Ultimate Guide to GitHub Malware Tools for In-Depth Analysis and Detection

 

Title: Tools for Identifying and Managing GitHub Malware – Malware

Content: GitHub has emerged as a significant resource for developers, but it also contains risks related to

Recommendation

This is a resource found on GitHub for conducting malware analysis, and it is very comprehensive. I hope it helps those engaged in malware detection.

Comprehensive Collection of Malware Analysis

Project Address:

https://github.com/rshipp/awesome-malware-analysis

This list catalogs commendable malware analysis tools and resources.

• Collection of Malware
  • Anonymous Proxy
  • Honeypot
  • Malware Sample Repository
• Open Source Threat Intelligence
  • Tools
  • Other Resources
• Detection and Classification
• Online Scanning and Sandboxing
• Domain Analysis
• Browser Malware
• Documents and Shellcode
• File Extraction
• Deobfuscate
• Debugging and Reverse Engineering
• Network
• Memory Forensics
• Windows Ultimate Tool
• Storage and Workflow
• The content of the post seems to be labeled simply as “Miscellaneous.” If this is a placeholder or unspecified text, please provide more context or specific content that needs translation. If this is indeed the content, consider expanding it with details so I can offer a precise translation while preserving HTML integrity.
• Resources
  • books
  • Twitter
  • It seems that the provided text is not in English. If you could provide the content in English, I would be able to assist you with translating the WordPress post using my specialized knowledge. Please
• Relevant Awesome List
• The term “贡献者” translates to “Contributors” in American English. If you have any specific WordPress post content you’d like translated while maintaining the HTML structure, feel free to share it!
• Acknowledgments

Malware Collection

Anonymous Proxy

Web Traffic Anonymization Schemes for Analysts

• Anonymouse.org – A Free, Web-Based Anonymous Proxy
• OpenV** – V** Software and Hosting Solutions
• Privoxy – An open-source proxy server with privacy protection features
• Tor – Onion Router, designed to prevent leaving a client IP address while browsing the web.

Honeypot

Capture and Collect Your Own Samples

• Conpot – ICS/SCADA Honeypot
• Cowrie – An SSH Honeypot Based on Kippo
• DemoHunter – Low-Interaction Distributed Honeypot
• Dionaea – A honeypot used for capturing malware
• Glastopf – Web Application Honeypot
• Honeyd – Creating a Virtual Honeypot
• HoneyDrive – A Linux Distribution for Honeypot Deployment
• Mnemosyne – Honeypot Data Standardization Powered by Dionaea
• Thug – A Low-Interaction Honeypot Used to Investigate Malicious Websites

Malware Sample Repository

Collect malware samples for analysis

• Clean MX – Real-Time Database of Malware and Malicious Domains
• Contagio – A Recent Collection of Malware Samples and Analysis
• Exploit Database – Exploit and shellcode samples
• Infosec – CERT-PA – Collection and Analysis of Malware Samples
• Malpedia – Provides Quickly Identifiable and Actionable Contextual Resources for Investigating Malware
• Malshare – A Vast Repository of Malicious Samples Obtained from Malicious Websites
• MalwareDB – Malware Sample Database
• Open Malware Project – Sample Information and Download
• Ragpicker – A Plugin Based on a Malware Crawler
• theZoo – Real-time Malware Repository for Analysts
• Tracker h3x – Aggregator’s Malicious Software Tracking and Download Addresses
• vduddu malware repo – A Collection of Various Malware Files and Source Codes
• VirusBay – A Community-Based Malware Repository
• ViruSign – A Database of Malware Detected by Antivirus Programs Other Than ClamAV
• VirusShare – Malware Repository
• VX Vault – Proactive Collection of Malware Samples
• Zeltser’s Sources – A curated list of malware sample sources by Lenny Zeltser
• Zeus Source Code – 2011 Zeus source code leak

