pandazheng / Threat-Intelligence-Analyst

威胁情报,恶意样本分析,开源Malware代码收集

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Threat-Intelligence-Analyst

威胁情报,恶意样本分析,自动化python脚本,开源Malware代码收集,APT攻击安例相关

TI威胁情报

https://start.me/p/rxRbpo/ti

Analyzing Malicious Password Protected Office Documents

https://r3mrum.wordpress.com/2017/06/29/analyzing-malicious-password-protected-office-documents/

Hack

https://github.com/Hack-with-Github/Awesome-Hacking

恶意软件分析大合集

https://github.com/rshipp/awesome-malware-analysis
https://github.com/wtsxDev/Malware-Analysis
https://github.com/CHYbeta/Software-Security-Learning

LifeOfBinarie

http://www.opensecuritytraining.info/LifeOfBinaries.html

PNG Payload

https://www.anquanke.com/post/id/166451

Malware Sample Source

https://zeltser.com/malware-sample-sources/

Malware Analyst

https://pastebin.com/QXURDzmA

Malware分析文章

http://reversingminds-blog.logdown.com/
https://cysinfo.com/category/training/malware-analysis/

恶意样本分析

http://blog.nsfocus.net/malware-sample-analysis-summary/

Resources for Learning Reverse Engineering

http://jackson-t.ca/re-resources.html

病毒分类

https://www.virusradar.com/en/glossary

在线检测恶意软件网站

https://www.hybrid-analysis.com/
https://www.virustotal.com/#/home/upload
https://www.reverse.it/
https://www.maldun.com/submit/submit_file/
https://habo.qq.com/
https://www.joesandbox.com/
https://virusscan.jotti.org/
http://www.threatexpert.com/submit.aspx
http://virscan.org/
https://any.run/
https://id-ransomware.malwarehunterteam.com/
https://www.vmray.com

用命令行与Python使用YARA规则-识别恶意木马必备

https://bbs.pediy.com/thread-223070.htm

ida视频

http://hdvidzpro.pro/video/ida-tutorial

恶意样本分析

https://secrary.com/ReversingMalware/CoinMiner/
https://secrary.com/ReversingMalware
https://secrary.com/ReversingMalware/Upatre/
https://secrary.com/ReversingMalware/Mamba/
https://secrary.com/ReversingMalware/UnpackingShade/
https://secrary.com/ReversingMalware/Enosch/
https://www.anquanke.com/post/id/87172
http://blog.talosintelligence.com/2017/11/zeus-panda-campaign.html

Malware Sample Sources for Researchers

https://zeltser.com/malware-sample-sources/

List of Malware Sources

http://www.kernelmode.info/forum/viewtopic.php?f=16&t=308

WMI BackDoor

https://www.eideon.com/2018-03-02-THL03-WMIBackdoors/

IDA

http://kingerwu.com/2017/12/16/IDA%E6%93%8D%E4%BD%9C%E7%9F%A5%E8%AF%86%E8%AE%B0%E5%BD%95/#more

malware analysis labs

https://cybersecweb.wordpress.com/2016/07/12/malware-analysis-labs/

Exploitation Archives

https://rootkits.xyz/blog/tag/exploitation/

Exploits

https://0xrick.github.io/binary-exploitation/bof2/

VMP/TMD Unpack

OD调试过VMProtect虚拟机检测教程
https://www.52pojie.cn/thread-411742-1-1.html

TMD壳的脱壳(可能是2.1.8)
https://www.52pojie.cn/thread-675279-1-1.html

VMP v3.0.9过VMware检测
https://www.52pojie.cn/thread-635613-1-4.html

分析一个新型VM的CrackMe
https://www.52pojie.cn/thread-695729-1-1.html

MIPS 路由器木马

http://www.freebuf.com/articles/network/88798.html

勒索软件信息

https://www.botfrei.de/de/ransomware/galerie.html

Linux Kernel Debug

https://bbs.pediy.com/thread-226139.htm

PowerShell

https://docs.microsoft.com/zh-cn/powershell/scripting/powershell-scripting?view=powershell-6

