0 初衷
GitHub这一份黑客技能列表很不错,包含了多个方向的安全。但目前我关注只有逆向工程与恶意代码,所以其他的被暂时略过。
虽然很感谢作者的辛勤付出,但并不打算复制粘贴全套转载。逐条整理是为了从大量资源里梳理出自己觉得实用性很高的东西。
《Awesome-Hacking》
https://github.com/Hack-with-Github/Awesome-Hacking
Awesome Hacking系列-逆向
- 逆向:关于逆向的图书、培训、实战、工具等
https://github.com/tylerhalfpop/awesome-reversing
1 逆向
awesome-reversing系列逆向资源列表清单
2.1 Books
逆向工程书籍
- The IDA Pro Book 《《IDA Pro权威指南(第2版)》》
- Reverse Engineering for Beginners 《逆向工程权威指南》
- Assembly Language for Intel-Based Computers (5th Edition) 《Intel汇编语言程序设计(第五版)》
- Practical Reverse Engineering 《逆向工程实战》
- Reversing: Secrets of Reverse Engineering 《Reversing:逆向工程揭密》
- Practical Malware Analysis 《恶意代码分析实战》
- Malware Analyst's Cookbook 《恶意软件分析诀窍与工具箱》
- Gray Hat Hacking 《灰帽黑客》
- The Art of Memory Forensics
- Hacking: The Art of Exploitation 《黑客之道:漏洞发掘的艺术》
- Fuzzing for Software Security
- Art of Software Security Assessment
- The Antivirus Hacker's Handbook
- The Rootkit Arsenal 《Rootkit:系统灰色地带的潜伏者中文》
- Windows Internals Part 1 Part 2 《深入解析windows操作系统》
- Inside Windows Debugging
- iOS Reverse Engineering 《iOS逆向工程》
- The Shellcoders Handbook
- A Guide to Kernel Exploitation
- Agner's software optimization resources
2.2 Courses
逆向工程课程
Lenas Reversing for Newbies
https://tuts4you.com/download.php?list.17Open Security Training
http://opensecuritytraining.info/Training.htmlDr. Fu's Malware Analysis
http://fumalwareanalysis.blogspot.sg/p/malware-analysis-tutorials-reverse.htmlBinary Auditing Course
http://www.binary-auditing.com/TiGa's Video Tutorials
http://www.woodmann.com/TiGa/Legend of Random
https://tuts4you.com/download.php?list.97Modern Binary Exploitation
http://security.cs.rpi.edu/courses/binexp-spring2015/RPISEC Malware Course
https://github.com/RPISEC/MalwareSANS FOR 610 GREM
https://www.sans.org/course/reverse-engineering-malware-malware-analysis-tools-techniques/Type/asc/allREcon Training
https://recon.cx/2015/training.htmlBlackhat Training
https://www.blackhat.com/us-16/training/Offensive Security
https://www.offensive-security.com/information-security-training/Corelan Training
https://www.corelan-training.com/Offensive and Defensive Android Reversing
https://github.com/rednaga/training/raw/master/DEFCON23/O%26D%20-%20Android%20Reverse%20Engineering.pdfReverse Engineering Malware 101
https://securedorg.github.io/RE101/ARM Assembly Basics
https://azeria-labs.com/writing-arm-assembly-part-1/
2.3 Practice
实践逆向工程。小心恶意软件。
- Crackmes.de
http://www.crackmes.de/ - OSX Crackmes
https://reverse.put.as/crackmes/ - ESET Challenges
http://www.joineset.com/jobs-analyst.html - Flare-on Challenges
http://flare-on.com/ - Github CTF Archives
http://github.com/ctfs/ - Reverse Engineering Challenges
http://challenges.re/ - xorpd Advanced Assembly Exercises
http://www.xorpd.net/pages/xchg_rax/snip_00.html - Virusshare.com
http://virusshare.com/ - Contagio
http://contagiodump.blogspot.com/ - Malware-Traffic-Analysis
https://malware-traffic-analysis.com/ - Malshare
http://malshare.com/ - Malware Blacklist
http://www.malwareblacklist.com/showMDL.php - malwr.com
https://malwr.com/ - vxvault
http://vxvault.net/
2.4 Hex Editors
010 Editor
http://www.sweetscape.com/010editorHex Workshop
http://www.hexworkshop.com
2.5 Binary Format
CFF Explorer
http://www.ntcore.com/exsuite.phpCerbero Profiler
http://cerbero.io/profiler/Lite PE Insider
http://cerbero.io/peinsider/Detect It Easy
http://ntinfo.biz/PeStudio
http://www.winitor.com/MachoView
https://github.com/gdbinit/MachOViewnm - View Symbols
https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man1/nm.1.htmlfile - File information
https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man1/file.1.htmlcodesign - Code signing information usage: codesign -dvvv filename
https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man1/codesign.1.html
2.6 Disassemblers
Binary Ninja
https://binary.ninja/Radare
http://www.radare.org/r/Hopper
http://hopperapp.com/Capstone