Open Source Threat Intelligence

Tools

Collecting and Analyzing IOC Information

• AbuseHelper – An Open-Source Framework for Receiving and Redistributing Threat Intelligence
• AlienVault Open Threat Exchange – Sharing and Collaboration in Threat Intelligence
• Combine – Obtaining Threat Intelligence Information from Open Sources
• Fileintel – File Intelligence
• Hostintel – Host Intelligence
• IntelMQ – A tool used by CERTs to handle incident data using message queues
• IOC Editor – A free XML IOC file editor from Mandiant
• iocextract – Advanced IOC Extraction Tool, Python Library, and Command Line Tool
• ioc_writer – A Python library developed for OpenIOC objects
• MalPipe – A malware/IOC extraction and processing engine that collects rich data.
• Massive Octo Spice – Initiated by the CSIRT Gadgets Foundation, previously known as CIF (Collective Intelligence Framework), aggregates IOC information from various sources.
• MISP – The Malware Information Sharing Platform initiated by The MISP Project
• Pulsedive – A community-driven free threat intelligence platform, collecting IOCs from open-source resources.
• PyIOCe – A Python OpenIOC Editor
• RiskIQ – Research, Link, Annotate, and Share IPs and Domains
• threataggregator – Aggregates security threats from multiple information sources, including some from the other resources list.
• ThreatCrowd – A Threat Search Engine with Graphical Visualization
• ThreatTracker – A Python script for monitoring IOCs retrieved from Google Custom Search Engine and generating alerts.
• TIQ-test – Visualization and Statistical Analysis of Threat Intelligence Sources

Other Resources

Threat Intelligence and IOC Resources

• Autoshun (list) – Snort Plugin and Blacklist
• Bambenek Consulting Feeds – OSINT Subscriptions Based on Malicious DGA Algorithms
• Fidelis Barncat – An Expandable Malware Configuration Database (Permission Required)
• CI Army (list) – Cybersecurity Blacklist
• Critical Stack – Free Intel Market – A free intel deduplication and aggregation project offering over 90 subscriptions and more than 1.2 million threat intelligence entries.
• Cybercrime Tracker – Monitoring Activities of Multiple Botnets
• FireEye IOCs – IOC Information Shared by FireEye
• FireHOL IP Lists – Tracking changes, country mapping, and retention policies for over 350 IPs related to attacks and malware.
• HoneyDB – Community-Driven Honeypot Sensor Data Collection and Aggregation
• hpfeeds – Honeypot Subscription Protocol
• CERT-PA List (IP – Domain Name – URL) – Blacklist Service
• Internet Storm Center (DShield) – Logs and searchable incident database with a Web API (unofficial Python library).
• malc0de – Search Event Database
• Malware Domain List – Search and Share Malicious Software URLs
• Metadefender Threat Intelligence Feeds – Querying File Hashes in Metadefender Malware Subscription
• OpenIOC – Threat Intelligence Sharing Framework
• Ransomware Overview – A List of Key Concepts about Ransomware
• STIX – Structured Threat Information eXpression – represents and shares cyber threat information through a standardized language MITRE related:
  • CAPEC – Common Attack Pattern Enumeration and Classification
  • CybOX – Cyber Observable eXpression
  • MAEC – Malware Attribute Enumeration and Characterization
  • TAXII – Trusted Automated Exchange of Indicator Information
• ThreatMiner – Threat Intelligence Data Mining Interface
• threatRECON – Search indicators, up to 1,000 times per month.
• Yara rules – Yara Rule Set
• YETI – Yeti is a platform designed to organize observability in data, indicators of compromise (IOCs), tactics, techniques, and procedures (TTPs), and threat intelligence.
• ZeuS Tracker – ZeuS Blacklist

Detection and Classification

Antivirus and Other Malware Detection Tools

• AnalyzePE – Analyzer for Windows PE Files
• Assemblyline – A Large-Scale Distributed File Analysis Framework
• BinaryAlert – An open-source, serverless AWS pipeline for scanning and alerting on uploaded files using YARA
• chkrootkit – Local Linux Rootkit Detection
• ClamAV – Open Source Antivirus Engine
• Detect-It-Easy – A Program for Determining File Types
• Exeinfo PE – A tool for detecting packers and compressors, equipped with unpacking information.
• ExifTool – Reading, Writing, and Editing File Metadata
• File Scanning Framework – A Modular Recursive File Scanning Solution
• Generic File Parser – A standalone library parsing tool designed for extracting metadata, conducting static analysis, and detecting macros within files.
• hashdeep – Calculate hash values using various algorithms
• HashCheck – A Windows Shell Extension for Calculating Hash Values with Various Algorithms
• Loki – Host-Based IOC Scanner
• Malfunction – Classifying and Comparing Malware at the Functional Level
• Manalyze – A Tool for Static Analysis of PE Files
• MASTIFF – Static Analysis Framework
• MultiScanner – Modular File Scanning/Analysis Framework
• nsrllookup – A tool to query hashes in NIST’s National Software Reference Library database
• packerid – A Cross-Platform Alternative to PEiD
• PE-bear – A Reverse Engineering Tool for PE Files
• PEV – A Cross-Platform Toolbox for Analyzing PE Files Providing Feature-Rich Tools for Accurate Examination of Suspicious Binaries
• Rootkit Hunter – Detecting Linux Rootkits
• ssdeep – Calculating Fuzzy Hash Values
• totalhash.py – A Simple Python Script to Search the TotalHash.com Database
• TrID – File Identification
• virustotal-falsepositive-detector – A tool to analyze Virustotal Reports for potential false positives based on name similarity.
• YARA – A Pattern Recognition Tool for Analysts
• Yara Rules Generator – Generates Yara rules based on malicious samples and includes a string database to avoid false positives.
• Yara Finder – A simple tool for matching files using different Yara rules in order to identify suspicious indicators.

