Skip to content

A list of useful tools and links for reverse engineering of malware

Notifications You must be signed in to change notification settings

confile/Reverse-Engineering-Malware-Ressources

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

82 Commits
 
 

Repository files navigation

Reverse Engineering Malware Ressources

A list of useful tools and links for reverse engineering of malware


RE Ressources

Ressources for Reverse Engineering


RE Tools

Tools for Reverse Engineering

  • pythonarsenal
  • openrce
  • wtsxDev reverse-engineering - The primary goal of Malpedia is to provide a resource for rapid identification and actionable context when investigating malware. Openness to curated contributions shall ensure an accountable level of quality in order to foster meaningful and reproducible research.
  • WinAppDbg6 - WinAppDbg Debugger
  • pefile - pefile is a Python module to read and work with PE (Portable Executable) files

RE Frameworks

Reverse Engineering Frameworks


RE Videos

Reverse Engineering Videos


Needed Function IDA Skripts IDA Plugins
Call Stack CallStackWalk
MSDN Annotation msdn-crawler IDAscope, MSDN_crawler, msdn-plugin-ida
Search FindInstructions, wpsearch, localxrefs6
Assembler Edit Keypatch
Function Sytax IDAscope
Crypto/Compression Detection FindCrypt IDAscope
Wrapper Function Annotation IDAscope
IDAPython Sark, IPyIDA
Anti Debugging stealth, ScyllaHide
Scanning VirusTotal v0.1
UniCode UniCodeString Analyst
Compare Turbodiff
Dump/Export StDump5
Graph GraphGrabber SimplifyGraph
other Runtime-Evaluated Addressing Resolver
Decompiler HexRaysCodeXplorer
Toolbox IDA Splode
Yara ida_yara, yara_fn IDARay-Plugin
Static Analysis IDAPythonEmbeddedToolkit capstool, x86 Emulator, ida-splode, BinCAT, MazeWalker
Deobfuscator Optimice
SQL Export da2sql-plugin-ida
Sharing bincrowd-plugin-ida
XRef xref_finder, backtrace, Reef
WinDbg Integrating WinDbg and IDA
Disassembler ScratchABit
Strings Stingray
Docker Docker
Comments idapython_hints
Diff Tool patchdiff2, BinDiff, DarunGrim
Collaboration Reverse-Engineering Database, collabREate

IDA Skripts for Reverse Engineering

Skripts for IDA Pro


IDA Plugin Lists


Collection of IDA Pro Plugin Ressources

IDA Plugins for Reverse Engineering

Plugins for IDA Pro

  • Keypatch - Assembler functionality
  • OllyDumpEx - Memory snapshot
  • IDAscope - Function reconstruction, MSDN documentation, finding of potential crypto/compression algorithms
  • MSDN_crawler - MSDN inline Annotations (MSDN database file)
  • Sark - Object-oriented scripting layer written on top of IDAPython
  • IPyIDA - IPython console integration for IDA Pro
  • localxrefs6 - Finds references from within the current function to any highlighted text
  • stealth - stealth against anti-debugging tricks
  • VirusTotal v0.1 - VirusTotal reporting and file submission
  • UniCodeString Analyst and Comment Maker 1.0.0.1 - Unicode string analysis
  • Turbodiff 1.0b_r1.1 - binary diffing tool
  • StDump5 - export IDA types (structs and enums) into high-level language definitions
  • ScyllaHide 1.2 - x64/x86 usermode Anti-Anti-Debug library
  • Runtime-Evaluated Addressing Resolver - resolving indirect jump/call instructions (eg. call dword ptr [ecx+1Ch], jmp eax, etc)
  • SimplifyGraph - Assist with complex graphs
  • IDA Splode - Augmenting Static Reverse Engineering with Dynamic Analysis and Instrumentation
  • IDARay-Plugin - Matches the database against multiple YARA files which themselves may contain multiple rules
  • capstool - A set of functions that can be used to do basic static analysis of x86/x64 instructions
  • Optimice - the IDAPython deobfuscator
  • msdn-plugin-ida - Imports MSDN documentation into IDA Pro
  • bincrowd-plugin-ida - BinCrowd Plugin. BinCrowd is a collaborative reverse engineering tool that can be used by reverse engineers to keep a repository of reverse engineered information and share this information with friends and colleagues.
  • xref_finder - xref_finder is a pair of tools that can be used for adding cross-references into an IDA Pro database that can't be identified using strictly static analysis, such as virtual calls (i.e. call eax).
  • ScratchABit - An interactive incremental disassembler with data/control flow analysis capabilities
  • Reef - Finding Xrefs from a function
  • Stingray - Finding function strings recursively
  • Docker - Run IDA Pro disassembler in Docker containers for automating, scaling and distributing the use of IDAPython scripts.
  • HexRaysPyTools - Assists in the creation of classes/structures and detection of virtual tables. It also facilitates transforming decompiler output faster and allows to do some stuff which is otherwise impossible.
  • patchdiff2 - A plugin for the IDA dissassembler that can analyze two IDB files and find the differences between both.
  • BinDiff - A comparison tool for binary files, that assists vulnerability researchers and engineers to quickly find differences and similarities in disassembled code.
  • DarunGrim - A Binary Diffing and Patch Analysis Tool
  • Reverse-Engineering Database - The two combined allow sharing of findings between those who practice RE.
  • collabREate - Collaborative reverse engineering plugin for IDA Pro.
  • x86 Emulator - Embedded x86 emulator for Ida Pro
  • ida-splode - Augmenting Static Reverse Engineering with Dynamic Analysis and Instrumentation

IDA Plugins for Malware Analysis

Plugins for Malware Analysis with IDA Pro

  • IDApatchwork
  • IDA Toolbag - A plugin providing supplemental functionality to the Hex-Rays IDA Pro disassembler
  • BinCAT - Binary code static analyser, with IDA integration. Performs value and taint analysis, type reconstruction
  • MazeWalker - Toolkit for enriching and speeding up static malware analysis
  • BASS - Automated Signature Synthesizer

Tools für Exploit Development

Tools für Exploit Development

  • sulley - A pure-python fully automated and unattended fuzzing framework

IDA Plugins for Exploit Development

Plugins for Exploit Development with IDA Pro


IDA Decompiler Plugins

Plugins for IDA Pro Decompiler


Yara Rules

Yara Rules


Tutorials Exploit Development

Tutorials Exploit Development


Blogs on Reverse Engineering

Interesting Blogs

Security Vendor Blogs

About

A list of useful tools and links for reverse engineering of malware

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published