection Techniques Demos (https://github.com/hasherezade/demos)
PE Injection Demos (https://gist.github.com/hasherezade/e6daa4124fab73543497b6d1295ece10#file-injection_demos-md)
GuidedHacking (https://guidedhacking.com/)
Hasherezade Malware Training Vol 1 (https://github.com/hasherezade/malware_training_vol1)
Hasherezade’s Windows Kernel Exploitation
- Part 1 (https://hshrzd.wordpress.com/2017/05/28/starting-with-windows-kernel-exploitation-part-1-setting-up-the-lab/)
- Part 2 (https://hshrzd.wordpress.com/2017/06/05/starting-with-windows-kernel-exploitation-part-2/)
- Part 3 (https://hshrzd.wordpress.com/2017/06/22/starting-with-windows-kernel-exploitation-part-3-stealing-the-access-token/)
ImmersiveLabs (https://www.immersivelabs.com/)
INE (https://ine.com/)
InfoSec Institute Skills (https://www.infosecinstitute.com/skills/)
Malware Analysis - CSCI 4976 (https://github.com/RPISEC/Malware)
Malware Analysis for N00bs (https://drive.google.com/file/d/1lSEps7jDX6an_iXJ0Wokdjh0rnBgY9l7/view)
Malware Unicorn (https://malwareunicorn.org/#/workshops)
MalwareTech Inline Hooking for Programmers
- Part 1 (https://www.malwaretech.com/2015/01/inline-hooking-for-programmers-part-1.html)
- Part 2 (https://www.malwaretech.com/2015/01/inline-hooking-for-programmers-part-2.html)
MemLabs (https://github.com/stuxnet999/MemLabs)
MyTechnoTalent: Reverse Engineering (https://github.com/mytechnotalent/Reverse-Engineering)
National Initiative for Cybersecurity Careers and Studies (https://niccs.cisa.gov/)
Nightmare by guyinatuxedo (https://guyinatuxedo.github.io/)
NTAPI Undocumented Functions (http://undocumented.ntinternals.net/)
OALabs (https://oalabs.openanalysis.net/)
- YouTube Videos (https://www.youtube.com/channel/UC–DwaiMV-jtO-6EvmKOnqg)
Odzhan Injection Methods (https://github.com/odzhan/injection)
Offensive Software Exploitation Course (https://exploitation.ashemery.com/)
Open Security Training (https://opensecuritytraining.info/Training.html)
0verflo0w.podia.com - Beginner Malware Analysis Course (https://0verfl0w.podia.com/)
OverTheWire Wargames (https://overthewire.org/wargames/)
- Maze (https://overthewire.org/wargames/maze/)
- Vortex (https://overthewire.org/wargames/vortex/)
- Semtex (https://overthewire.org/wargames/semtex/)
- Manpage (https://overthewire.org/wargames/manpage/)
- Drifter (https://overthewire.org/wargames/drifter/)
PE Injection Demos (https://gist.github.com/hasherezade/e6daa4124fab73543497b6d1295ece10#file-injection_demos-md)
Pentester Academy (https://www.pentesteracademy.com/)
PentesterLab (https://pentesterlab.com/)
Pluralsight (https://www.pluralsight.com/)
pwn.college (https://pwn.college/)
R4ndom’s Beginning Reverse Engineering Tutorials (https://legend.octopuslabs.io/sample-page.html)
RangeForce (https://www.rangeforce.com/)
Red Teaming Techniques & Experiments: Code & Process Injection (https://www.ired.team/offensive-security/code-injection-process-injection)
Reverse Engineering for Beginners (https://www.begin.re/)
RomainThomas: Reverse Engineering Workshop (https://github.com/romainthomas/reverse-engineering-workshop)
Root-me (https://www.root-me.org/)
Sektor7 Institute (https://institute.sektor7.net/)
SpecterOps Methodology for Static Reverse Engineering of Windows Kernel Drivers (https://posts.specterops.io/methodology-for-static-reverseengineering-of-windows-kernel-drivers-3115b2efed83)