Online Scanning and Sandbox

A web-based multi-antivirus engine scanner and sandbox for automated malware analysis

• anlyz.io – Online Sandbox
• any.run – Interactive Sandbox Online
• AndroTotal – Free Online Analysis of Apps Using Multiple Mobile Antivirus Programs
• AVCaesar – Malware.lu Online Scanner and Malware Collection
• Cryptam – Analyzing Suspicious Office Documents
• Cuckoo Sandbox – Open-source, autonomous sandbox, and automated analysis system
• cuckoo-modified – A modified version of the Cuckoo Sandbox under the GPL license. The author did not merge the branch due to legal reasons.
• cuckoo-modified-api – Python API for controlling cuckoo-modified sandbox
• DeepViz – A Multi-format File Analyzer Using Machine Learning Classification
• detux – A sandbox for analyzing Linux malware traffic and capturing IOC information
• DRAKVUF – Dynamic Malware Analysis System
• firmware.re – Unpack, Scan, and Analyze the Majority of Firmware Packages
• HaboMalHunter – An Automated Malware Analysis Tool for Linux Platforms.
• Hybrid Analysis – An Online Malware Analysis Tool Powered by VxSandbox
• Intezer – Detect, Analyze, and Classify Malware by Identifying Code Reuse and Code Similarity
• IRMA – An Asynchronous and Customizable Suspicious File Analysis Platform
• Joe Sandbox – In-depth Malware Analysis
• Jotti – Free Online Multi-Antivirus Engine Scanner
• Limon – A Sandbox for Analyzing Linux Malware
• Malheur – Automation of Malicious Behavior Sandbox Analysis
• malice.io – A Scalable and Flexible Malware Analysis Framework
• malsub – A Python RESTful API framework offering online malware and URL analysis services.
• Malware Configuration – Extraction, Decoding, and Online Configuration from Common Malware
• Malwr – Free Online Cuckoo Sandbox Analysis Instance
• MASTIFF Online – Online Static Analysis of Malware
• Metadefender – Scan files, hashes, or the IP address of malware
• NetworkTotal – A service for analyzing pcap files using Suricata configured with EmergingThreats Pro for quick detection of viruses, worms, Trojans, and various types of malware.
• Noriben – Collecting Malware Process Information in a Sandbox Environment Using Sysinternals Procmon
• PacketTotal – An online engine for analyzing .pcap files and visualizing network traffic
• PDF Examiner – Collect Suspicious PDF Files
• ProcDot: A Visualization Toolkit for Malware Analysis
• Recomposer – Auxiliary Script for Securely Uploading Binary Programs to Sandbox Websites
• sandboxapi – A Python Library Integrating Multiple Open-Source and Commercial Malware Sandboxes
• SEE – Building Frameworks for Test Automation in a Secure Environment
• SEKOIA Dropper Analysis – Online dropper analysis supporting Js, VBScript, Microsoft Office, PDF
• VirusTotal – Free Online Malware Sample and URL Analysis
• Visualize_Logs – An Open Source Visualization Library and Command-Line Tool for Logs (Cuckoo, Procmon, etc.)
• Zeltser’s List – Free Automated Sandbox Services Created by Lenny Zeltser

