Collection of misc. bookmarks I've had lying around, organized by section of purpose. This is clearly, by no means, all inclusive. Feel free to make pull req's for new additions, corrections or otherwise.
- http://entitycube.research.microsoft.com/view.aspx?id=9303
- http://www.whostalkin.com/
- http://talkback.volvent.com.au/console/
- http://www.nerdydata.com
- http://www.shodan.io
- http://www.subliminalhacking.net/2012/12/27/osint-tools-recommendations-list/
- http://rr.reuser.biz/
- http://lxquick.com
- http://pipes.yahoo.com/pipes
- http://un1c0rn.net/
- http://betaresolver.com/beta.php
- http://www.leakedin.com
- http://www.check-host.net
- https://metrics.torproject.org/cloudbridges.html
Extra Resources
- http://www.primalsecurity.net/osint/
- http://www.slideshare.net/agent0x0/enterprise-open-source-intelligence-gathering
- http://bruteforce.gr/thug-vagrant
- http://bruteforce.gr/kippo-malware
- http://bruteforce.gr/honeyd-viz
- http://dionaea.carnivore.it/
- http://bruteforce.gr/honeydrive
- https://registry.hub.docker.com/u/yunshu/honeypot/
OSX
- http://phrack.org/papers/revisiting-mac-os-x-kernel-rootkits.html
- http://volatility-labs.blogspot.com/2013/06/movp-ii-44-whats-in-your-mac-osx-kernel.html
- http://soundly.me/osx-injection-override-tutorial-hello-world/
- https://software.intel.com/sites/landingpage/pintool/docs/67254/Pin/html/
- https://github.com/rentzsch/mach_inject/tree/semver-1.x/mach_inject_sandbox
- http://reverseengineering.stackexchange.com/questions/1860/printing-unicode-strings-in-gdb-in-osx?rq=1
- http://reverse.put.as/archives/
- https://wiki.gnome.org/Apps/Nemiver
- http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/crisis_the_advanced_malware.pdf
- http://cgdb.github.io/
- https://speakerdeck.com/milkmix/osx-malware-wirelurker
- https://www.virusbtn.com/virusbulletin/archive/2014/10/vb201410-malware-persistence-MacOSX
- http://volatility-labs.blogspot.com/2013/06/movp-ii-45-mac-volatility-vs-rubilyn.html
- http://plaso.kiddaland.net/developer/building-the-tool/mac-os-x#TOC-Hachoir
- https://bitbucket.org/haypo/hachoir/wiki/hachoir-wx
- https://developer.apple.com/library/mac/documentation/DeveloperTools/Conceptual/MachORuntime/index.html
- http://timetobleed.com/dynamic-symbol-table-duel-elf-vs-mach-o-round-2/
- http://timetobleed.com/tag/mach-o/
- http://evandrix.svbtle.com/osx-109-reverse-engineering-tutorial
- http://www.appleexaminer.com/MacsAndOS/Recommendations/Software/Software.html
- http://siliconblade.blogspot.com/2013/04/hunting-d-trace-rootkits-with.html
- http://www.slideshare.net/AndrewDFIR/mac-memory-analysis-with-volatility
Useful Papers
- http://reverse.put.as/wp-content/uploads/2014/05/WP-Asia-14-Tsai-You-Cant-See-Me-A-Mac-OS-X-Rootkit-Uses-The-Tricks-You-Havent-Known-Yet.pdf
- http://reverse.put.as/wp-content/uploads/2014/05/Asia-14-Tsai-You-Cant-See-Me-A-Mac-OS-X-Rootkit-Uses-The-Tricks-You-Havent-Known-Yet.pdf
- http://reverse.put.as/wp-content/uploads/2014/04/Rex%20vs%20The%20Romans.pdf
- https://www.blackhat.com/presentations/http://notanumber.net/archives/183/cuckoo-byte-stuffing-algorithmbh-dc-07/Kendall_McMillan/Paper/bh-dc-07-Kendall_McMillan-WP.pdf
- https://www.sba-research.org/wp-content/uploads/publications/malware_survey.pdf
- https://www.blackhat.com/presentations/bh-dc-07/Kendall_McMillan/Presentation/bh-dc-07-Kendall_McMillan.pdf
- http://0xfeedface.org/sites/default/files/Binary%20protection%20schemes.pdf
- https://www.blackhat.com/presentations/bh-usa-07/Yason/Whitepaper/bh-usa-07-yason-WP.pdf