Ten Process Injection Techniques (https://www.elastic.co/blog/ten-process-injection-techniques-technical-survey-common-and-trending-process)
ThisIsSecurity (https://thisissecurity.stormshield.com/)
Try Hack Me Malware Analysis (https://tryhackme.com/module/malware-analysis)
Win32 Assembler Coding for Crackers (http://woodmann.com/accessroot/arteam/site/e107_plugins/download/download.php?action=view&id=173)
Win32 Assembly Tutorials (https://web.archive.org/web/20171110201344/http://win32assembly.programminghorizon.com/tutorials.html)
Videos and Video Series
This subsection encompasses all of the videos and video series found online related to malware and malware analysis. They are found below:
A reversing tutorial for newbies by lena151 (Part 1 of series) (https://www.youtube.com/watch?v=wqzZB31zDSs&list=PLcFUp5WYCxVYeR7AgsmjzGW6PjamaY6JO)
Black Hat Process Injection Techniques (https://www.youtube.com/watch?v=xewv122qxnk)
Colin Hardy Malware Videos (https://www.youtube.com/c/ColinHardy/playlists)
Dr. Josh Stroschein (https://www.youtube.com/@jstrosch)
DuMp-GuY TrIcKsTeR Videos (https://www.youtube.com/c/DuMpGuYTrIcKsTeR/playlists)
HackerSploit Malware Analysis Bootcamp (https://www.youtube.com/watch?v=uHhKkLwT4Mk&list=PLBf0hzazHTGMSlOI2HZGc08ePwut6A2Io)
Hasherezade Videos (https://www.youtube.com/c/hasherezade/playlists)
Intro to x86 Assembly Language (Part 1) (6 part series) (https://www.youtube.com/watch?v=wLXIWKUWpSs)
Introduction to Windbg and Debugging Windows (https://www.youtube.com/playlist?list=PLhx7-txsG6t6n_E2LgDGqgvJtCHPL7UFu)
MalwareAnalysisForHedgehogs (https://www.youtube.com/channel/UCVFXrUwuWxNlm6UNZtBLJ-A)
Malware Analysis Workshop - Dissecting the WannaCry Ransomware - ITC SOC Analyst Course (https://www.youtube.com/watch?v=F0Yx7GhqKXI)
Marcus Hutchins (https://www.youtube.com/c/MalwareTechBlog/playlists)
Michael Gillespie (https://www.youtube.com/user/Demonslay335)
Modern x64 Assembly Language (https://www.youtube.com/playlist?list=PLKK11Ligqitg9MOX3-0tFT1Rmh3uJp7kA)
Monnappa K A (https://www.youtube.com/c/MonnappaKA/videos)
OALabs (https://www.youtube.com/c/OALabs/videos)
Oh My Malware! (https://ohmymalware.com/)
Ring Zero Labs - Malware Analysis (https://www.youtube.com/playlist?list=PLrJFR89Z-9SAzVHvcg6Q1uKnLXEVO3DSg)
SANS DFIR (https://www.youtube.com/c/SANSDigitalForensics/featured)
Unpacking ASPack Manually (https://www.youtube.com/watch?v=Oejq7_mH3IM)
Unpacking PECompact Manually (https://www.youtube.com/watch?v=TPcQpS8niIM)
Unpacking UPX Manually (https://www.youtube.com/watch?v=vR3K2t2UYZY)
X86 Assembly Crash Course (https://www.youtube.com/watch?v=75gBFiFtAb8)
Tools
This section includes all of the known tools that are useful for malware analysis. This list may include tools that are deprecated or have limited use as of this writing. The tools are split into their respective functionality. They are as follows:
- Debuggers and Disassemblers
- Dynamic Analysis Tools
- Editors
- Extractors, (De)obfuscators, and (Un)packers
- Frameworks
- Incident Response Tools
- Memory Forensic Tools
- Network Tools
- Security Researcher Toolsets
- Static Analysis Tools
- String and Metadata Tools
- Visual Analysis Tools
Debuggers, Disassemblers, and Decompilers
This subsection encompasses all of the disassembler and debugger tools. They are found below:
Apktool (https://ibotpeaches.github.io/Apktool/)