Limon Sandbox For Analyzing Linux Malwares

https://malware-unplugged.blogspot.com/2015/11/limon-sandbox-for-analyzing-linux.html
https://www.blackhat.com/docs/eu-15/materials/eu-15-KA-Automating-Linux-Malware-Analysis-Using-Limon-Sandbox-wp.pdf
https://www.youtube.com/watch?v=fSCKyF--tRs&feature=youtu.be

Advanced Malware Analysis

https://cysinfo.com/category/training/advanced-malware-analysis/

WMI POWERSHELL 挖矿

http://www.freebuf.com/articles/network/163233.html

CTF

http://eternalsakura13.com/2018/03/21/lctf2/

CoinMiner

Linux.挖矿.cpuminer方法记录
http://www.bubuko.com/infodetail-2167951.html

Compile CPUminer under Linux CentOS
https://rumorscity.com/2014/01/04/compile-and-install-cpuminer-on-linux-centos/

搭建Redis&Minerd安全应急演练环境
http://www.freebuf.com/sectool/156904.html

centos 6.3 64位下cpuminer +mining_proxy 挖掘莱特币(LTC)教程
https://www.cnblogs.com/sixiweb/archive/2013/12/02/3454564.html

coinotron
https://www.coinotron.com

NET Malware

https://blogs.cisco.com/security/talos/reversing-multilayer-net-malware

URL

https://urlhaus.abuse.ch/browse/

Yara

http://www.freebuf.com/articles/system/26373.html
https://github.com/plusvic/yara/releases/tag/v2.0.0
https://yara.readthedocs.io/en/v3.5.0/gettingstarted.html
https://analysis.yararules.com/
https://github.com/Yara-Rules/rules
https://www.bsk-consulting.de/2015/02/16/write-simple-sound-yara-rules/
https://www.bsk-consulting.de/2015/10/17/how-to-write-simple-but-sound-yara-rules-part-2/
https://www.bsk-consulting.de/2016/04/15/how-to-write-simple-but-sound-yara-rules-part-3/

教你构建自己的yara数据库

http://blog.safedog.cn/?p=281

基础反调试技术总结

https://bbs.pediy.com/thread-212371.htm

ARM Exploit

http://www.freebuf.com/articles/terminal/107276.html

Linux下莱特币Litecoin挖矿教程
https://blog.linuxeye.cn/385.html

Linux 莱特币LTC CPU挖掘教程
http://www.iitshare.com/linux-litecoin-ltc-mining-tutorial.html

以太坊Linux系统挖矿教程
http://www.8btc.com/gpu-mining

莱特币ltc挖矿教程:cpu挖矿与gpu挖矿(详细图文)
http://www.mnw.cn/news/digi/699354.html

勒索软件分析报告

File-Locker Ransomware
https://www.bleepingcomputer.com/news/security/file-locker-ransomware-targets-korean-victims-and-asks-for-50k-won/

层层抽丝——GlobeImposter勒索病毒分析
https://bbs.ichunqiu.com/thread-30152-1-1.html

轻轻脱掉你的衣--宏病毒的*姿势
https://bbs.ichunqiu.com/thread-29739-1-2.html

揭秘Chimera勒索软件
http://www.freebuf.com/articles/system/112142.html

初步分析勒索软件ZEPTO
http://www.freebuf.com/articles/system/112328.html

新型恶意勒索软件cuteRansomware
http://www.freebuf.com/news/109242.html

使用AES-256加密算法的勒索软件SkidLocker分析
http://www.freebuf.com/articles/terminal/99153.html

NanoLocker勒索软件的逆向分析
http://www.freebuf.com/articles/network/94595.html

新型恶意勒索软件DMA Locker分析
http://www.freebuf.com/articles/network/96738.html

locky勒索软件恶意样本分析2
http://www.ithtw.com/thread-8888.htm

locky勒索软件恶意样本分析1
http://blog.topsec.com.cn/ad_lab/locky%E5%8B%92%E7%B4%A2%E8%BD%AF%E4%BB%B6%E6%81%B6%E6%84%8F%E6%A0%B7%E6%9C%AC%E5%88%86%E6%9E%90/