- https://media.readthedocs.org/pdf/cuckoo/latest/cuckoo.pdf
- https://securelist.com/files/2014/11/darkhotel_kl_07.11.pdf
- https://www.fox-it.com/en/press-releases/anunak-aka-carbanak-update/
- https://www.fox-it.com/en/press-releases/anunak/
- https://securelist.com/files/2015/02/Equation_group_questions_and_answers.pdf
Yara Things
- https://code.google.com/p/volatility/wiki/MacCommandReference23#mac_yarascan
- http://blog.sei.cmu.edu/post.cfm/writing-effective-yara-signatures-to-identify-malware
- https://blog.malwarebytes.org/intelligence/2013/10/using-yara-to-attribute-malware/
- http://yara.readthedocs.org/en/v3.2.0/
- http://yara.readthedocs.org/en/latest/writingrules.html
- http://www.yaragenerator.com
Malware Sample & Sources
- http://hosts-file.net/?s=Browse
- http://code.google.com/p/malware-lu/
- http://www.offensivecomputing.net/
- http://contagiodump.blogspot.com/?m=1
- http://xylibox.blogspot.com/
- https://zeustracker.abuse.ch/
- http://virustracker.info/
- http://www.malwareurl.com/listing-urls.php?urls=on
- http://www.urlvoid.com
- http://www.ipvoid.com
- http://www.urlquery.com
- http://www.tekdefense.com/downloads/malware-samples/
- http://syrianmalware.com/
- http://zeltser.com/combating-malicious-software/malware-sample-sources.html
- http://malwageddon.blogspot.fr/
- http://pastebin.com/u/malwageddon
- https://www.team-cymru.org/Services/MHR/
- http://avtracker.info/
- https://techhelplist.com/index.php/spam-list
- https://www.passivetotal.org/account
- https://www.virusbtn.com/virusbulletin/archive/2012/07/vb201207-unpacking-x64.dkb?mobile_on=yes#id3643593
- http://www.welivesecurity.com/wp-content/uploads/2014/03/operation_windigo.pdf
- https://feodotracker.abuse.ch/
- https://spyeyetracker.abuse.ch/monitor.php?browse=binaries
- http://support.clean-mx.de/clean-mx/viruses.php
- http://www.malwareblacklist.com/showMDL.php
- http://www.wicar.org/
- https://code.google.com/p/malware-crawler/
- https://feodotracker.abuse.ch/?filter=version_d
- http://blog.dynamoo.com/
- https://intel.criticalstack.com/
- https://www.phishtank.com/
- https://palevotracker.abuse.ch/
- http://cyberwarzone.com/216-botnet-panels-tools-screenshots/
Windows (misc)
- http://msdn.microsoft.com/library/ff361664.aspx
- http://msdn.microsoft.com/library/windows/desktop/hh920508(v=vs.85).aspx
- http://msdn.microsoft.com/en-us/library/windows/desktop/ms679302(v=vs.85).aspx
- http://msdn.microsoft.com/en-us/library/windows/desktop/ms679303(v=vs.85).aspx
- http://www.robvanderwoude.com/vbstech_internet_download.php
- http://www.winitor.com/
- http://support.microsoft.com/kb/947226
- https://docs.google.com/document/d/1U10isynOpQtrIK6ChuReu-K1WHTJm4fgG3joiuz43rw/edit?hl=en_US&pli=1
- http://msdn.microsoft.com/en-us/library/afzk3475.aspx
- http://msdn.microsoft.com/en-us/library/hb5z4sxd.aspx
- http://blogs.cisco.com/talos/reversing-multilayer-net-malware
- http://blog.ring-zer0.com/2013/07/tutorial-finding-oep-and-unpacking.html
- https://code.google.com/p/peframe/
- http://prezi.com/mhmybuazwnyk/malware-analysis-packingunpacking-binary-file/
- https://code.google.com/p/pefile/wiki/UsageExamples
- https://developer.mozilla.org/en-US/docs/Mozilla/Security/Exploitable_crashes
- http://www.gerryeisenhaur.com/2011/01/04/using-python-and-pefile-to-extract-embedded-code/
- http://zeltser.com/reverse-malware/analyzing-malicious-documents.html
- http://x64dbg.com/#plugins
- http://www.tekdefense.com/news/2013/12/23/analyzing-darkcomet-in-memory.html
- http://corneldupreez.me/cryptolocker-analysis-with-volatility/