Binary Ninja (https://binary.ninja/)
CFR (http://www.benf.org/other/cfr/)
Capstone (https://www.capstone-engine.org/)
Cutter (https://cutter.re/)
DisSharp .NET Decompiler (http://netdecompiler.com/)
diStorm3 (https://github.com/gdabah/distorm)
dnSpy (https://github.com/dnSpy/dnSpy)
dirtyJOE (http://dirty-joe.com/)
Dotnet IL Editor (DILE) (https://sourceforge.net/projects/dile/)
dotPeek (https://www.jetbrains.com/decompiler/)
GDB GNU Debugger (https://www.gnu.org/software/gdb/)
Ghidra (https://ghidra-sre.org/)
Hiew (http://hiew.ru/)
Hopper (https://www.hopperapp.com/)
IDA (https://hex-rays.com/)
IDR (https://github.com/crypto2011/IDR)
ILSpy (https://github.com/icsharpcode/ILSpy)
Immunity Debugger (https://www.immunityinc.com/products/debugger/)
JPEXS (https://github.com/jindrapetrik/jpexs-decompiler)
Java Decompiler Project (https://java-decompiler.github.io/)
JustDecompile (https://www.telerik.com/products/decompiler.aspx)
Luyten (https://github.com/deathmarine/Luyten)
.NET Reflector (https://www.red-gate.com/products/dotnet-development/reflector/)
OllyDbg (https://www.ollydbg.de/)
PB DeCompiler (http://www.mis2erp.com/pageen.html)
Python Dumpers and Decompilers
- Dbug (AutoIT Debugger) (https://www.autoitscript.com/forum/files/file/407-dbug-another-debugger-for-autoit/)
- Easy Python Decompiler (https://sourceforge.net/projects/easypythondecompiler/)
- Py2Exe Binary Editor (https://sourceforge.net/projects/p2ebe/)
- Py2Exe Dumper (https://sourceforge.net/projects/py2exedumper/)
- Pycdc (https://github.com/zrax/pycdc)
- Pydumpck (https://pypi.org/project/pydumpck/)
- PyInstaller Extractor (https://github.com/extremecoders-re/pyinstxtractor)
- Pyinstxtractor (https://github.com/extremecoders-re/pyinstxtractor)
- Uncompyle6 (https://pypi.org/project/uncompyle6/)
Radare2 (https://rada.re/n/)
ReFox (http://www.refox.net/)
RetDec (https://github.com/avast/retdec)
revng-c decompiler (https://rev.ng/)
ShuDepb (https://www.pb-decompiler.com/shudepb_en.asp)
Simple Assembly Explorer (https://github.com/wickyhu/simple-assembly-explorer/releases)
VB Decompiler (https://www.vb-decompiler.org/)
WinDBG (https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/debugger-download-tools)
X64dbg (https://x64dbg.com/#start)
Plugins and Extensions
anhkgg awesome-windbg-extensions (https://github.com/anhkgg/awesome-windbg-extensions)
fr0gger Awesome IDA, Ghidra, x64DBG & OllyDBG plugins (https://github.com/fr0gger/awesome-ida-x64-olly-plugin)
IDA
AlphaGoLang (https://github.com/SentineLabs/AlphaGolang)
Capa Explorer (https://github.com/mandiant/capa/blob/master/capa/ida/plugin/README.md)
Diaphora (https://github.com/joxeankoret/diaphora)
efiXplorer (https://github.com/binarly-io/efiXplorer)
FLARE-Emu (https://github.com/mandiant/flare-emu)
FLARE-IDA (https://github.com/mandiant/flare-ida)
HashDB (https://github.com/OALabs/hashdb-ida)
GDB
GEF (https://github.com/hugsy/gef)
peda (https://github.com/longld/peda)
pwndbg (https://github.com/pwndbg/pwndbg)
X64DBG
DbgChild (https://github.com/therealdreg/DbgChild)
Scylla (https://github.com/NtQuery/Scylla)
ScyllaHide (https://github.com/x64dbg/ScyllaHide)
SwissArmyKnife (https://github.com/Nukem9/SwissArmyKnife)
TitanHide (https://github.com/mrexodia/TitanHide)
x64dbg Plugins (https://github.com/x64dbg/x64dbg/wiki/Plugins)
Dynamic Analysis Tools