http://www.capstone-engine.org/
2.7 Binary Analysis
Mobius Resources
http://www.msreverseengineering.com/research/
2.8 Bytecode Analysis
Bytecode Viewer
https://bytecodeviewer.com/Bytecode Visualizer
http://www.drgarbage.com/bytecode-visualizer/JPEXS Flash Decompiler
https://www.free-decompiler.com/flash/
2.9 Import Reconstruction
输入表重建工具
ImpRec
http://www.woodmann.com/collaborative/tools/index.php/ImpRECLordPE
http://www.woodmann.com/collaborative/tools/images/Bin_LordPE_2010-6-29_3.9_LordPE_1.41_Deluxe_b.zip
3.0 Dynamic Analysis
- ProcessHacker
http://processhacker.sourceforge.net/ - Process Explorer
https://technet.microsoft.com/en-us/sysinternals/processexplorer - Process Monitor
https://technet.microsoft.com/en-us/sysinternals/processmonitor - Autoruns
https://technet.microsoft.com/en-us/sysinternals/bb963902 - Noriben
https://github.com/Rurik/Noriben - API Monitor
http://www.rohitab.com/apimonitor - iNetSim
http://www.inetsim.org/ - Wireshark
https://www.wireshark.org/download.html - Fakenet
http://practicalmalwareanalysis.com/fakenet/ - netzob
https://www.netzob.org/ - Volatility
https://github.com/volatilityfoundation/volatility - LiME
https://github.com/504ensicsLabs/LiME Cuckoo
https://www.cuckoosandbox.org/
-Objective-See Utilities
https://objective-see.com/products.html- dtrace - sudo dtruss = strace dtrace recipes
http://dtrace.org/blogs/brendan/2011/10/10/top-10-dtrace-scripts-for-mac-os-x/
http://mfukar.github.io/2014/03/19/dtrace.html - fs_usage - report system calls and page faults related to filesystem activity in real-time. File I/O: fs_usage -w -f filesystem
https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man1/fs_usage.1.html dmesg - display the system message buffer
https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man8/dmesg.8.html
3.1 Debugging
- WinDbg
https://msdn.microsoft.com/en-us/windows/hardware/hh852365.aspx - OllyDbg v1.10
http://www.ollydbg.de/ - OllyDbg v2.01
http://www.ollydbg.de/version2.html - OllySnD
https://tuts4you.com/download.php?view.2061 - Olly Shadow
https://tuts4you.com/download.php?view.6 - Olly CiMs
https://tuts4you.com/download.php?view.1206 - Olly UST_2bg
https://tuts4you.com/download.php?view.2816 - x64dbg
http://x64dbg.com/#start - gdb
https://www.gnu.org/software/gdb/ - vdb
https://github.com/vivisect/vivisect - lldb
http://lldb.llvm.org/ - qira
http://qira.me/ - unicorn
https://github.com/unicorn-engine/unicorn
3.2 Mac Decrypt
Cerbero Profiler - Select all -> Copy to new file
http://cerbero-blog.com/?p=1311AppEncryptor - Tool for decrypting
https://github.com/AlanQuatermain/appencryptorClass-Dump - use deprotect option
http://stevenygard.com/projects/class-dump/readmem - OS X Reverser's process dumping tool
https://github.com/gdbinit/readmem
3.3 Document Analysis
- Ole Tools
http://www.decalage.info/python/oletools - Didier's PDF Tools
http://blog.didierstevens.com/programs/pdf-tools/ - Origami
https://github.com/cogent/origami-pdf
3.4 Scripting
- IDA Python Src
https://github.com/idapython/src - IDC Functions Doc
https://www.hex-rays.com/products/ida/support/idadoc/162.shtml - Using IDAPython to Make your Life Easier
http://researchcenter.paloaltonetworks.com/tag/idapython/ - Introduction to IDA Python
https://tuts4you.com/download.php?view.3229 - The Beginner's Guide to IDA Python
https://leanpub.com/IDAPython-Book - IDA Plugin Contest
https://www.hex-rays.com/contests/ - onehawt IDA Plugin List
https://github.com/onethawt/idaplugins-list - pefile Python Libray
https://github.com/erocarrera/pefile
3.5 Android
- Android Developer Studio
http://developer.android.com/sdk/index.html - APKtool
http://ibotpeaches.github.io/Apktool/ - dex2jar
https://github.com/pxb1988/dex2jar - Bytecode Viewer
https://bytecodeviewer.com/ - IDA Pro
https://www.hex-rays.com/products/ida/index.shtml
3.6 Yara
参考
- 1、GitHub 万星推荐:黑客成长技术清单
http://www.4hou.com/info/news/7061.html