IoT安全:调试环境搭建教程(AArch64篇)
https://bbs.pediy.com/thread-229581.htm

Docker分析文章

Docker恶意软件分析系列之初识Docker
http://blog.sina.com.cn/s/blog_e8e60bc00102vl37.html
Docker恶意软件分析系列II:客户端风险分析
http://blog.sina.com.cn/s/blog_e8e60bc00102vlq7.html
Docker恶意软件分析系列III:用viper分析APK和木马信息
http://blog.sina.com.cn/s/blog_e8e60bc00102vm2p.html
Docker恶意软件分析系列Ⅳ:js反混淆分析
http://blog.sina.com.cn/s/blog_e8e60bc00102vmwi.html
Docker恶意软件分析系列V:ALICTF决赛题目设计
http://blog.sina.com.cn/s/blog_e8e60bc00102vnr0.html
Docker恶意软件分析系列VI:ALICTF决赛解题思路
http://blog.sina.com.cn/s/blog_e8e60bc00102vnr6.html

Android 加固分析

https://paper.seebug.org/44/

MalwareVbr

https://0x4954.wordpress.com/2017/12/03/dfir-tips-malwarevbr-vm/

JS混淆

http://relentless-coding.org/projects/jsdetox/samples
http://www.freebuf.com/column/157281.html

BitCode

https://blockchain.info/

Processon

https://www.processon.com/

RTFOBJ

https://www.decalage.info/python/rtfobj

Python

https://awesome-python.com/

Linux Malware Analyst

http://blog.malwaremustdie.org/2016/11/linux-malware.html

Window Payload

http://www.freebuf.com/articles/system/156710.html

PowerShell

http://www.freebuf.com/articles/database/101267.html
http://www.freebuf.com/sectool/120675.html
http://www.freebuf.com/sectool/136328.html
http://www.freebuf.com/sectool/144824.html
http://www.freebuf.com/sectool/149835.html

PART 2A: INTRO TO THREAT HUNTING WITH KOLIDE FLEET, OSQUERY, POWERSHELL EMPIRE, AND CALDERA – SETUP ENVIRONMENT

https://holdmybeersecurity.com/2018/01/16/part-2a-intro-to-threat-hunting-with-kolide-fleet-osquery-powershell-empire-and-caldera-setup-environment/

R2

https://sec.xiaomi.com/article/30

Proxmox & Cuckoo

https://4d5a.re/proxmox-cuckoo-a-powerful-combo-for-your-home-malware-lab/

威胁情报网站

https://x.threatbook.cn/
https://ti.360.com/
https://www.threatminer.org/

恶意流量分析网站

http://www.malware-traffic-analysis.net

安全网站

https://quequero.org/

ML Malware

http://www.covert.io/the-definitive-security-datascience-and-machinelearning-guide/

看雪知识库

https://www.kanxue.com/chm.htm

NET逆向

https://www.anquanke.com/post/id/89730
https://www.anquanke.com/post/id/90174

虚拟机检测技术攻防

http://blog.csdn.net/whatday/article/details/10393325

x86_64 Reverse-Engineering

https://leotindall.com/tutorial/an-intro-to-x86_64-reverse-engineering/

Unpacking Shade Ransomware

https://secrary.com/ReversingMalware/UnpackingShade/

DDoS

https://www.secpulse.com/archives/64088.html
https://www.secpulse.com/archives/65477.html