This subsection encompasses all of the tools used for dynamic analysis. They are found below:
APIMiner (https://github.com/poona/APIMiner)
API Monitor (http://www.rohitab.com/apimonitor#Download)
CMD Watcher (https://www.kahusecurity.com/posts/cmd_watcher_updated.html)
Event Log Explorer (https://eventlogxp.com/)
Pinitor (https://rayanfam.com/topics/pinitor/)
Process Hacker (https://processhacker.sourceforge.io/)
Reflective DLL Injection (https://github.com/stephenfewer/ReflectiveDLLInjection)
RegShot (https://sourceforge.net/projects/regshot/)
Rundll32 (LOLBin) (https://lolbas-project.github.io/lolbas/Binaries/Rundll32/)
- Other LOLBin binaries and scripts: https://lolbas-project.github.io/
SysAnalyzer (https://github.com/dzzie/SysAnalyzer)
Windows Sysinternals (https://docs.microsoft.com/en-us/sysinternals/)
Winja (https://m.majorgeeks.com/files/details/winja.html)
Editors
This subsection encompasses all of the editors to assist in malware analysis and code analysis. They are found below:
010 Editor (https://www.sweetscape.com/010editor/)
Atom (https://atom.io/)
AutoIt (https://www.autoitscript.com/site/)
Notepad++ (https://notepad-plus-plus.org/downloads/)
Sublime Text (https://www.sublimetext.com/)
Extractors, (De)obfuscators, and (Un)packers
This subsection encompasses all of the tools used by a malware analyst for extractor embedded resources, obfuscators and deobfuscators, and packers and unpackers. They are found below:
AsPack (http://www.aspack.com/)
AutoIT Extractor (https://gitlab.com/x0r19x91/autoit-extractor)
ConfuserEx (https://mkaring.github.io/ConfuserEx/)
Crinkler (https://in4k.github.io/wiki/crinkler)
De4dot (https://github.com/de4dot/de4dot)
Enigma (https://enigmaprotector.com/)
ExcelDna-Unpack (https://github.com/augustoproiete/exceldna-unpack)
Exe2Aut (http://domoticx.com/autoit3-decompiler-exe2aut/)
Exe Stealth Protector (http://www.webtoolmaster.com/exe\stealth.htm)
FSG v.20 (https://board.flatassembler.net/topic.php?p=10294)
GUnPacker (https://webscene.ir/tools/show/GUnPacker-v0.5)
Heavily Obfuscated UnConfuserEx Tool (https://gist.github.com/Rottweiler/44fe4461a4552acf303a)
IcedID Decryptor (https://github.com/matthewB-huntress/IcedID)
Innoextract (https://constexpr.org/innoextract/)
MPRESS (https://www.autohotkey.com/mpress/mpress_web.htm)
monomorph (https://github.com/DavidBuchanan314/monomorph)
MultiExtractor (https://www.multiextractor.com/)
NoVmp (https://github.com/can1357/NoVmp)
NoVmpy (https://github.com/wallds/NoVmpy)
obfuscar (https://github.com/obfuscar/obfuscar)
Obsidium (https://www.obsidium.de/show/details/en)
PackerAttacker (https://github.com/BromiumLabs/PackerAttacker)
PdfParser (https://github.com/smalot/pdfparser)
pdfstreamdumper (https://github.com/dzzie/pdfstreamdumper)
Qunpack (https://www.npmjs.com/package/qunpack)
RDG Packer Detector (http://www.rdgsoft.net/)
Themida (https://www.oreans.com/Themida.php)
UPX (https://upx.github.io/)
ViperMonkey (https://github.com/decalage2/ViperMonkey)
VMPDump (https://github.com/0xnobody/vmpdump)
VMProtect (https://vmpsoft.com/)
unipacker (https://github.com/unipacker/unipacker)
Universal Extractor (https://www.legroom.net/software/uniextract)
Unpacker (https://unpacker.en.softonic.com/)
Frameworks
This subsection encompasses all of the frameworks used to assist in malware analysis. They are found below:
Assemblyline (https://bitbucket.org/cse-assemblyline/assemblyline/src/master/)
