一、恶意样本分析工具

Windows平台恶意样本分析工具

https://malwareanalysis.co/resources/tools/windows/

Mac平台恶意样本分析工具

https://malwareanalysis.co/resources/tools/macos/

Linux平台恶意样本分析工具

https://malwareanalysis.co/resources/tools/linux/

Android平台恶意样本分析工具

https://malwareanalysis.co/resources/tools/android/

二、在线分析沙箱

Hybrid Analysis

https://malwareanalysis.co/resources/tools/android/

SNDBOX

https://app.sndbox.com/

Intezer

https://analyze.intezer.com/

App Any Run

https://app.any.run/

anlyz.io

https://sandbox.anlyz.io/dashboard

YOMI

https://yomi.yoroi.company/

Amnpardaz Sandbox

http://jevereg.amnpardaz.com/

iobit

http://cloud.iobit.com/

CAPE

https://cape.contextis.com/

AVCaesar

https://avcaesar.malware.lu/

Noriben

https://github.com/Rurik/Noriben

AVC(APK分析沙箱)

https://undroid.av-comparatives.org/

三、威胁情报源

ThreatConnect

https://app.threatconnect.com/

IBM Xforce

https://exchange.xforce.ibmcloud.com/

RiskIQ

https://community.riskiq.com/

BlueLiv Community

https://community.blueliv.com/#!/discover

pulsedive

https://pulsedive.com/

AbuseIPDB

https://www.abuseipdb.com/

IntelStack

https://intelstack.com/

AlienVault OTX

https://otx.alienvault.com/

MISP

https://www.misp-project.org/

OpenCTI

https://github.com/OpenCTI-Platform/opencti

MalDatabase

https://maldatabase.com/

Threatfeeds

https://threatfeeds.io/

ThreatPipes

https://www.threatpipes.com/

Shodan

https://www.shodan.io/

Censys

https://censys.io/

四、Cheat Sheets

Hunting Process Injection by Windows API Calls

https://malwareanalysis.co/wp-content/uploads/2019/11/Hunting-Process-Injection-by-Windows-API-Calls.pdf

List of File Signatures

https://en.wikipedia.org/wiki/List_of_file_signatures

APT Groups and Operations

https://docs.google.com/spreadsheets/d/1H9_xaxQHpWaa4O_Son4Gx0YOIzlcBWMsdvePFX68EKU/pubhtml#

Ransomware Overview

https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml

APTnotes

https://github.com/kbandla/APTnotes

PDF Tricks

https://github.com/corkami/docs/blob/master/PDF/PDF.md

PE101

https://github.com/corkami/pics/blob/master/binary/pe101/pe101.pdf

Windows Forensics Analysis

https://www.sans.org/security-resources/posters/windows-forensic-analysis/170/download

Windows Artifact Analysis

https://blogs.sans.org/computer-forensics/files/2012/06/SANS-Digital-Forensics-and-Incident-Response-Poster-2012.pdf

Network Forensics and Analysis Poster

https://www.dfir.training/resources/downloads/cheatsheets-infographics/239-network-forensics-sans/file

Common Ports

https://packetlife.net/media/library/23/common-ports.pdf

IDA Pro Shortcuts

https://www.hex-rays.com/products/ida/support/freefiles/IDA_Pro_Shortcuts.pdf

Malware Analysis Cheat Sheet

https://digital-forensics.sans.org/media/malware-analysis-cheat-sheet.pdf

Analyzing Malicious Documents

https://zeltser.com/media/docs/analyzing-malicious-document-files.pdf

Tips for Reverse Engineering Malicious Code

https://zeltser.com/media/docs/reverse-engineering-malicious-code-tips.pdf

ARM Assembly

https://azeria-labs.com/assembly-basics-cheatsheet/

Dalvik opcodes

http://pallergabor.uw.hu/androidblog/dalvik_opcodes.html

五、恶意样本分析书籍

Practical Malware Analysis

https://malwareanalysis.co/wp-content/uploads/2019/09/Practical_Malware_Analysis.pdf