Domain Analysis

Check Domain Name and IP Address

• badips.com – A Community-Based IP Blacklisting Service
• boomerang – A tool designed to securely capture web resources
• Cymon – Threat intelligence tracking with IP, domain, and hash search functionalities.
• Desenmascara.me – With just one click, obtain as much retrieval metadata as possible to evaluate a website’s credibility.
• Dig – Free Online Dig and Other Networking Tools
• dnstwist – A Domain Name Ranking Site for Detecting Phishing Websites and Corporate Espionage Activities
• IPinfo – Gathering Information About an IP or Domain through Online Resources
• Machinae – An OSINT tool similar to Automator for gathering information about URLs, IPs, or hashes.
• mailchecker – Cross-Language Temporary Email Detection Library
• MaltegoVT – Enables Maltego to utilize the VirusTotal API, allowing searches for domain names, IP addresses, file hashes, reports
• Multi RBL – Multiple DNS Blacklists, Reverse Lookup for Over 300 RBLs
• NormShield Services – For detecting potential phishing domains, blacklisted IP addresses, and fraudulent accounts
• PhishStats – Search Phishing Statistics for IP, Domain, and Website Title
• SpamCop – Spam IP Blacklist IP
• SpamHaus – Domain and IP-Based Blacklists
• Sucuri SiteCheck – Free Website Malware and Security Scanner
• Talos Intelligence – Search for the owner of an IP, domain, or network
• TekDefense Automator – OSINT Tool for Gathering Information on URLs, IPs, and Hashes
• URLQuery – Free URL Scanner
• urlscan.io – Free URL Scanner and Domain Information
• Whois – Free Whois Search by DomainTools
• Zeltser’s List – A Collection of Free Online Malware Tools Curated by Lenny Zeltser
• ZScalar Zulu – Zulu URL Risk Analysis

Browser Malware

Analyze malicious URLs, referencing the domain analysis and documents and shellcode sections can also be considered.

• Firebug – Firefox Web Development Extension
• Java Decompiler – Decompile and Inspect Java Applications
• Java IDX Parser – Parsing Java IDX Cache Files
• JSDetox – JavaScript Malware Analysis Tool
•  
• Krakatau – Decompiler, Assembler, and Disassembler for Java
• Malzilla – Analyzing Malicious Web Pages
• RABCDAsm – A Robust ActionScript Bytecode Disassembler
• SWF Investigator – Static and Dynamic Analysis of SWF Applications
• swftools – A Tool for Converting PDFs to SWF
• The title “xxxswf – Python script to analyze Flash files” translates to “xxxswf – Python Script for Analyzing Flash Files.”

Documents and Shellcode

Analyze malicious JS and shellcode in PDF and Office documents; you can also refer to the browser malware section.

• AnalyzePDF – A tool to analyze PDFs and attempt to determine if they are malicious files.
• box-js – A tool for analyzing JavaScript malware, featuring support for JScript/WScript and ActiveX emulation capabilities.
• diStorm – Disassembler for Analyzing Malicious Shellcode
• JS Beautifier – JavaScript Unpacking and Deobfuscation
• JS Deobfuscator – For straightforward JavaScript deobfuscation using eval or document.write
• libemu – A Library and Tool for x86 Shellcode Emulation
• malpdfobj – Deconstruct Malicious PDF into JSON Representation
• OfficeMalScanner – Scanning for Malicious Traces in MS Office Documents
• olevba – A script to parse OLE and OpenXML documents and extract useful information.
• Origami PDF – A Tool for Analyzing Malicious PDFs
• PDF Tools – Various Tools on PDF Developed by Didier Stevens
• PDF X-Ray Lite – A PDF Analysis Tool, the backend-free version of PDF X-RAY
• peepdf – A Python Tool for Exploring Potentially Malicious PDFs
• QuickSand – QuickSand is a compact C framework designed to analyze suspicious malware documents, identify vulnerabilities in various encoding streams, and locate as well as extract embedded executables.
• Spidermonkey – Mozilla’s JavaScript engine, used for debugging suspicious JS code.

