Reversing & Malware Analysis Training - Reference Guide

ere is the complete reference guide to all sessions of our Reverse Engineering & Malware Analysis Training program.

Part 1 - Lab Setup Guide  Virtualization: VmWare - http://www.vmware.com/ VirtualBox - https://www.virtualbox.org/  Tools Development: Compilers/IDE: Dev C++ - http://www.bloodshed.net/devcpp.html Microsoft Visual C++ - http://www.microsoft.com/visualstudio/en-us/products/2010-editions/visual-cpp-express  Assemblers: MASM - http://www.masm32.com/ NASM - http://www.nasm.us/ WinAsm (IDE) - http://www.winasm.net/ Langugages: Python - http://python.org/ Tools Reverse Engineering: Disassembler: IDA (5.0) - http://www.hex-rays.com/products/ida/support/download.shtml Debuggers: OllyDbg - http://www.ollydbg.de/ Immunity Debugger - http://immunityinc.com/products-immdbg.shtml Windbg - http://msdn.microsoft.com/en-us/windows/hardware/gg463009 Pydbg - http://code.google.com/p/paimei/ PE file Format: PEView - http://www.magma.ca/~wjr/ PEBrowse - http://www.smidgeonsoft.prohosting.com/pebrowse-pro-file-viewer.html LordPE - http://www.woodmann.com/collaborative/tools/index.php/LordPE ImpRec - http://www.woodmann.com/collaborative/tools/index.php/ImpREC PEid - http://www.peid.info/ vi. ExeScan - http://securityxploded.com/exe-scan.php Process: ProcMon - http://technet.microsoft.com/en-us/sysinternals/bb896645 Process Explorer - http://technet.microsoft.com/en-us/sysinternals/bb896653 Network: WireShark - http://www.wireshark.org/ TcpView - http://technet.microsoft.com/en-us/sysinternals/bb897437 File and Registry: Regshot: http://sourceforge.net/projects/regshot/ Capturebat - http://www.honeynet.org/node/315 InstallWatchPro. - http://www.brothersoft.com/downloads/installwatch-pro-2.5c.html FileMon - http://technet.microsoft.com/en-us/sysinternals/bb896642 Misc: CFFexplorer - http://www.ntcore.com/exsuite.php Notepad++ - http://notepad-plus-plus.org/ Dependency walker - http://www.dependencywalker.com/ Sysinternal Tools - http://technet.microsoft.com/en-us/sysinternals/bb842062

Part 2 - Introduction to Windows Internals Book: Windows Internals 5th Edition - Chapter 1, 2, 3, 5, 9 Windows Architecture - http://technet.microsoft.com/en-us/library/cc768129.aspx Book: RootKit Arsenal - Part 1 - Windows System Architecture System Service Dispatching - http://www.codeproject.com/KB/system/hide-driver/NtCallScheme_small.png

Part 3 - Windows PE File Format Basics Portable Executable File Format - A Reverse Engineer View - Goppit - http://ivanlef0u.fr/repo/windoz/pe/CBM_1_2_2006_Goppit_PE_Format_Reverse_Engineer_View.pdf An In-Depth Look into the Win32 Portable Executable File Format by Matt Pietrek http://msdn.microsoft.com/en-us/magazine/cc301805.aspx Lena 151 tutorials - http://tuts4you.com/download.php?list.17 Icezelion's PE tutorials - http://win32assembly.online.fr/tutorials.html

Part 4 - Assembly Programming Basics Assembly Programming: A Beginners Guide - http://securityxploded.com/assembly-programming-beginners-guide.php Icezelion's Win32 Assembly Programming Tutorials  - http://win32assembly.online.fr/tutorials.html Function Calling Convention Demystified - http://www.codeproject.com/KB/cpp/calling_conventions_demystified.aspx Intel Manual – Volume 2 (Instruction set), Volume 3 (system programming 3A) - http://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-manual-325462.pdf