Android So

https://bbs.pediy.com/thread-221965.htm

VMWare

https://remnux.org/docs/distro/tools/

MalwareCookBook

https://github.com/mgoffin/malwarecookbook

Malware Analyst Research Toolkit

https://github.com/mboman/mart

SSMA - Simple Static Malware Analyzer

https://github.com/secrary/SSMA

Malicious traffic detection system

https://github.com/stamparm/maltrail

Collection of android malware samples - Android Samples

https://github.com/ashishb/android-malware

Malware Source

https://github.com/Chiggins/malware_sources

List of awesome malware analysis tools and resources

https://github.com/wtsxDev/Malware-Analysis

A collection of OSX and iOS security resources

https://github.com/kai5263499/osx-security-awesome

Malware

https://github.com/0xBADBAC0N/malware

ARM Emulate

https://salmanarif.bitbucket.io/visual/downloads.html

Static and automated/dynamic malware analysis

https://github.com/abdesslem/malwareHunter

Rootkits | Backdoors | Sniffers | Virus | Ransomware | Steganography | Cryptography | Shellcodes | Webshells | Keylogger | Botnets | Worms | Other Network Tools

https://github.com/vduddu/Malware

Malware Classifier From Network Captures

https://github.com/adulau/MalwareClassifier

Collection of scripts for different malware analysis tasks

https://github.com/deadbits/malware-analysis-scripts

POC Android Malware Ransomware/Recon

https://github.com/tfairane/AndroMalware

Repository containing Yara rules, indicators and tools from PhishMe Research

https://github.com/phishme/malware_analysis

Binaries for the book Practical Malware Analysis

https://github.com/mikesiko/PracticalMalwareAnalysis-Labs

Android Malware

https://github.com/virqdroid/Android_Malware

Malware Behavior Analyzer

https://github.com/GlacierW/MBA

Debian packaging of Linux Malware Detect

https://github.com/waja/maldetect

Scanning and identifying XOR encrypted PE files in PE resources

https://github.com/edix/MalwareResourceScanner

Windows Malware Rootkit

https://github.com/csurage/Rootkit

Malware static analysis framework

https://github.com/KoreLogicSecurity/mastiff

Harmless Android malware using the overlay technique to steal user credentials.

https://github.com/geeksonsecurity/android-overlay-malware-example

My personal Automated Malware Analysis Sandboxes and Services

https://github.com/ironbits/Automated-Malware-Analysis-List

Collection of almost 40.000 javascript malware samples

https://github.com/HynekPetrak/javascript-malware-collection

Code for Deep Android Malware Detection paper

https://github.com/niallmcl/Deep-Android-Malware-Detection

Various scripts for different malware families

https://github.com/sysopfb/Malware_Scripts

iOS malware samples

https://github.com/ashishb/ios-malware

An Android Eclipse project demonstrating how to build a simple anti-malware application

https://github.com/twitter-university/AntiMalware

VMWare

https://app.vagrantup.com/boxes/search

Windows Resource Download

https://msdn.itellyou.cn/

Vulnhub

https://www.vulnhub.com/

Windbg XP

http://blog.csdn.net/jiangdf/article/details/6843088

360报告

http://blogs.360.cn/blog/category/%E7%97%85%E6%AF%92%E5%88%86%E6%9E%90/

Ransomware

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-1st-2017-decryptors-btcware-and-more/
https://id-ransomware.malwarehunterteam.com/

IoT 门锁

https://larry.ngrep.me/2018/11/24/ble-sec-hackmelock/

VirtualKD

http://virtualkd.sysprogs.org/download/

OFFICE MALWARE/EXPLOIT

https://github.com/Screetsec/Microsploit
https://remnux.org/
https://r3mrum.wordpress.com/2017/06/29/analyzing-malicious-password-protected-office-documents/
https://dfir.it/blog/2015/06/17/analysts-handbook-analyzing-weaponized-documents/
https://zeltser.com/analyzing-malicious-documents/
https://www.shellntel.com/blog/2016/9/13/luckystrike-a-database-backed-evil-macro-generator
https://www.blackhillsinfosec.com/hide-payload-ms-office-document-properties/
https://securityoversimplicity.wordpress.com/2017/11/23/not-all-she-wrote-part-3-rigged-rtf-documents/
http://www.sdkhere.com/2017/12/analysis-of-file-spider-ransomware.html
https://pentestlab.blog/2017/12/15/microsoft-office-payloads-in-document-properties/
http://blog.51cto.com/antivirusjo/2054410 http://www.freebuf.com/vuls/159789.html
http://blog.safedog.cn/?p=1519
http://blog.safedog.cn/?p=2209
https://spreadsecurity.github.io/2016/08/14/macro-malware-analysis.html
http://sites.utexas.edu/iso/2016/07/08/reverse-engineering-a-malicious-ms-word-document/
http://www.freebuf.com/articles/terminal/74921.html
https://www.anquanke.com/post/id/84105