File extraction

Extracting Files from Hard Drive and Memory Images

• bulk_extractor – Fast File Extraction Tool
• EVTXtract – Extract Windows Event Log Files from Raw Binary Data
• Foremost – File Extraction Tool Designed by the US Air Force
• hachoir3 – A collection of Python libraries for handling binary programs
• Scalpel – Another Data Extraction Tool
• SFlock – Nested Document Extraction/Decompression (Use with Cuckoo Sandbox)

Breaking XOR or other code obfuscation methods

• Balbuzard – A Malware Analysis Tool for Deobfuscating (XOR, ROL, etc.)
• de4dot – .NET Demystification and Unpacking
• ex_pe_xor and iheartxor – Two tools developed by Alexander Hanel for removing single-byte XOR encoding from files.
• FLOSS – FireEye Labs’ de-obfuscation string tool utilizes advanced static analysis techniques to automatically extract strings from malware binaries.
• NoMoreXOR – Using Frequency Analysis to Guess a 256-byte XOR Key
• PackerAttacker – Universal Hidden Code Extractor for Windows Malware
• unpacker – An Automated Windows Malware Unpacker Based on WinAppDbg
• unxor – Using a Known-Plaintext Attack to Guess an XOR Key
• VirtualDeobfuscator – A Virtual Reverse Engineering Tool
• XORBruteForcer – Python Script for Brute Forcing Single-Byte XOR Keys
• XORSearch and XORStrings – Two tools developed by Didier Stevens for searching data that has been XOR obfuscated.
• xortool – Guess the XOR key and key length

Debugging and Reverse Engineering

Decompiler, Debuggers, and Other Static and Dynamic Analysis Tools

• angr – A Cross-Platform Binary Analysis Framework Developed by UCSB’s Security Lab
• bamfdetect – Identifying and Extracting Information on Miracle Malware and Other Malicious Software
• BAP – A cross-platform open-source binary analysis framework developed by the security lab at CMU
• BARF – Cross-platform, Open-source Binary Analysis and Reversing Framework
• binnavi – A Graph-based Visualization Binary Analysis IDE
• Binary Ninja – A Reverse Engineering Platform That Can Replace IDA
• Binwalk – Firmware Analysis Tool
• Capstone – A binary analysis disassembly framework that supports multiple architectures and many languages.
• codebro – A web-based code browser that offers basic code analysis using clang
• Cutter – The GUI for Radare2
• DECAF (Dynamic Executable Code Analysis Framework) – A QEMU-based binary analysis platform, DroidScope is an extension of DECAF.
• dnSpy – .NET Editor, Compiler, Debugger
• dotPeek – Free .NET Decompiler and Assembly Browser
• Evan’s Debugger (EDB) – Modular Debugger for Qt GUI Applications
• Fibratus – A tool for exploring and tracing the Windows kernel
• FPort – Real-time monitoring of open TCP/IP and UDP ports in the system and mapping them to applications.
• GDB – GNU Debugger
• GEF – An Enhanced GDB for Developers and Reverse Engineers
• hackers-grep – Tool for searching the import table, export table, strings, and debug symbols in PE programs
• Hopper – macOS and Linux Disassembler
• IDA Pro – A Windows disassembler and debugger, with a free evaluation version.
• Immunity Debugger – Malware Debugger with Python API
• ILSpy – ILSpy is an open-source .NET assembly browser and decompiler.
• Kaitai Struct – A tool for reverse engineering file formats, network protocols, and data structures, designed for code generation in C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby.
• LIEF – LIEF offers a cross-platform library for parsing, modifying, and abstracting ELF, PE, and Mach-O formats.
• ltrace – Dynamic Analysis of Linux Executable Files
• mac-a-mal – An Automated Framework for Malware Detection
• objdump – A component of the GNU toolchain, used for static analysis of Linux binary programs.
• OllyDbg – Assembly-Level Debugger for Windows Executables
• PANDA – Dynamic Analysis Platform
• PEDA – A Python Exploit Development Assistance tool based on GDB, featuring enhanced display and augmented commands.
• pestudio – Static Analysis of Windows Executables
• Pharos – A Binary Analysis Framework for Automated Static Analysis of Binary Files
• plasma – An interactive disassembler for x86/ARM/MIPS
• PPEE (puppy) – Professional PE File Resource Explorer
• Process Explorer – Advanced Windows Task Manager
• Process Hacker – A Tool for Monitoring System Resources
• Process Monitor – An Advanced Monitoring Tool for Programs on Windows
• PSTools – A suite of Windows command-line tools that assists administrators in managing systems in real-time.
• Pyew – A Python Tool for Malware Analysis
• PyREBox – A Python-scriptable reverse engineering sandbox developed by Cisco Talos team
• QKD – Embedding WinDbg for Stealth Debugging in QEMU
• Radare2 – A Reverse Engineering Framework with Debugger Support
• RegShot – Utilizing Snapshots for Registry Comparison
• RetDec – A retargetable machine code decompiler, offering both an online decompilation service and an API.
• ROPMEMU – A Framework for Analyzing, Parsing, and Decompiling Complex Code Reuse Attacks
• SMRT – A Plugin for Assisting Malware Analysis in Sublime 3
• strace – Dynamic Analysis of Executable Files in Linux
• Triton – A Dynamic Binary Analysis Framework
• Udis86 – A Disassembly Library and Tool for x86 and x86_64
• Vivisect – A Python Tool for Malware Analysis
• WinDbg – A versatile debugger for the Windows operating system, capable of debugging user-mode applications, device drivers, and kernel dumps.
• X64dbg – An open-source x64/x32 debugger for Windows