File Scanning Framework (https://github.com/EmersonElectricCo/fsf)
Mastiff (https://github.com/KoreLogicSecurity/mastiff)
MultiScanner (https://github.com/mitre/multiscanner)
Viper Framework (https://github.com/viper-framework/viper)
Incident Response Tools
This subsection encompasses all of the incident response-related tools. They are found below:
BinaryAlert (https://github.com/airbnb/binaryalert)
ClamAV (https://www.clamav.net/)
Faronics Deep Freeze (https://www.faronics.com/products/deep-freeze/enterprise)
FireEye IOC Editor (https://www.fireeye.com/services/freeware/ioc-editor.html)
GRR Rapid Response (https://github.com/google/grr)
Loki (https://github.com/Neo23x0/Loki)
OsQuery (https://osquery.io/)
Persistent Sniper (https://github.com/last-byte/PersistenceSniper)
RegRipper3.0 (https://github.com/keydet89/RegRipper3.0)
RollBackRx (https://horizondatasys.com/rollback-rx-time-machine/rollback-rx-professional/)
Sandbox Scryer (https://github.com/PayloadSecurity/Sandbox_Scryer)
Shadow Defender (http://www.shadowdefender.com/)
Velociraptor (https://github.com/Velocidex/velociraptor)
YARA (https://virustotal.github.io/yara/)
- Loki (https://github.com/Neo23x0/Loki)
- OsQuery (https://osquery.io/)
- Yara Rules (https://github.com/Yara-Rules)
- Yara-Endpoint (https://github.com/Yara-Rules/yara-endpoint)
- Yara_Merger (https://github.com/lsoumille/Yara_Merger)
- yarGen (https://github.com/Neo23x0/yarGen)
Memory Forensic Tools
This subsection encompasses all of the memory forensic tools. They are found below:
AutoTimeliner (https://github.com/andreafortuna/autotimeliner)
Belkasoft Live RAM Capturer (https://belkasoft.com/ram-capturer)
Comae DumpIt (https://www.comae.com/dumpit/)
FireEye Redline (https://www.fireeye.com/services/freeware/redline.html)
Malhunt (https://github.com/andreafortuna/malhunt)
Memoryze (https://www.fireeye.com/services/freeware/memoryze.html)
MoonSols DumpIt (https://github.com/thimbleweed/All-In-USB/tree/master/utilities/DumpIt)
Nirsoft Memdump (https://nircmd.nirsoft.net/memdump.html)
RAM Capture (https://www.magnetforensics.com/resources/magnet-ram-capture)
Rekall (http://www.rekall-forensic.com/releases)
Volatility3 (https://github.com/volatilityfoundation/volatility3/)
- AutoTimeliner (https://github.com/andreafortuna/autotimeliner)
- Malhunt (https://github.com/andreafortuna/malhunt)
windd (https://github.com/luisgf/windd)
WinPmem (https://github.com/Velocidex/WinPmem)
Network Tools
This subsection encompasses all of the network-related tools. They are found below:
Burp Suite (https://portswigger.net/burp)
CapAnalysis (https://www.capanalysis.net/ca/)
Capsa Free Network Analyzer (https://www.colasoft.com/capsa-free/)
CaptureBAT (https://www.honeynet.org/projects/old/capture-bat/)
CurrPorts (https://www.nirsoft.net/utils/cports.html)
FakeDns (https://github.com/Crypt0s/FakeDns)
FakeNet-NG (https://github.com/mandiant/flare-fakenet-ng/releases)
Fiddler (https://www.telerik.com/fiddler)
FileZilla (https://filezilla-project.org/)
FireEye ApateDNS (https://www.fireeye.com/services/freeware/apatedns.html)
FOG Project (https://fogproject.org/)
HTTP Analyzer (https://www.ieinspector.com/httpanalyzer/)
iNetSim (https://www.inetsim.org/)
Mitmproxy (https://mitmproxy.org/)
NetworkMiner (https://www.netresec.com/?page=NetworkMiner)
Paessler PRTG Network Monitor (https://www.paessler.com/packet_capture)
