PracticalMalwareAnalysis-Labs
flare-vm
| PracticalMalwareAnalysis-Labs | flare-vm | |
|---|---|---|
| 10 | 23 | |
| 1,031 | 5,871 | |
| - | 1.8% | |
| 0.0 | 8.0 | |
| almost 2 years ago | 17 days ago | |
| PowerShell | ||
| - | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
PracticalMalwareAnalysis-Labs
- Practical Malware Analysis (Book)
- Easy malware samples
-
Looking for x86 Assembly learning material
If you google the book title the pdf version will come right up. Download the lab binaries from here
-
What is the most difficult specialization within Cybersecurity?
If anyone is interested in learning about it, the malware reverse engineering course I took in university was based on the book Practical Malware Analysis. I thought it was pretty good, and it even includes practice files, programs, and exercises to practice using the tool it teaches you. You can find those here.
-
What are some good resources to learn about reverse engineering and computer architecture?
Tools & Explanations: -OllyDbg, IdaPro, and Ghidra: static analysis and recompiling -ProcMon and ProcessHacker: for dynamic analysis, shows detailed system log of what happens after PE executable is run -TCPView and WireShark: Checks to see if program reaches out to internet -Win7/XP: for testing (defender for win 10 is too good for practice situations) -DiE (Detect It Easy)/PE View: to get overview on executable's header and whether it contains a packed program or not -Learn C: C is lowest level language and can give insight on how you may think about machine code Website: CyberStart, TryHackMe, MetaCTF, Practical Malware Analysis
- book suggestion
- Practical malware analysis book versions
-
"Easy" malware samples.
Check out the samples that were created for the Practical Malware Analysis book lab exercises: https://github.com/mikesiko/PracticalMalwareAnalysis-Labs
flare-vm
-
Looking for x86 Assembly learning material
Follow the instructions here to setup a FLARE vm which will have all the tools you need for the labs in the book flare vm
-
Small company, small analysis Platform
FLARE VM: this is a boxstarter from Mandiant to add a bunch of tools to Windows for malware analysis
-
Home lab for cybersecurity
build it as a proxmox host and have a malware analysis VM (flare-vm for example - https://github.com/mandiant/flare-vm) you can then interact with it via Console or host another VM as an SSH jump box and ssh tunnel to port 3389 on the malware vm
- Ma poate ajuta cineva ? Am descărcat ceva de pe filelist si după am întâmpinat asta.
- Any sandbox app (Windows or Linux) that supports network routing?
-
OS Recommendations for DFIR
FLARE VM: a Windows toolkit for malware analysis from Mandiant: https://github.com/mandiant/flare-vm
-
L1 analysts, do you do malware analysis? If so how often?
I usually run it in virtualbox without guest additions, get one of those free windows 10 isos from microsoft and install the mandiant flare vm on it ( https://github.com/mandiant/flare-vm ), after everything is installed i keep a snapshot of the windows machine with everything set up so i dont have to do it all again and once its done i set the network to internal and set set up inetsim on remnux as well if im going to do dynamic analysis so that i have an internet simulator that the malware can talk to.
-
How do you setup a malware analysis sandbox?
I use https://any.run for quick stuff or just fire my FlareVM up.
- Any distro for forensic blue team?
- How to set up a laptop as a dedicated mal-lab that has access to my home network for malware to send and receive traffic but cannot propagate to the rest of my devices?
What are some alternatives?
PMAT-labs - Labs for Practical Malware Analysis & Triage
commando-vm - Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. [email protected]
Malware-Exhibit - 🚀🚀 This is a 🎇🔥 REAL WORLD🔥 🎇 Malware Collection I have Compiled & analysed by researchers🔥 to understand more about Malware threats😈, analysis and mitigation🧐.
drakvuf-sandbox - DRAKVUF Sandbox - automated hypervisor-level malware analysis system
radare2 - UNIX-like reverse engineering framework and command-line toolset
flare-fakenet-ng - FakeNet-NG - Next Generation Dynamic Network Analysis Tool
Binance-APK-Analysis - Revealing secrets behind Binance Crypto Exchange platform through Android APK Analysis
pwndbg - Exploit Development and Reverse Engineering with GDB Made Easy
simplify - Android virtual machine and deobfuscator
Detect-It-Easy - Program for determining types of files for Windows, Linux and MacOS.
flare-ida - IDA Pro utilities from FLARE team
Dissertation-Ethical-Hacking - My Dissertation Project - Focused on creating a safe, but extremely vulnerable web application to provide a learning environment teaching good coding practices and ethics when it comes to web applications, while providing a playground to test exploits such as SQLi, various brute force attacks (using tools like BurpSuite), Persistent, Reflected, and DOM-based XSS spanning 3 levels of difficulty to be all-inclusive.