The IDA Pro Book-2^nd Edition

https://malwareanalysis.co/wp-content/uploads/2019/09/The-IDA-Pro-Book-2nd-Edition-2011.pdf

The Art of Memory Forensics

https://malwareanalysis.co/wp-content/uploads/2019/09/The-Art-of-Memory-Forensics.pdf

Malware Analyst Cookbook

https://malwareanalysis.co/wp-content/uploads/2019/09/Malware-Analysts-Cookbook.pdf

Practical Reverse Engineering

https://malwareanalysis.co/wp-content/uploads/2019/09/Practical-Reverse-Engineering.pdf

Rootkits and Bootkits

https://www.amazon.com/Rootkits-Bootkits-Reversing-Malware-Generation/dp/1593277164/

Art of Computer Virus Research and Defense

https://www.amazon.com/The-Computer-Virus-Research-Defense/dp/0321304543

Reversing: Secrets of Reverse Engineering

https://www.amazon.com/Reversing-Secrets-Engineering-Eldad-Eilam/dp/0764574817

Learning Malware Analysis: Explore the concepts, tools, and techniques to analyze and investigate Windows malware

https://www.amazon.com/Learning-Malware-Analysis-techniques-investigate/dp/1788392507

Mastering Malware Analysis

https://www.amazon.com/Mastering-Malware-Analysis-combating-cybercrime/dp/1789610788

Malware Data Science

https://www.amazon.com/Malware-Data-Science-Detection-Attribution/dp/1593278594

Practical Binary Analysis

https://www.amazon.com/Practical-Binary-Analysis-Instrumentation-Disassembly/dp/1593279124

Windows Internals 7^th Edition

https://www.amazon.com/Windows-Internals-Part-architecture-management/dp/0735684189/

https://www.amazon.com/Windows-Internals-Part-2-7th/dp/0135462401

Practical Packet Analysis 3rd Edition

https://malwareanalysis.co/wp-content/uploads/2019/10/Practical-Packet-Analysis-Using-Wireshark-to-Solve-Real-World-Problems.pdf

Android Malware and Analysis

https://malwareanalysis.co/wp-content/uploads/2019/12/Android_Malware_and_Analysis.pdf

Android Security Internals

https://malwareanalysis.co/wp-content/uploads/2019/12/Android_Security_Internals.pdf

六、恶意样本培训课程

Intro to Malware Analysis and Reverse Engineering

https://www.cybrary.it/course/malware-analysis/

FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques

https://www.sans.org/course/reverse-engineering-malware-malware-analysis-tools-techniques

Malware Analysis Master Course

https://www.fireeye.com/services/training/courses/malware-analysis-master-course.html

Certified Malware Reverse Engineer

https://www.crest-approved.org/examination/malware-reverse-engineer/index.html

ARES (Advanced Reverse Engineering of Software)