PassiveDNS (https://github.com/gamelinux/passivedns)
SmartSniff (https://smartsniff.en.softonic.com/)
Stenographer (https://github.com/google/stenographer)
TCPDump (https://www.tcpdump.org/)
TCPView (https://docs.microsoft.com/en-us/sysinternals/downloads/tcpview)
TDIMon (https://freewareapp.com/tdimon_download/)
WinDump (https://www.winpcap.org/windump/)
Wireshark (https://www.fireeye.com/services/freeware/ioc-editor.html)
Xplico (https://www.xplico.org/)
Security Researcher Toolsets
This subsection encompasses all of the toolsets created by malware and security researchers. They are found below:
Didier Stevens Tools (https://blog.didierstevens.com/my-software/)
Eric Zimmerman’s Tools (https://ericzimmerman.github.io/#!index.md)
FireEye Freeware (https://www.fireeye.com/services/freeware.html)
Hasherezade Tools (https://hasherezade.github.io/)
Horsicq Tools (https://horsicq.github.io/)
Larry’s Tools (https://dongla.net/download.html)
malduck (https://github.com/CERT-Polska/malduck)
Novirusthanks Tools (https://www.novirusthanks.org/browse-by/malware-analysis-tools/)
pwntools (https://github.com/Gallopsled/pwntools)
Reverse Engineer’s Toolkit (https://github.com/mentebinaria/retoolkit)
The Malware Analyst Pack (http://sandsprite.com/iDef/MAP/)
Windows Internals Book 7th Edition Tools (https://github.com/zodiacon/WindowsInternals)
Static Analysis Tools
This subsection encompasses all of the tools for static analysis. They are found below:
7-Zip (https://www.7-zip.org/)
ASPack (http://www.aspack.com/downloads.html)
Amber (https://github.com/EgeBalci/Amber)
AnalyzePE (https://github.com/hiddenillusion/AnalyzePE)
BAT to EXE Converter (https://bat-to-exe-converter-x64.en.softonic.com/)
BinText (https://www.aldeid.com/wiki/BinText)
CFF Explorer Suite (https://ntcore.com/?page_id=388)
Capa (https://github.com/mandiant/capa)
Cerbero Suite (https://cerbero.io/)
Chkrootkit (http://www.chkrootkit.org/)
DBeaver (https://dbeaver.io/)
Dependency Walker (http://dependencywalker.com/)
Detect It Easy (https://github.com/horsicq/Detect-It-Easy)
DigiCert Certificate Utility (https://www.digicert.com/support/tools/certificate-utility-for-windows)
dll-to-exe (https://github.com/hasherezade/dll_to_exe)
easyhunting (https://github.com/ppt0/easyhunting)
exe-to-dll (https://github.com/hasherezade/exe_to_dll)
Exeinfo PE (http://www.exeinfo.xn.pl/)
FileAlyzer (https://www.safer-networking.org/products/filealyzer/)
Hashdeep (https://github.com/jessek/hashdeep)
ImHex (https://imhex.werwolv.net/)
Import REConstructor (https://www.aldeid.com/wiki/ImpREC)
LordPE (https://www.aldeid.com/wiki/LordPE)
malwoverview (https://github.com/alexandreborges/malwoverview)
Malfunction (https://github.com/Dynetics/Malfunction)
Nsrllookup (https://github.com/rjhansen/nsrllookup)
OfficeMalScanner (http://www.reconstructer.org/)
Oletools (https://github.com/decalage2/oletools)
PE Explorer (http://www.heaventools.com/PE_Explorer_resource_editor.htm)
PE Internals (http://www.andreybazhan.com/pe-internals.html)
PE Studio (https://www.winitor.com/)
PEiD (https://www.aldeid.com/wiki/PEiD)
PPEE (puppy) (https://www.mzrst.com/)
Pefile (https://pypi.org/project/pefile/)
Pev (https://pev.sourceforge.io/)
ProtectionID (https://web.archive.org/web/20210331144912/https://protectionid.net/)
Resource Hacker (http://angusj.com/resourcehacker/)