https://countuponsecurity.com/2014/09/22/malicious-documents-pdf-analysis-in-5-steps/

https://countuponsecurity.com/2014/10/24/malicious-documents-word-with-vba-and-powershell/

https://www.cert-ist.com/public/en/SO_detail?code=malicious_pdf

http://netsecurity.51cto.com/art/200907/138668.htm

https://blog.didierstevens.com/category/pdf/

http://www.itbaby.me/blog/59f7ea965d21b31fcd4e2037

https://zeltser.com/media/docs/analyzing-malicious-document-files.pdf

https://paper.seebug.org/351/

Linux x86 Exploit

https://bbs.pediy.com/user-507717-1.htm

Malware Samples

http://contagiodump.blogspot.com/
http://dasmalwerk.eu/
http://www.freetrojanbotnet.com/
https://malshare.com/
http://www.kernelmode.info/forum/viewforum.php?f=16
https://avcaesar.malware.lu/
http://www.malwareblacklist.com/showMDL.php
http://thezoo.morirt.com/
https://malwr.com/
http://openmalware.org/
http://www.virusign.com/
https://virusshare.com/

Free Automated Malware Analysis Sandboxes and Services

https://zeltser.com/automated-malware-analysis/

Free Online Tools for Looking up Potentially Malicious Websites

https://zeltser.com/lookup-malicious-websites/

APT Sample

https://contagiodump.blogspot.com/2017/02/russian-apt-apt28-collection-of-samples.html

CVE

CVE-2010-3333
http://blog.csdn.net/qq_32400847/article/details/70225519
https://wenku.baidu.com/view/11fd094384254b35effd3480.html
https://www.52pojie.cn/thread-290299-1-1.html
https://bbs.pediy.com/thread-158078.htm

CVE–2017–11882
http://bobao.360.cn/learning/detail/4734.html

CVE-2017-11826
https://blog.fortinet.com/2017/11/22/cve-2017-11826-exploited-in-the-wild-with-politically-themed-rtf-document

malware source

https://github.com/gbrindisi/malware
https://github.com/kaiserfarrell/malware
https://github.com/terrorisst/Malware
https://github.com/fdiskyou/malware
https://github.com/c633/malwaRE
https://github.com/DanielRTeixeira/Malware
https://github.com/nikicat/web-malware-collection
https://github.com/faber03/AndroidMalwareEvaluatingTools
https://github.com/gasgas4/Leaked_Malware_SourceCode
https://github.com/ashishb/android-malware
https://github.com/infosecguerrilla/LinuxMalwareSourceCode
https://github.com/tfairane/AndroMalware
https://github.com/infosecguerrilla/WindowsMalwareSourceCode
https://github.com/csurage/Rootkit
https://github.com/adi0x90/POC-Android-Malware
https://github.com/cheverebe/Android-malware
https://github.com/ispoleet/malware
https://github.com/bakely/malware
https://github.com/K1rky/Malware
https://github.com/Screetsec/TheFatRat
https://github.com/asudhak/Android-Malware
https://github.com/Xyl2k/Malware-Auto-Downloader
https://github.com/slydon/malware_tools
https://github.com/Mi3Security/su-a-cyder
https://github.com/pandazheng/POC-Android-Malware-files
https://github.com/tfairane/AndroMalware
https://github.com/eset/malware-research
https://github.com/m0nad/Diamorphine
https://github.com/a7vinx/liinux