Network

Analyze Network Interactions

• Bro – A protocol analysis tool that supports an impressive range of file and network protocols.
• BroYara – Yara Rule Set Based on Bro
• CapTipper – Malicious HTTP Traffic Manager
• chopshop – Protocol Analysis and Decoding Framework
• CloudShark – A Web-Based Packet Analysis Tool and Malware Traffic Detection.
• Fiddler – A Web Proxy Specially Designed for Web Debugging and Development
• Hale – Botnet C&C Monitor
• Haka – A security-oriented open-source language used to describe protocols and enforce security policies during real-time traffic capture.
• HTTPReplay – A library for analyzing PCAP files, including TLS streams using the TLS master key (for Cuckoo)
• INetSim – Network Service Simulation. Very useful for building a malware analysis lab.
• Laika BOSS – Laika BOSS is a file-centric malware analysis and intrusion detection system.
• Malcom – Malware Communication Analyzer
• Maltrail – A malicious traffic detection system that uses publicly available blacklists to identify malicious and suspicious communication traffic, featuring a reporting and analysis interface.
• mitmproxy – Intercepting Network Traffic Communication
• Moloch – IPv4 Traffic Capture with Indexing and Database System
• NetworkMiner – A Free Version Network Forensics Analysis Tool
• ngrep – Capturing Network Traffic Like GREP
• PcapViz – Network Topology and Traffic Visualization
• Python ICAP Yara – An ICAP server with a YARA scanner for URLs or content
• Squidmagic – Utilized for analyzing web-based network traffic, employing Squid proxy server and Spamhaus to detect C&C servers and malicious websites.

• cpdump – Collecting Network Traffic

• tcpick – Reconstruct TCP Streams from Network Traffic
• **tcpxtract – Extracting Files from Network Traffic**
  

  In this context, “tcpxtract” is a tool used to extract files from network traffic. It analyzes the data packets transmitted over a network and reconstructs files based on the captured data. This can be particularly useful for network forensics and security analysis, allowing experts to retrieve files that were transmitted over a network, potentially identifying unauthorized data transfers or malicious activity.

  
  
• Wireshark – Network Traffic Analysis Tool

Memory Forensics

Tools for Analyzing Malware in Memory Images or Running Systems

• BlackLight – A Forensic Client for Windows/MacOS Supporting hiberfil, pagefile, and Raw Memory Analysis
• DAMM – Differential Analysis of Malware in Memory Using Volatility
• evolve – A Web Interface for the Volatility Memory Forensics Framework
• FindAES – Searching for AES Encryption Keys in Memory
• inVtero.net – A high-speed memory analysis framework developed in .NET, supporting all Windows x64 platforms, including code integrity and write support.
• Muninn – An automated analysis script using Volatility, capable of generating a readable report.
• Rekall – Memory analysis framework, a branch version of Volatility released in 2013.
• TotalRecall – A Script for Automating Multi-Sample Malware Analysis Based on Volatility
• VolDiff – Run Volatility on memory images before and after malware execution to generate a comparison report.
• Volatility – An Advanced Memory Forensics Framework
• VolUtility – Web Interface for the Volatility Memory Analysis Framework
• WDBGARK – WindDBG Anti-Rootkit Extension
• WinDbg – A real-time memory inspection and kernel debugging tool for Windows systems

Windows Tool

• AChoir – A Collection of Real-time Event Response Scripts for Windows
• python-evt – A Python library for parsing Windows event logs
• python-registry – A Python library for parsing registry files