Sandboxes & Analysis Services
- http://www.lastline.com
- http://www.threatexpert.com/submit.aspx
- http://www.malwaretracker.com/pdf.php
- http://mwanalysis.org/?site=1&page=submit
- https://www.virustotal.com/intelligence
- http://eureka.cyber-ta.org/
- http://www.mlsec.org/malheur/install.html
- https://www.malwr.com
- http://www.accuvant.com/blog/improving-reliability-of-sandbox-results
- http://sarvam.ece.ucsb.edu/submit.html
- http://www.prevx.com/malwarecenter.asp
Local Appications
- https://www.viper.li
- http://www.cuckoosandbox.org/
- https://www.github.com/sroberts/malwarehouse
- https://www.github.com/deadbits/maz (version 2 in Python coming soon @ https://github.com/deadbits/mazy)
- http://code.mwcollect.org/
Various Docs
- http://zeltser.com/reverse-malware/reverse-malware-cheat-sheet.html
- http://internetopenurla.blogspot.com/2010/11/intro-to-static-analysis-part-3.html
- http://vrt-blog.snort.org/2014/09/malware-using-registry-to-store-zeus.html
- http://vrt-blog.snort.org/2014/08/discovering-dynamically-loaded-api-in.html
- http://www.slideshare.net/raghvendramishr/practical-malware-analysis
- http://en.wikipedia.org/wiki/X86_calling_conventions
- http://blog.crowdstrike.com/unpacking-dynamically-allocated-code/
- http://notanumber.net/archives/183/cuckoo-byte-stuffing-algorithm
- http://www.secretmango.com/jimb/Whitepapers/ptrace/ptrace.html
- http://cs.lmu.edu/~ray/notes/x86assembly/
- http://labs.lastline.com/exploit-analysis-via-process-snapshotting
- https://github.com/volatilityfoundation/volatility/wiki/Mac
- http://digital-forensics.sans.org/media/hex_file_and_regex_cheat_sheet.pdf
- http://www.malwaretech.com/2015/01/using-kernel-rootkits-to-conceal.html
Open Security Training
- http://opensecuritytraining.info/IntroX86-64.html
- http://opensecuritytraining.info/ReverseEngineeringMalware.html
- http://opensecuritytraining.info/IntroductionToReverseEngineering.html
- http://opensecuritytraining.info/IntermediateX86.html
- http://opensecuritytraining.info/SmartCards.html
- http://opensecuritytraining.info/MalwareDynamicAnalysis.html
Linux references
- https://blogs.oracle.com/ksplice/entry/8_gdb_tricks_you_should
- https://blogs.oracle.com/ksplice/tags/debugging
- http://www.slideshare.net/dganesan11/ld-preload-hacking
- https://antisec.hopto.org/ldumprop.txt
- http://www.phrack.org/papers/revisiting-mac-os-x-kernel-rootkits.html
- https://github.com/IOActive/Melkor_ELF_Fuzzer/
- http://www.cis.temple.edu/~ingargio/cis307/readings/signals.html
- https://github.com/eliben/pyelftools/blob/master/examples/dwarf_decode_address.py
- http://sysmagazine.com/posts/214733/
- https://blog.avast.com/2013/08/27/linux-trojan-hand-of-thief-ungloved/
Misc Analysis
- http://www.codeproject.com/Articles/30815/An-Anti-Reverse-Engineering-Guide
- http://sempersecurus.blogspot.com/2012/08/cridex-analysis-using-volatility.html
- https://www.cem.me/20150121-cert-binaries-3.html
Tools
- http://www.assembly.com.br/
- http://pythonarsenal.erpscan.com/
- http://vmcloak.org/
- http://python-forensics.org/
- https://code.google.com/p/patchdiff2/
- https://github.com/jonschipp/mal-dnssearch
- http://herrcore.blogspot.ca/2014/09/crowdsourced-malware-triage.html
- http://blog.zeltser.com/post/3235995383/pdf-stream-dumper-malicious-file-analysis
- http://mcfp.weebly.com/
- http://countuponsecurity.com/2015/01/13/dynamic-malware-analysis-with-remnux-v5-part-1/
- http://forensic.n0fate.com/
- http://www.imageforensic.org/
- https://github.com/kyrus/ida-translator
