0 初衷
GitHub这一份黑客技能列表很不错,包含了多个方向的安全。但目前我关注只有逆向工程与恶意代码,所以其他的被暂时略过。
虽然很感谢作者的辛勤付出,但并不打算复制粘贴全套转载。逐条整理是为了从大量资源里梳理出自己觉得实用性很高的东西。
《Awesome-Hacking》
https://github.com/Hack-with-Github/Awesome-Hacking
Awesome Hacking系列-逆向
- 逆向:关于逆向的图书、培训、实战、工具等
https://github.com/tylerhalfpop/awesome-reversing
1 逆向
awesome-reversing系列逆向资源列表清单
2.1 Books
逆向工程书籍
- The IDA Pro Book 《《IDA Pro权威指南(第2版)》》
- Reverse Engineering for Beginners 《逆向工程权威指南》
- Assembly Language for Intel-Based Computers (5th Edition) 《Intel汇编语言程序设计(第五版)》
- Practical Reverse Engineering 《逆向工程实战》
- Reversing: Secrets of Reverse Engineering 《Reversing:逆向工程揭密》
- Practical Malware Analysis 《恶意代码分析实战》
- Malware Analyst's Cookbook 《恶意软件分析诀窍与工具箱》
- Gray Hat Hacking 《灰帽黑客》
- The Art of Memory Forensics
- Hacking: The Art of Exploitation 《黑客之道:漏洞发掘的艺术》
- Fuzzing for Software Security
- Art of Software Security Assessment
- The Antivirus Hacker's Handbook
- The Rootkit Arsenal 《Rootkit:系统灰色地带的潜伏者中文》
- Windows Internals Part 1 Part 2 《深入解析windows操作系统》
- Inside Windows Debugging
- iOS Reverse Engineering 《iOS逆向工程》
- The Shellcoders Handbook
- A Guide to Kernel Exploitation
- Agner's software optimization resources
2.2 Courses
逆向工程课程
-
Lenas Reversing for Newbies
https://tuts4you.com/download.php?list.17 -
Open Security Training
http://opensecuritytraining.info/Training.html -
Dr. Fu's Malware Analysis
http://fumalwareanalysis.blogspot.sg/p/malware-analysis-tutorials-reverse.html -
Binary Auditing Course
http://www.binary-auditing.com/ -
TiGa's Video Tutorials
http://www.woodmann.com/TiGa/ -
Legend of Random
https://tuts4you.com/download.php?list.97 -
Modern Binary Exploitation
http://security.cs.rpi.edu/courses/binexp-spring2015/ -
RPISEC Malware Course
https://github.com/RPISEC/Malware -
SANS FOR 610 GREM
https://www.sans.org/course/reverse-engineering-malware-malware-analysis-tools-techniques/Type/asc/all -
REcon Training
https://recon.cx/2015/training.html -
Blackhat Training
https://www.blackhat.com/us-16/training/ -
Offensive Security
https://www.offensive-security.com/information-security-training/ -
Corelan Training
https://www.corelan-training.com/ -
Offensive and Defensive Android Reversing
https://github.com/rednaga/training/raw/master/DEFCON23/O%26D - Android Reverse Engineering.pdf -
Reverse Engineering Malware 101
https://securedorg.github.io/RE101/ -
ARM Assembly Basics
https://azeria-labs.com/writing-arm-assembly-part-1/
2.3 Practice
实践逆向工程。小心恶意软件。
- Crackmes.de
http://www.crackmes.de/ - OSX Crackmes
https://reverse.put.as/crackmes/ - ESET Challenges
http://www.joineset.com/jobs-analyst.html - Flare-on Challenges
http://flare-on.com/ - Github CTF Archives
http://github.com/ctfs/ - Reverse Engineering Challenges
http://challenges.re/ - xorpd Advanced Assembly Exercises
http://www.xorpd.net/pages/xchg_rax/snip_00.html - Virusshare.com
http://virusshare.com/ - Contagio
http://contagiodump.blogspot.com/ - Malware-Traffic-Analysis
https://malware-traffic-analysis.com/ - Malshare
http://malshare.com/ - Malware Blacklist
http://www.malwareblacklist.com/showMDL.php - malwr.com
https://malwr.com/ - vxvault
http://vxvault.net/
2.4 Hex Editors
-
010 Editor
http://www.sweetscape.com/010editor -
Hex Workshop
http://www.hexworkshop.com -
HexFiend
http://ridiculousfish.com/hexfiend -
Hiew
http://www.hiew.ru
2.5 Binary Format
-
CFF Explorer
http://www.ntcore.com/exsuite.php -
Cerbero Profiler
http://cerbero.io/profiler/ -
Lite PE Insider
http://cerbero.io/peinsider/ -
Detect It Easy
http://ntinfo.biz/ -
PeStudio
http://www.winitor.com/ -
MachoView
https://github.com/gdbinit/MachOView -
nm - View Symbols
https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man1/nm.1.html -
file - File information
https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man1/file.1.html -
codesign - Code signing information usage: codesign -dvvv filename
https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man1/codesign.1.html
2.6 Disassemblers