auto script

https://github.com/znb/Malware
https://github.com/arbor-jjones/malware
https://github.com/samvartaka/malware
https://github.com/John-Lin/malware
https://github.com/PythonWebScrapingMalware/Malware
https://github.com/sroberts/malwarehouse
https://github.com/SpiderLabs/malware-analysis
https://github.com/hasherezade/malware_analysis
https://github.com/tomchop/malcom
https://github.com/JustF0rWork/malware
https://github.com/seifreed/malware-scripts
https://github.com/andrew-morris/stupid_malware
https://github.com/abdesslem/malwareHunter
https://github.com/dchad/malware-detection
https://github.com/bindog/ToyMalwareClassification
https://github.com/svent/jsdetox
https://github.com/Googulator/TeslaCrack
https://github.com/KoreLogicSecurity/mastiff
https://github.com/adobe-security/Malware-classifier
https://github.com/PaloAltoNetworks/WireLurkerDetector
https://github.com/necst/aamo
https://github.com/maltelligence/maltelligence
https://github.com/mwleeds/android-malware-analysis
https://github.com/trendmicro/aleph
https://github.com/idanr1986/cuckoo-droid
https://github.com/MalwareLu/tools
https://github.com/hgascon/adagio
https://github.com/rieck/malheur
https://github.com/dcmorton/MalwareTools
https://github.com/ispoleet/malware
https://github.com/Dynetics/Malfunction
https://github.com/tiago4orion/malelf
https://github.com/lbull/malware-collector
https://github.com/sysopfb/Malware_Scripts
https://github.com/deadbits/malware-analysis-scripts
https://github.com/tuomao/android_malware_detection
https://github.com/aim4r/VolDiff
https://github.com/VT-Magnum-Research/antimalware
https://github.com/devwerks/Static-Malware-Analyses
https://github.com/guelfoweb/peframe
https://github.com/nheijmans/malzoo
https://github.com/neriberto/hg
https://github.com/mboman/mart
https://github.com/CSIRTUK/Malware-Tools
https://github.com/0x71/cuckoo-linux
https://github.com/bunseokbot/androtools
https://github.com/psdeshpande/MalwareDetection
https://github.com/sibichakkaravarthy/Malware-Analysis
https://github.com/2015-10-10/MalwareClassification
https://github.com/pfohjo/nitro
https://github.com/researcherGeekLab/AMIV
https://github.com/Te-k/malware-classification
https://github.com/lanninghuanxue/DroidJ
https://github.com/CvvT/AppTroy
https://github.com/monnappa22/Limon
https://github.com/androguard/androguard
https://github.com/sh4hin/Androl4b
https://github.com/jnferguson/entropyDeviation

Course Book

https://github.com/RPISEC/Malware
https://github.com/rshipp/awesome-malware-analysis
https://github.com/mgoffin/malwarecookbook
https://github.com/MISP/MISP
https://github.com/wyyqyl/MalwareAnalysis
https://github.com/secmobi/amatutor
https://github.com/pandazheng/amatutor

AntiMalware Software

https://github.com/twitter-university/AntiMalware
https://github.com/ssesha/MalwareScanner
https://github.com/acprimer/MalwareDetector
https://github.com/kapilkchaurasia/Behavior-Based-Malware-Detection-System-for-Android

Samples

https://github.com/ashishb/ios-malware

APT

https://github.com/hfiref0x/CVE-2015-1701
https://github.com/michael-yip/APTMalwareNotes
https://github.com/abzcoding/aptdetector
https://github.com/harsh2602/APT-Detection-Via-Graph-Analytics
https://github.com/Tryan18/XCOM
https://github.com/aroradhruv03/APThreatDetectionSys
https://github.com/tobypinder/ludumdare32
https://github.com/hslatman/awesome-threat-intelligence
https://github.com/peterfelfer/AtomProbeTutorials

Tools

https://sourceforge.net/projects/remnux/files/
https://remnux.org/docs/distro/tools/

在线画图工具

https://www.processon.com/
http://www.xmindchina.net/

脱壳逆向

https://tuts4you.com
http://www.woodmann.com/
https://bbs.pediy.com/thread-224537.htm
https://bbs.pediy.com/thread-196797.htm

About

威胁情报,恶意样本分析,开源Malware代码收集