- http://reversinglabs.com/technology/open-source.html
- https://code.google.com/p/volatility/
- http://www.unphp.net/
- http://www.kernelmode.info/forum/viewtopic.php?f=11&t=3478
- http://www.exetools.com/unpackers.htm
- http://www.reversing.be/article.php?story=20050926225443593
- https://keybase.io/docs/command_line/installation
- https://www.nsa-observer.net/
- https://www.whonix.org/wiki/Advanced_Security_Guide#Hardening
- https://emailselfdefense.fsf.org/en/
- https://prism-break.org/en/categories/routers/
- http://project-byzantium.org/
- https://diasporafoundation.org/
- http://wiki.opencellid.org/wiki/API
- http://tinc-vpn.org/download/
- https://medium.com/@ZozanCudi/darkleaks-information-blackmarket-1ee5ac28c892
- http://tinc-vpn.org/examples/proxy-arp/
- http://redmine.the.re/l2mesh/l2mesh.html
- http://tinc-vpn.org/examples/osx-install/
- https://tox.im/
Graphs
- http://rubylearning.com/blog/2010/12/21/being-awesome-with-the-mongodb-ruby-driver/
- https://www.youtube.com/watch?v=-ccV0lvM3dw
- http://thinkaurelius.github.io/titan/
- http://www.chemaxon.com/jchem/doc/user/query_similarity.html
- http://mitpress.mit.edu/sicp/full-text/book/book.html
- http://www.youtube.com/watch?v=HeWfkPeDQbY
- http://www.slideshare.net/AlexandrePinto10/applying-machine-learning-to-network-security-monitoring-baythreat-2013
- http://en.wikipedia.org/wiki/List_of_graph_theory_topics#Examples_and_types_of_graphs
- http://docs.neo4j.org/refcard/2.1/
- https://github.com/mbostock/d3/wiki/Gallery
- http://linkurio.us/introduction-graph-technologies-landscape/
- http://event.cwi.nl/grades2013/03-Joslyn.pdf
- http://blogs.cisco.com/security/attack-analysis-with-a-fast-graph/
- http://blog.scrt.ch/2014/05/09/neo4j-enter-the-graphdb/
- http://www.openstreetmap.org/#map=14/46.5729/16.3380
Analysis
- http://starlight.pnnl.gov/
- https://xplr.com/
- http://app.raw.densitydesign.org/#%2F
- http://prediction.io/
- https://plot.ly/feed/
- http://www.cs.usfca.edu/~galles/visualization/Algorithms.html
- http://aadrake.com/command-line-tools-can-be-235x-faster-than-your-hadoop-cluster.html
- https://clicksecurity.github.io/data_hacking/
- http://www.secrepo.com/
Visualize
- http://attackwithnumbers.com/the-laws-of-shitty-dashboard
- https://vida.io/explore
- http://atlasboard.bitbucket.org/
- http://blog.opendns.com/2012/08/21/visualizing-threats-in-big-data/
- http://www.fireeye.com/blog
- http://www.mandiant.com/blog
- http://www.crowdstrike.com/blog
- http://www.recordedfuture.com/blog
- http://securityintelligence.com/
- http://vrt-blog.snort.org/
- http://packetstormsecurity.com/
- http://threatpost.com/
- http://blog.trendmicro.com/trendlabs-security-intelligence/
- https://blog.cyveillance.com/
- http://tools.cisco.com/security/center/home.x
- http://www.afcea.org/mission/intel/resource.asp
- http://www.covert.io/security-intel-blogs
- https://atlas.arbor.net/briefs/
- http://www.publicintelligence.net/
- http://www.webroot.com/blog/
- http://www.foreignpolicy.com/
- https://blog.nelhage.com/
- http://blog.cassidiancybersecurity.com/tag/APT
- http://www.intelcrawler.com/
- http://www.welivesecurity.com/
- https://www.endgame.com/
- http://sysc.tl/
- http://ho.ax/
- http://blog.fox-it.com/
- http://blog.handlerdiaries.com/
- http://detect-respond.blogspot.com
- http://cybercrime-tracker.net/
- http://sempersecurus.blogspot.com/
- http://securityblog.s21sec.com/
- http://blog.eset.com/
- http://blog.malwaretracker.com/
- http://www.abuse.ch/
- http://www.secureworks.com/research/threats/
- https://idefense.verisign.com