• RegRipper (GitHub) – A Tool Based on a Collection of Plugins

  
  

Storage and Workflow

• Aleph – Open Source Malware Analysis Pipeline System
• CRITs – Collaborative Research into Threats and Malware
• FAME – A malware analysis framework that can be extended with custom modules. These modules can be linked and interact with each other to perform end-to-end analysis.
• Malwarehouse – Storage, Annotation, and Search of Malware
• Polichombr – A malware analysis platform designed to assist analysts in reverse engineering malware.
• stoQ – A distributed content analysis framework with extensive plugin support.
• Viper – A Binary Management and Analysis Framework for Analysts

Miscellaneous

• al-khaser – A Proof-of-Concept (PoC) malware designed to highlight anti-malware systems.
• CryptoKnight – Framework for Automated Reverse Engineering and Classification of Cryptographic Algorithms
• DC3-MWCP – Malware Configuration Parsing Framework of the Defense Cyber Crime Center
• FLARE VM – A Windows-Based Customized Security Distribution for Malware Analysis
• MalSploitBase – A Database of Vulnerabilities Exploited by Malware
• Malware Museum – Collection of Popular Malware from the 1980s and 1990s

• Malware Organizer – A Tool for Structuring Large Malicious/Benign Files into an Organized Framework

• Pafish – Paranoid Fish, a demonstration tool aligned with malware family behaviors, employs various techniques to detect sandbox and analysis environments.
• **REMnux – A Linux Distribution and Docker Image for Malware Reverse Engineers and Analysts**
  

  This translation maintains the original formatting and style, focusing on the specialized terminology relevant to web security and malware analysis.

• Santoku Linux – A Linux Distribution for Mobile Forensics

**Book**

Fundamental Malware Analysis Reading List

• Malware Analyst’s Cookbook and DVD – Tools and Techniques to Fight Malicious Code
• Practical Malware Analysis – A Handbook for Dissecting Malicious Software
• Practical Reverse Engineering – Intermediate Reverse Engineering.
• Real Digital Forensics – Computer Security and Incident Response
• The Art of Memory Forensics – Detecting Malware and Threats in Memory on Windows, Linux, and Mac Systems
• The IDA Pro Book – An Unofficial Guide to the World’s Most Popular Disassembler
• The Rootkit Arsenal – Stealth Intruders in the Dark Corners of the System: The Rootkit Arsenal

Twitter

Some relevant Twitter accounts

• Adamb @Hexacorn
• Andrew Case @attrc
• Binni Shah @binitamshah
• Claudio @botherder
• Dustin Webber @mephux
• Glenn @hiddenillusion
• jekil @jekil
• Jurriaan Bremer @skier_t
• Lenny Zeltser @lennyzeltser
• Liam Randall @hectaman
• Mark Schloesser @repmovsb
• Michael Ligh (MHL) @iMHLv2
• Monnappa @monnappa22
• Open Malware @OpenMalware
• Richard Bejtlich @taosecurity
• Volatility @volatility

• APT Notes – A Collection of Literature on APTs
• File Formats Posters – Visualization of Common File Formats (Including PE and ELF)
• Honeynet Project – Honeypot Tools, Papers, and Other Resources
• Kernel Mode – A vibrant community dedicated to malware analysis and kernel development
• Malicious Software – Lenny Zeltser’s Malware Blog and Resources
• Malware Analysis Search – Corey Harrell’s Custom Google Search for Malware Analysis
• Malware Analysis Tutorials – An essential resource for learning malware analysis, provided by Dr. Xiang Fu.
• Malware Samples and Traffic – This blog focuses on the network traffic associated with malware infections.
• Practical Malware Analysis Starter Kit – This package contains most of the software referenced in the book Practical Malware Analysis.
• RPISEC Malware Analysis – Course materials used in the Malware Analysis course during the Fall 2015 semester at Rensselaer Polytechnic Institute
• WindowsIR: Malware – Harlan Carvey’s Malware Page
• Windows Registry File Format Specification – Windows Register file format specification
• /r/csirt_tools – A subreddit for CSIRT tools and resources, discussing the prodigies of malware analysis
• /r/Malware – The Subreddit for Malware
• /r/ReverseEngineering – The reverse engineering subreddit, not limited to malware
• Ember – Endgame Malware Benchmark for Research is a library designed for building machine learning models, which perform scoring based on the results of static analysis.

Security