-
Binary Ninja
https://binary.ninja/ -
Radare
http://www.radare.org/r/ -
Hopper
http://hopperapp.com/ -
Capstone
http://www.capstone-engine.org/
2.7 Binary Analysis
-
Mobius Resources
http://www.msreverseengineering.com/research/
2.8 Bytecode Analysis
-
Bytecode Viewer
https://bytecodeviewer.com/ -
Bytecode Visualizer
http://www.drgarbage.com/bytecode-visualizer/ -
JPEXS Flash Decompiler
https://www.free-decompiler.com/flash/
2.9 Import Reconstruction
输入表重建工具
-
ImpRec
http://www.woodmann.com/collaborative/tools/index.php/ImpREC -
LordPE
http://www.woodmann.com/collaborative/tools/images/Bin_LordPE_2010-6-29_3.9_LordPE_1.41_Deluxe_b.zip
3.0 Dynamic Analysis
-
ProcessHacker
http://processhacker.sourceforge.net/ -
Process Explorer
https://technet.microsoft.com/en-us/sysinternals/processexplorer -
Process Monitor
https://technet.microsoft.com/en-us/sysinternals/processmonitor -
Autoruns
https://technet.microsoft.com/en-us/sysinternals/bb963902 -
Noriben
https://github.com/Rurik/Noriben -
API Monitor
http://www.rohitab.com/apimonitor -
iNetSim
http://www.inetsim.org/ -
Wireshark
https://www.wireshark.org/download.html -
netzob
https://www.netzob.org/ -
Volatility
https://github.com/volatilityfoundation/volatility -
Cuckoo
https://www.cuckoosandbox.org/
-Objective-See Utilities
https://objective-see.com/products.html -
dtrace - sudo dtruss = strace dtrace recipes
http://dtrace.org/blogs/brendan/2011/10/10/top-10-dtrace-scripts-for-mac-os-x/
http://mfukar.github.io/2014/03/19/dtrace.html -
fs_usage - report system calls and page faults related to filesystem activity in real-time. File I/O: fs_usage -w -f filesystem
https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man1/fs_usage.1.html -
dmesg - display the system message buffer
https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man8/dmesg.8.html
3.1 Debugging
- WinDbg
https://msdn.microsoft.com/en-us/windows/hardware/hh852365.aspx - OllyDbg v1.10
http://www.ollydbg.de/ - OllyDbg v2.01
http://www.ollydbg.de/version2.html - OllySnD
https://tuts4you.com/download.php?view.2061 - Olly Shadow
https://tuts4you.com/download.php?view.6 - Olly CiMs
https://tuts4you.com/download.php?view.1206 - Olly UST_2bg
https://tuts4you.com/download.php?view.2816 - x64dbg
http://x64dbg.com/#start - gdb
https://www.gnu.org/software/gdb/ - vdb
https://github.com/vivisect/vivisect - lldb
http://lldb.llvm.org/ - qira
http://qira.me/ - unicorn
https://github.com/unicorn-engine/unicorn
3.2 Mac Decrypt
-
Cerbero Profiler - Select all -> Copy to new file
http://cerbero-blog.com/?p=1311 -
AppEncryptor - Tool for decrypting
https://github.com/AlanQuatermain/appencryptor -
Class-Dump - use deprotect option
http://stevenygard.com/projects/class-dump/ -
readmem - OS X Reverser's process dumping tool
https://github.com/gdbinit/readmem
3.3 Document Analysis
- Ole Tools
http://www.decalage.info/python/oletools - Didier's PDF Tools
http://blog.didierstevens.com/programs/pdf-tools/ - Origami
https://github.com/cogent/origami-pdf
3.4 Scripting
- IDA Python Src
https://github.com/idapython/src - IDC Functions Doc
https://www.hex-rays.com/products/ida/support/idadoc/162.shtml - Using IDAPython to Make your Life Easier
http://researchcenter.paloaltonetworks.com/tag/idapython/ - Introduction to IDA Python
https://tuts4you.com/download.php?view.3229 - The Beginner's Guide to IDA Python
https://leanpub.com/IDAPython-Book - IDA Plugin Contest
https://www.hex-rays.com/contests/ - onehawt IDA Plugin List
https://github.com/onethawt/idaplugins-list - pefile Python Libray
https://github.com/erocarrera/pefile
3.5 Android
- Android Developer Studio
http://developer.android.com/sdk/index.html - APKtool
http://ibotpeaches.github.io/Apktool/ - dex2jar
https://github.com/pxb1988/dex2jar - Bytecode Viewer
https://bytecodeviewer.com/ - IDA Pro
https://www.hex-rays.com/products/ida/index.shtml
3.6 Yara
参考
- 1、GitHub 万星推荐:黑客成长技术清单
http://www.4hou.com/info/news/7061.html