天道有轮回,苍天饶过谁,历史总是惊人的相似,善有善报,恶有恶报,有些事,人在做,天在看,就不多说了, 2020年注定是不平凡的一年,各位加油,平安过年,好好学习,天天向上,积极乐观,相信这一切都会过去,这一生但行好事,莫问前程,人生的最佳选择,是追随自己的心意,做点自己喜欢的事,按照自己喜欢的方式过一生!

笔者在过年之前就已经决定,今年过年哪里不去,就在家好好呆着,学习,看书,思考!最近也开始面试一些候选人,希望能找几个志同道合的人,明年一起努力,有兴趣的朋友,可以跟我联系,找一个懂你的团队,跟一个懂你的老板,很重要,因为他知道你的价值,愿意给你更多的回报,我不敢保证所有人都懂你,但只要是跟我的人,我一定懂你,咱们要做的就是做最专业的恶意软件研究员!

今天给大家再分享一些恶意软件分析入门与实战的一些学习资料,大家在家呆着没事,可以多多学习,不要浪费青春,多做一些有意义的事,一起努力,相信明天一定会更好,未来一定会更好!

很多新人常常问笔者,怎么入门恶意软件分析,需要看什么书籍,之前笔者整理过,可以按照下面的顺序进行学习

如果没有汇编基础的,可以从上到下进行学习,如果有基础的,可以根据自身的需求,选择性进行学习

恶意软件分析工具

Windows平台恶意样本分析工具

https://malwareanalysis.co/resources/tools/windows

Mac平台恶意样本分析工具

https://malwareanalysis.co/resources/tools/macos

Linux平台恶意样本分析工具

https://malwareanalysis.co/resources/tools/linux

Android平台恶意样本分析工具

https://malwareanalysis.co/resources/tools/android

在线分析沙箱

Hybrid Analysis

https://malwareanalysis.co/resources/tools/android

SNDBOX

https://app.sndbox.com

Intezer

https://analyze.intezer.com

App AnyRun

https://app.any.run

anlyz.io

https://sandbox.anlyz.io/dashboard

YOMI

https://yomi.yoroi.company

AmnpardazSandbox

http://jevereg.amnpardaz.com/

iobit

http://cloud.iobit.com/

CAPE

https://cape.contextis.com

AVCaesar

https://avcaesar.malware.lu

Noriben

https://github.com/Rurik/Noriben

AVC(APK分析沙箱)

https://undroid.av-comparatives.org

威胁情报源

ThreatConnect

https://app.threatconnect.com

IBM Xforce

https://exchange.xforce.ibmcloud.com

RiskIQ

https://community.riskiq.com

BlueLivCommunity

https://community.blueliv.com/#!/discover

pulsedive

https://pulsedive.com

AbuseIPDB

https://www.abuseipdb.com

IntelStack

https://intelstack.com

AlienVaultOTX

https://otx.alienvault.com

MISP

https://www.misp-project.org

OpenCTI

https://github.com/OpenCTI-Platform/opencti

MalDatabase

https://maldatabase.com

Threatfeeds

https://threatfeeds.io

ThreatPipes

https://www.threatpipes.com

Shodan

https://www.shodan.io

Censys

https://censys.io

一些有用的Cheat Sheets表

Hunting Process Injection by Windows API Calls

https://malwareanalysis.co/wp-content/uploads/2019/11/Hunting-Process-Injection-by-Windows-API-Calls.pdf

List of FileSignatures

https://en.wikipedia.org/wiki/List_of_file_signatures

APT Groupsand Operations

https://docs.google.com/spreadsheets/d/1H9_xaxQHpWaa4O_Son4Gx0YOIzlcBWMsdvePFX68EKU/pubhtml#

RansomwareOverview

https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml

APTnotes

https://github.com/kbandla/APTnotes

PDF Tricks

https://github.com/corkami/docs/blob/master/PDF/PDF.md

PE101

https://github.com/corkami/pics/blob/master/binary/pe101/pe101.pdf

WindowsForensics Analysis

https://www.sans.org/security-resources/posters/windows-forensic-analysis/170/download

WindowsArtifact Analysis

https://blogs.sans.org/computer-forensics/files/2012/06/SANS-Digital-Forensics-and-Incident-Response-Poster-2012.pdf

NetworkForensics and Analysis Poster

https://www.dfir.training/resources/downloads/cheatsheets-infographics/239-network-forensics-sans/file

CommonPorts

https://packetlife.net/media/library/23/common-ports.pdf

IDA ProShortcuts

https://www.hex-rays.com/products/ida/support/freefiles/IDA_Pro_Shortcuts.pdf

MalwareAnalysis Cheat Sheet

https://digital-forensics.sans.org/media/malware-analysis-cheat-sheet.pdf

AnalyzingMalicious Documents

https://zeltser.com/media/docs/analyzing-malicious-document-files.pdf

Tips forReverse Engineering Malicious Code

https://zeltser.com/media/docs/reverse-engineering-malicious-code-tips.pdf

ARMAssembly

Assembly Basics Cheatsheet

Dalvikopcodes

http://pallergabor.uw.hu/androidblog/dalvik_opcodes.html

恶意样本分析书籍

Practical Malware Analysis

https://malwareanalysis.co/wp-content/uploads/2019/09/Practical_Malware_Analysis.pdf

