Malware Analysis Tutorial

Resources to get you started:

  1. Introduction to Malware Analysis Webcast
  2. Using VMware for Malware Analysis
  3. Building a Malware Analysis Toolkit Using Free Tools

Basic Training/Tutorials Video:

  1. Windows ASM
  2. Linux ASM
  3. Buffer Overflow
  4. Format String Vulnerability
  5. Binary Auditing (Training Materials for University Lecturers)

Exercises:

Ms. Moneymany’s Mysterious Malware

Solutions to exercises:

Answers to the Ms. Moneymany’s puzzle.

All about Viruses

The Giant Black Book of Computer Virus

Malware Analysis Tutorial:

The Legend of Random (Reverse Eng Tutorial)

Edgis Security

Dr. Fu’ Security Blog (static and behavior)

Malware Samples Sites:

Contagio

KernelMode  (Focuses on Win32 and novel rootkit techniques)

DamageLab.org (People occasionally will post their unpacked executables here, which differ from ‘in the wild’ executables they are seeking to drop on victim’s computers, but interesting none the less, many many rips of more well known techniques and software ranging from TDL to Zeus can be found at sites like this)

MalwareBlackList

Malware.lu

Malware URLs. This is a list I maintain myself and is updated daily. Here you will find many live malware samples. Be careful and don’t open the URLs in a browser

Open Malware. This is the new site for the old Offensive Computing.

VirusShare.com, which has about 5.6 million samples. You will need to request access, but explain your research intention.

Malware Domain List

URL Query

Malekal.com list of malware

VX Vault

Site Inspector (by Comodo)

Scumware.org

Malc0de Database

Sucuri Malware LabsClean-MX Realtime database

Sourcefire Vulnerability Research Team Labs

Zeus Tracker

NovCon Minotaur Analysis System

malshare

malwaretips.com

virussign.com

Tekdefense

Tools for collecting malware:

Maltrieve

Dionaea Honeypots

Thug – Client Side Honeypot

Analyzing Malwares:

Binary Auditing Using IDA Pro Tutorial

Vadim Kotov analyzing Trojan Win32 Yakes

Other Blogs

Analyzing Malware from PCAP files – Networktotal

Malware evading Process Monitoring (Fireeye article)

Analysis of Flame (relationship with Duqu and Stuxnet)

Memory Dump Analysis

Malware.lu Technical Analysis (Analyzing various malware)

Open Source Collection of Android Malware Analysis Tools – AndroGuard

Analyzing Unknown Malware

REMnux: A Linux Distribution for Reverse-Engineering Malware

Madiant for malware research

Static Analysis

PeStudio from Winitor

NSA on Static Analysis

Video Tutorial:

Part I (from eLearnSecurity)

Part II (from eLearnSecurity)

Behavior Analysis Tools

Jaquelin Win 32 Override Tools (API Hooking)

PE (Portable Executable)

Microsoft PE and COFF Spec

PEStudio

PEdump (online version pedump.me)

Stud_PE (PE Viewer/Editor)

Shellcode Tutorial

Project Shellcode

Packers

Building your own packers

PE Obfuscator 

UPX for executables

PE File Compressor/Protector

Unpacker Tools

VMUnpacker

Dynamic Binary Instrumentation

Intel Pin Tool

DynInst

Valgrind

Reverse Engineering Tutorials & Tools

MEH Repository Indonesia

Woodman Crackz Tools

The Legend of Random

Malware Reversing Blog

Analysis of various Malware

Analysis of Zembro Bot

Malware that detects sandbox

Framer Analysis (by ESET)

Android Malware Analysis

Reversing Matsnu Malware Family

Gauss Malware (a cyber-espionage toolkit based on the Flame platform) Analysis

Reverse Engineering Tutorial

Malware Sandboxes:

GFI Malware Sandbox

CWSandbox

Xandora

Anubis

Comodo CAMAS

Norman Sandbox

Malbox

DELL SecureWorks Truman

Cuckoo Sandbox

Buster Sandbox Analyzer

BitBlaze

MiniBis

Zero Wine

Norman Malware Analyzer G2

Joe Sandbox

CopperDroid

Distributed Task Queue

Queuing Malware for Malware Analysis – Celery

Analyzing Malicious Website:

My Web of Trust (http://www.mywot.com)

Unmask content (http://www.unmaskcontent.com/)

Hurl it (http://www.hurl.it/)

Urlquery (http://urlquery.net)

Urlvoid (http://urlvoid.com/)

Malware Classification/Clustering (online)

Simseer (Malware Similarity and Clustering)

Malwr.com (Malware Behavior Analysis)

Data Mining Project (Classification of Packed Executables for Accurate Computer Virus Detection)

Honeypots/Honeynets

Experimenting with Honeypots Using The Modern Honey Network

Wordpot – WordPress Honeypot

Shockpot – WebApp Honeypot for detecting Shell Shock exploit attempts

Beeswarm – Active IDS made easy

Indicator of Compromise

IOC Scanner – LOKI

Anti-Virtualization

VM Detection tool – scoopyng