Resource Tuner (http://www.heaventools.com/resource-tuner.htm)
Rootkit Hunter (https://sourceforge.net/p/rkhunter/rkh_code/ci/master/tree/files/FAQ)
Ssdeep (https://ssdeep-project.github.io/ssdeep/)
Total Uninstall (https://www.martau.com/)
TrID (https://mark0.net/soft-trid-e.html)
XPEViewer (https://github.com/horsicq/XPEViewer)
String and Metadata Tools
This subsection encompasses all of the tools related to strings and file metadata. They are found below:
Beyond Compare (https://www.scootersoftware.com/)
ExifTool (https://www.sno.phy.queensu.ca/~phil/exiftool/)
Free Hex Editor Neo (https://www.hhdsoftware.com/free-hex-editor)
HashMyFiles (https://www.nirsoft.net/utils/hash_my_files.html)
Hex Workshop (http://www.hexworkshop.com/overview.html)
HxD (https://mh-nexus.de/en/hxd/)
NoMoreXOR (https://github.com/hiddenillusion/NoMoreXOR)
StringSifter (https://github.com/mandiant/stringsifter)
Visual Analysis Tools
This subsection encompasses all of the visual analysis and visual aid tools. They are found below:
Graphviz (https://graphviz.org/download/)
ProcDOT (https://procdot.com/index.htm)
XDot (https://github.com/jrfonseca/xdot.py)
Virtual Machines and Distros
This section includes all of the virtual machines and Linux distros related to malware analysis, forensics, and penetration testing. These will likely not be used in Panda Labs as the infrastructure has already been established, but this is a good way to learn different Linux distros, different tools within each distro, and methodologies for learning external to work. In other words, establishing a malware analysis infrastructure on a personal machine in conjunction with other learning and tools is a good way to learn more about malware analysis. The resource subsections are provided below:
- Linux Distros and VMs
- Sandboxes and Portable Labs
- Virtual Machine Managers
Linux Distros and VMs
This subsection displays all of the Linux distros and virtual machines to be used in a virtual machine manager. They are found below:
ADIA (https://forensics.cert.org/appliance/README.html)
ArchStrike (https://archstrike.org/)
BackBox (https://www.backbox.org/)
BlackArch Linux (https://blackarch.org/index.html)
CAINE (https://www.caine-live.net/)
CSI Linux (https://csilinux.com/)
FLARE VM (https://github.com/mandiant/flare-vm)
Fedora Security Spin (https://fedoraproject.org/wiki/Security_Lab)
ForLEx (http://www.forlex.it/)
Kali (https://www.kali.org/)
Network Security Toolkit (https://www.networksecuritytoolkit.org/nst/index.html)
Parrot OS (https://www.parrotsec.org/)
Pentoo (https://www.pentoo.ch/)
REMnux (https://remnux.org/)
SIFT Workstation (https://www.sans.org/tools/sift-workstation/)
Security Onion (https://securityonionsolutions.com/)
Tsuguri (https://tsurugi-linux.org/)
Sandboxes and Portable Labs
This subsection displays all of the sandboxes and portable virtual labs premade for reverse engineering and malware analysis. They are found below:
Bochs Emulator (https://bochs.sourceforge.io/)
Noriben Sandbox (https://github.com/Rurik/Noriben)
Re_lab (https://github.com/cboin/re_lab)
Sandboxie (https://sandboxie-plus.com/sandboxie/)
Virtual Machine Managers
This subsection displays all of the virtual machine managers to use for virtual machine disks and premade distros. They are found below:
Virtualbox (https://www.virtualbox.org/)
VMWare (https://www.vmware.com/)