The IDAPro Book-2nd Edition

https://malwareanalysis.co/wp-content/uploads/2019/09/The-IDA-Pro-Book-2nd-Edition-2011.pdf

The Art ofMemory Forensics

https://malwareanalysis.co/wp-content/uploads/2019/09/The-Art-of-Memory-Forensics.pdf

MalwareAnalyst Cookbook

https://malwareanalysis.co/wp-content/uploads/2019/09/Malware-Analysts-Cookbook.pdf

PracticalReverse Engineering

https://malwareanalysis.co/wp-content/uploads/2019/09/Practical-Reverse-Engineering.pdf

PracticalPacket Analysis 3rd Edition

https://malwareanalysis.co/wp-content/uploads/2019/10/Practical-Packet-Analysis-Using-Wireshark-to-Solve-Real-World-Problems.pdf

AndroidMalware and Analysis

https://malwareanalysis.co/wp-content/uploads/2019/12/Android_Malware_and_Analysis.pdf

AndroidSecurity Internals

https://malwareanalysis.co/wp-content/uploads/2019/12/Android_Security_Internals.pdf

恶意样本培训课程

Intro to Malware Analysis and Reverse Engineering

https://www.cybrary.it/course/malware-analysis

FOR610:Reverse-Engineering Malware: Malware Analysis Tools and Techniques

https://www.sans.org/course/reverse-engineering-malware-malware-analysis-tools-techniques

MalwareAnalysis Master Course

https://www.fireeye.com/services/training/courses/malware-analysis-master-course.html

CertifiedMalware Reverse Engineer

https://www.crest-approved.org/examination/malware-reverse-engineer/index.html

ARES(Advanced Reverse Engineering of Software)

https://www.elearnsecurity.com/course/advanced_reverse_engineering_of_software

RPISEC

https://github.com/RPISEC/Malware

MalwareDynamic Analysis / Reverse Engineering Malware

http://opensecuritytraining.info/MalwareDynamicAnalysis.html

http://opensecuritytraining.info/ReverseEngineeringMalware.html

PracticalMalware Analysis Labs

https://github.com/mikesiko/PracticalMalwareAnalysis-Labs

Zero 2Hero

https://www.sentinelone.com/lp/zero2hero

需要关于的一些Twitter

https://twitter.com/malwrhunterteam

https://twitter.com/taosecurity

https://twitter.com/OpenMalware

https://twitter.com/monnappa22

https://twitter.com/iMHLv2

https://twitter.com/MalwarePatrol

https://twitter.com/repmovsb

https://twitter.com/Hexacorn

https://twitter.com/idonaor1

https://twitter.com/virusbay_io

https://twitter.com/hasherezade

https://twitter.com/patrickwardle

https://twitter.com/attrc

https://twitter.com/vk_intel

https://twitter.com/binitamshah

https://twitter.com/botherder

https://twitter.com/mephux

https://twitter.com/hiddenillusion

https://twitter.com/hectaman

https://twitter.com/lennyzeltser

https://twitter.com/struppigel

https://twitter.com/skier_t

https://twitter.com/0xAmit

https://twitter.com/x0rz

https://twitter.com/demonslay335

https://twitter.com/0xffff0800

https://twitter.com/ochsenmeier

https://twitter.com/idatips

https://twitter.com/enigma0x3

https://twitter.com/GHIDRA_RE

https://twitter.com/volatility

https://twitter.com/Unit42_Intel

https://twitter.com/makflwana

https://twitter.com/mal_share

https://twitter.com/JakubKroustek

https://twitter.com/MarceloRivero

https://twitter.com/0xcharlie

https://twitter.com/ashley_shen_920

https://twitter.com/alexsevtsov

https://twitter.com/ale_sp_brazil

https://twitter.com/mayahustle

https://twitter.com/tomchop_

https://twitter.com/MalwareTechBlog

https://twitter.com/malwrhunterteam

https://twitter.com/bbaskin

https://twitter.com/albertzsigovits

https://twitter.com/JaromirHorejsi

恶意样本分析视频网站、论坛和博客

视频网站

MalwareAnalysis For Hedgehogs-Malware analysis and reverse engineering

https://www.youtube.com/channel/UCVFXrUwuWxNlm6UNZtBLJ-A

ColinHardy – Malware analysis, reverse engineering andmore

https://www.youtube.com/channel/UCND1KVdVt8A580SjdaS4cZg

SANSDigital Forensics and Incident Response – Malwareanalysis, digital forensics and more

