Wednesday 29 February 2012

Reversing & Malware Analysis Training - Reference Guide

ere is the complete reference guide to all sessions of our Reverse Engineering & Malware Analysis Training program.


Part 1 - Lab Setup Guide

  1.  Virtualization:
    1. VmWare - http://www.vmware.com/
    2. VirtualBox - https://www.virtualbox.org/
  2.  Tools Development:
    1. Compilers/IDE:
      1. Dev C++ - http://www.bloodshed.net/devcpp.html
      2. Microsoft Visual C++ - http://www.microsoft.com/visualstudio/en-us/products/2010-editions/visual-cpp-express
    2.  Assemblers:
      1. MASM - http://www.masm32.com/
      2. NASM - http://www.nasm.us/
      3. WinAsm (IDE) - http://www.winasm.net/
    3. Langugages:
      1. Python - http://python.org/
  3. Tools Reverse Engineering:
    1. Disassembler:
      1. IDA (5.0) - http://www.hex-rays.com/products/ida/support/download.shtml
    2. Debuggers:
      1. OllyDbg - http://www.ollydbg.de/
      2. Immunity Debugger - http://immunityinc.com/products-immdbg.shtml
      3. Windbg - http://msdn.microsoft.com/en-us/windows/hardware/gg463009
      4. Pydbg - http://code.google.com/p/paimei/
    3. PE file Format:
      1. PEView - http://www.magma.ca/~wjr/
      2. PEBrowse - http://www.smidgeonsoft.prohosting.com/pebrowse-pro-file-viewer.html
      3. LordPE - http://www.woodmann.com/collaborative/tools/index.php/LordPE
      4. ImpRec - http://www.woodmann.com/collaborative/tools/index.php/ImpREC
      5. PEid - http://www.peid.info/ vi. ExeScan - http://securityxploded.com/exe-scan.php
    4. Process:
      1. ProcMon - http://technet.microsoft.com/en-us/sysinternals/bb896645
      2. Process Explorer - http://technet.microsoft.com/en-us/sysinternals/bb896653
    5. Network:
      1. WireShark - http://www.wireshark.org/
      2. TcpView - http://technet.microsoft.com/en-us/sysinternals/bb897437
    6. File and Registry:
      1. Regshot: http://sourceforge.net/projects/regshot/
      2. Capturebat - http://www.honeynet.org/node/315
      3. InstallWatchPro. - http://www.brothersoft.com/downloads/installwatch-pro-2.5c.html
      4. FileMon - http://technet.microsoft.com/en-us/sysinternals/bb896642
    7. Misc:
      1. CFFexplorer - http://www.ntcore.com/exsuite.php
      2. Notepad++ - http://notepad-plus-plus.org/
      3. Dependency walker - http://www.dependencywalker.com/
      4. Sysinternal Tools - http://technet.microsoft.com/en-us/sysinternals/bb842062


Part 2 - Introduction to Windows Internals

  1. Book: Windows Internals 5th Edition - Chapter 1, 2, 3, 5, 9
  2. Windows Architecture - http://technet.microsoft.com/en-us/library/cc768129.aspx
  3. Book: RootKit Arsenal - Part 1 - Windows System Architecture
  4. System Service Dispatching - http://www.codeproject.com/KB/system/hide-driver/NtCallScheme_small.png


Part 3 - Windows PE File Format Basics

  1. Portable Executable File Format - A Reverse Engineer View - Goppit - http://ivanlef0u.fr/repo/windoz/pe/CBM_1_2_2006_Goppit_PE_Format_Reverse_Engineer_View.pdf
  2. An In-Depth Look into the Win32 Portable Executable File Format by Matt Pietrek http://msdn.microsoft.com/en-us/magazine/cc301805.aspx
  3. Lena 151 tutorials - http://tuts4you.com/download.php?list.17
  4. Icezelion's PE tutorials - http://win32assembly.online.fr/tutorials.html


Part 4 - Assembly Programming Basics

  1. Assembly Programming: A Beginners Guide - http://securityxploded.com/assembly-programming-beginners-guide.php
  2. Icezelion's Win32 Assembly Programming Tutorials  - http://win32assembly.online.fr/tutorials.html
  3. Function Calling Convention Demystified - http://www.codeproject.com/KB/cpp/calling_conventions_demystified.aspx
  4. Intel Manual – Volume 2 (Instruction set), Volume 3 (system programming 3A) -
    http://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-manual-325462.pdf

No comments:

Post a Comment