https://www.elearnsecurity.com/course/advanced_reverse_engineering_of_software/

RPISEC

https://github.com/RPISEC/Malware

Malware Dynamic Analysis / Reverse Engineering Malware

http://opensecuritytraining.info/MalwareDynamicAnalysis.html

http://opensecuritytraining.info/ReverseEngineeringMalware.html

Practical Malware Analysis Labs

https://github.com/mikesiko/PracticalMalwareAnalysis-Labs

Zero 2 Hero

https://www.sentinelone.com/lp/zero2hero/

七、恶意样本分析Twitter

https://twitter.com/malwrhunterteam

https://twitter.com/taosecurity

https://twitter.com/OpenMalware

https://twitter.com/monnappa22

https://twitter.com/iMHLv2

https://twitter.com/MalwarePatrol

https://twitter.com/repmovsb

https://twitter.com/Hexacorn

https://twitter.com/idonaor1

https://twitter.com/virusbay_io

https://twitter.com/hasherezade

https://twitter.com/patrickwardle

https://twitter.com/attrc

https://twitter.com/vk_intel

https://twitter.com/binitamshah

https://twitter.com/botherder

https://twitter.com/mephux

https://twitter.com/hiddenillusion

https://twitter.com/hectaman

https://twitter.com/lennyzeltser

https://twitter.com/struppigel

https://twitter.com/skier_t

https://twitter.com/0xAmit

https://twitter.com/x0rz

https://twitter.com/demonslay335

https://twitter.com/0xffff0800

https://twitter.com/ochsenmeier

https://twitter.com/idatips

https://twitter.com/enigma0x3

https://twitter.com/GHIDRA_RE

https://twitter.com/volatility

https://twitter.com/Unit42_Intel

https://twitter.com/makflwana

https://twitter.com/mal_share

https://twitter.com/JakubKroustek

https://twitter.com/MarceloRivero

https://twitter.com/0xcharlie

https://twitter.com/ashley_shen_920

https://twitter.com/alexsevtsov

https://twitter.com/ale_sp_brazil

https://twitter.com/mayahustle

https://twitter.com/tomchop_

https://twitter.com/MalwareTechBlog

https://twitter.com/malwrhunterteam

https://twitter.com/bbaskin

https://twitter.com/albertzsigovits

https://twitter.com/JaromirHorejsi

八、恶意样本分析视频网站、论坛和博客

视频网站

Malware Analysis For Hedgehogs-Malware analysis and reverse engineering

https://www.youtube.com/channel/UCVFXrUwuWxNlm6UNZtBLJ-A

Colin Hardy – Malware analysis, reverse engineering and more

https://www.youtube.com/channel/UCND1KVdVt8A580SjdaS4cZg

SANS Digital Forensics and Incident Response – Malware analysis, digital forensics and more

https://www.youtube.com/user/robtlee73

OALabs – Malware analysis, reverse engineering and more

https://www.youtube.com/channel/UC–DwaiMV-jtO-6EvmKOnqg

HackerSploit – Malware analysis, reverse engineering and more

https://www.youtube.com/channel/UC0ZTPkdxlAKf-V33tqXwi3Q

Ring Zero Labs – Malware analysis

https://www.youtube.com/user/H4rM0n1cH4cK

Kindred Security – Malware analysis and more

https://www.youtube.com/channel/UCwTH3RkRCIE35RJ16Nh8V8Q

Monnappa K A – Malware analysis, memory forensics and more

https://www.youtube.com/user/hackycracky22

Lukas Stefanko – Android malware analysis

https://www.youtube.com/channel/UCg08SXtXlfADk4yAODpShfQ/

论坛

KernelMode

https://www.kernelmode.info/forum/

Reddit

https://www.reddit.com/r/ReverseEngineering/

HackForums

https://hackforums.net/

oxooSec

https://0x00sec.org/

博客

MalwareTech

https://www.malwaretech.com/

Malware Traffic Analysis

https://www.malware-traffic-analysis.net/

Lenny Zeltser Blog

https://zeltser.com/blog/

hasherezade’s 1001 nights

https://hshrzd.wordpress.com/

FireEye Blog

https://www.fireeye.com/blog.html

VirusBay Blog

https://www.blog.virusbay.io/

CyberBit Blog

https://www.cyberbit.com/blog/

Cybereason Blog

https://www.cybereason.com/blog

Malware Must Die

https://blog.malwaremustdie.org/

Unit42 Palo Alto

https://unit42.paloaltonetworks.com/

Ensilo Breaking Malware

https://blog.ensilo.com/topic/ensilo-breaking-malware

Lukas Stefanko Blog

https://lukasstefanko.com/

Ghetto Forensics

http://www.ghettoforensics.com/

Modexp

https://modexp.wordpress.com/

Hexacorn

http://www.hexacorn.com/blog/

Fumik0_’s box

https://fumik0.com/