https://www.youtube.com/user/robtlee73

OALabs – Malware analysis, reverse engineering and more

https://www.youtube.com/channel/UC–DwaiMV-jtO-6EvmKOnqg

HackerSploit – Malware analysis, reverse engineering and more

https://www.youtube.com/channel/UC0ZTPkdxlAKf-V33tqXwi3Q

Ring ZeroLabs – Malware analysis

https://www.youtube.com/user/H4rM0n1cH4cK

KindredSecurity – Malware analysis and more

https://www.youtube.com/channel/UCwTH3RkRCIE35RJ16Nh8V8Q

Monnappa KA – Malware analysis, memory forensics and more

https://www.youtube.com/user/hackycracky22

LukasStefanko – Android malware analysis

https://www.youtube.com/channel/UCg08SXtXlfADk4yAODpShfQ

论坛

KernelMode

https://www.kernelmode.info/forum

Reddit

https://www.reddit.com/r/ReverseEngineering

HackForums

https://hackforums.net

oxooSec

https://0x00sec.org

博客

MalwareTech

https://www.malwaretech.com

MalwareTraffic Analysis

https://www.malware-traffic-analysis.net

LennyZeltser Blog

https://zeltser.com/blog

hasherezade’s 1001 nights

https://hshrzd.wordpress.com

FireEyeBlog

https://www.fireeye.com/blog.html

VirusBayBlog

https://www.blog.virusbay.io

CyberBitBlog

https://www.cyberbit.com/blog

CybereasonBlog

https://www.cybereason.com/blog

MalwareMust Die

https://blog.malwaremustdie.org

Unit42Palo Alto

https://unit42.paloaltonetworks.com

EnsiloBreaking Malware

https://blog.ensilo.com/topic/ensilo-breaking-malware

LukasStefanko Blog

https://lukasstefanko.com

GhettoForensics

http://www.ghettoforensics.com/

Modexp

https://modexp.wordpress.com

Hexacorn

http://www.hexacorn.com/blog/

Fumik0_’s box

https://fumik0.com

还有笔者的博客,哈哈哈哈

MalwareAnalysis

https://www.malwareanalysis.cn

近期国外又推出一本新书叫《Mastering Malware Analysis》,还不错,内容比较丰富,很适合入门学习,里面包含:寄存器基础知识,静态动态分析方法,进程注入,反调试,漏洞原理分析研究,ShellCode,混淆脱壳,以及各种不同语言,不同平台的样本分析技术,网上已经有电子版,可以去搜索下载学习

1.A Crash Course in CISC/RISC and ProgrammingBasics

2.Basic Static and Dynamic Analysis forx86/x64

3.Unpacking, Decryption, and Deobfuscation

4.Inspecting Process Injection and APIHooking

5.Bypassing Anti-Reverse EngineeringTechniques

6.Understanding Kernel-Mode Rootkits

7.Handling Exploits and Shellcode

8.Reversing Bytecode Languages:.NET,Java, andMore

9.Scripts and Macros:Reversing,Deobfuscation,and Debugging

10.Dissecting Linux and IoT Malware

11.Introduction to macOS and iOS Threats

12.Analyzing Android Malware Samples

全球各地每天都在发生各种恶意软件攻击事件,不断有新的恶意软件出现,已知的恶意软件家族也在不断变种,同时新的黑客组织不断涌现,旧的成熟的黑客组织也在研究新的网络攻击武器,开发新型的恶意软件,然而现在国内关注和了解的人可能并不多,深入逆向分析、追踪研究的人就更少了,最近几年其实各种针对企业或特定目标发起的恶意软件攻击事件层出不穷,安全的本质永远是人与人的对抗,黑客组织会永不停止地开发和更新各种新型的恶意软件并对目标发起网络攻击,做安全与做黑产最直接的对抗就是恶意样本,攻与防永不停止,恶意样本更是无处不在,明年笔者将组建一支专业的恶意软件研究攻防小组,专注于全球最新最流行的各种恶意样本的分析与研究,致力于打造全球最专业的恶意样本研究小组,需要更多专业的安全研究人员,有兴趣的可以私聊笔者,加入进来,跟笔者一起努力,同时笔者所在公司需要各种专业的安全人才,有兴趣的都可以私聊发简历给我,微信:pandazhengzheng,希望将来能一起共事!

其实之前也给大家分享过很多资料,做这行需要自己花费大量的时间去研究,不是一朝一夕的事,活到老,学到老,很多人可能只是浅尝而止,还有一些人,只会夸夸其谈,其实根本不懂,不管哪个行业,永远不要去听取一些不专业的人给你的任何建议,任何一个行业都需要专业的人来做专业的事,你要做的就是坚持到底,才能有所收获,才能成为行业真正的领者导!往期精彩回顾(笔者整理了2019年的文章,在家无聊的时候也可以翻看一下)【2019】安全分析与研究文章汇总

想解锁更多安全分析与研究的各种姿势,想在安全的路上多几个引路人,可以加入知识星球进行学习讨论,加入星球的朋友可以加入《安全分析与研究》专业群,与群里的各位安全研究员一起交流,讨论,研究各种安全技术,让你在学习成长的路上多一个伙伴,共同学习,共同成长

安全的路还很长,贵在坚持,做安全的要少熬夜,注意身体……

类似文章

发表回复

您的邮箱地址不会被公开。 必填项已用 * 标注