Skip to content
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
440 lines (363 sloc) 22.9 KB



What is the meaning of this? This page contains a list of predominantly malware analysis / reverse engineering related tools, training, podcasts, literature and anything else closely related to the topic. I suspect that this list may morph gradually over time to possibly include other infosec related tools/links that aren't directly related to malware or RE, but I will try my very best to stay on topic! =)

Who is this page aimed at? i) Myself. I wanted to create a central page that lists all of my links that I have used at some point in time. This makes my life that little bit easier, rather than storing them in my browser bookmarks/favourites or elsewhere! (Too many browser tabs is never a good thing!!) ii) Beginners. I often get asked "how does one get started in malware analysis / reverse engineering". I'm hoping this list will provide a starting point at least. Anyone who has been practicing malware analysis for even a small amount of time, knows that there really is no single resource or location that will simply teach the art of malware analysis. Plain and simple. That said, having a useful list of links is at least a starting point. However, one caveat is that this list should NOT replace your OWN time spent researching and learning by yourself. This is very much part of "the journey" towards becomming a better malware analyst, similar to that of becomming a l33t h4x0r! ;) iii) Anyone else. Regardless of skill/experience level, even the more experienced malware analyst may hopefully find one or two useful links on this page that they haven't yet stumbled across. This is where the name "malware-gems" originated from... Original, I know.. ;)

Why? As stated above, partly because I wanted to build a central page to list all the various links I have stumbled across. And also to help any GENUINE malware analyst wannabe who needs some direction, as well as more experienced analysts who may wish to cross-check this list with their own collection to find any "gems" that they don't already have in their collection! :D

Isn't this similar to other "awesome" lists that exist on Github? Perhaps. While the various awesome "awesome" lists (as awesome as they are) gave me inspiration, I wanted to centralise my own tools/links etc due to growing my own malware analysis skills, in the hope that once I have things in one page, things may hopefully become a bit clearer in my head! In some ways, as awesome as the other various "awesome" lists are, I hope that this list will in itself be just as awesome, due to the fact that the this reflects a true and current representation of a malware analyst such as myself, who is building up their own knowledge with active links to tools, reading material etc!

Anything else?

  • The links contained in each section are currently in no particular order.
  • I may clean up the order at some point e.g. alphabetize, or order by preference.
  • Some tools/links may likely be in the wrong category, I will review this as time goes on.
  • This is a work-in-progress so bare with me!
  • Sharing is caring, so feel free to forward this link around.
  • "Haters gonna hate"!
  • And last but not least, enjoy! =)


Adversary Emulation:







Document Analysis Tools:

Dynamic/Behavioural Analysis Tools:






JavaScript Deobfuscation Tools:

LNK File Analysis:

Maps / Stats (eye candy):

Memory Forensics Tools:

Misc Tools:

.Net Debuggers/Decompilers:

Network Analysis Tools:

Operating Systems:

OSINT Online Tools:

Password Cracking:

PowerShell decoding:

Reading Material:

Sandbox Tools (Online):

Sandbox Tools (Offline):

Shellcode Tools:

Static Analysis Tools:

Text/hex Editor Tools:


VBA Deobfuscation Tools:

XOR Decoding Tools:

You can’t perform that action at this time.