In questa pagina costantemente aggiornata verranno inserite diverse risorse utili per chi vuole entrare nel mondo del RE/malware analysis/malware development/ecc.
Corsi:
- Zero2auto, Advanced Malware Analysis (PAID, Consigliato: SI)
- AGDCServices, A Crash Course In Deep Dive Malware Analysis (PAID)
- CS6038/CS5138 Malware Analysis (FREE)
- CYS5120 Malware Analysis (FREE)
- Sektor7, Malware Development (PAID, Consigliato: SI)
- 0xPat, Malware Development (FREE, Consigliato: SI)
- Damon Mohammadbagher, C# Malware Development (FREE)
- OpenSecurityTraining, RE, Windows Internal, WinDBG (FREE)
- Modern Binary Exploitation – CSCI 4968, Binary Exploitation (FREE)
- How2heap, Heap Exploitation (FREE)
Libri:
- Modern X86 Assembly Language Programming: 32-bit, 64-bit, SSE, and AVX (Consigliato: Assolutamente SI)
- Practical Malware Analysis (Consigliato: SI)
- Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation (Consigliato: IN LETTURA)
- The Art Of Memory Forensics (Consigliato: IN LETTURA)
- Adversarial Tradecraft in Cybersecurity (Consigliato: ASSOLUTAMENTE SI)
- Art of Computer Virus Research and Defense (Consigliato: IN LETTURA)
- Malware Analyst’s Cookbook (Consigliato: IN LETTURA)
- Rootkits: Subverting the Windows Kernel: Subverting the Windows Kernel (Consigliato: IN LETTURA)
- Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats (Consigliato: IN LETTURA)
- Windows Kernel Programming (Consigliato: SI)
Kernel:
- Vergilius Project, Stutture Kernel
- Matteo Malvica, Windows Internal
- Kernel Exploit Practice, SMEP + SMAP + KPTI bypass exercise
API:
Ghidra:
- LearnFrida, Binary instrumentation
- ghida_scripts
EDR Bypass:
- EDRs, api hooked dagli EDR
Ransomware:
- id-ransomware, blog con info sui ransomware
Binary Analysis Framework:
Obfuscation:
- Modern Techniques to Deobfuscate and UEFI/BIOS Malware
- A Tutorial on Software Obfuscation
- Unpacking Virtualization Obfuscators
- Analysis of Virtualization-based Obfuscation
- Tickling VMProtect with LLVM
- A Tale of Static Devirtualization
OSINT:
- grep.app, cercare codice su github (utile per cercare code reuse)
Canali Discord:
- SecretClub, RE, Malware Analysis, Vulnerability Research
Canali Youtube:
- OALabs, RE, Malware Analysis
- AGDCServices, RE, Malware Analysis, Ghidra Script
- DuMp-GuY TrIcKsTeR, Advanced Malware Analysis
- Josh Stroschein, Malware Analysis
Telegram:
Utenti Github interessanti: