{"id":6340,"date":"2022-12-08T11:09:55","date_gmt":"2022-12-08T11:09:55","guid":{"rendered":"https:\/\/sajinshivdas.com\/security\/?p=6340"},"modified":"2024-08-13T10:18:16","modified_gmt":"2024-08-13T10:18:16","slug":"malware-analysis-tools-and-resources","status":"publish","type":"post","link":"https:\/\/sajinshivdas.com\/cybersecurity\/malware-analysis-tools-and-resources\/","title":{"rendered":"Malware Analysis Tools and Resources"},"content":{"rendered":"[vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/2&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<h2><span style=\"font-weight: bold; font-family: 'Segoe UI Emoji';\">\ud83d\udcd6<\/span><span style=\"font-weight: bold; font-family: Calibri;\"> Table of Contents<\/span><\/h2>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Malware Collection<\/span>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"circle\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Anonymizers<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Honeypots<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Malware Corpora<\/span><\/li>\n<\/ul>\n<\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Open Source Threat Intelligence<\/span>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"circle\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Tools<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Other Resources<\/span><\/li>\n<\/ul>\n<\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Detection and Classification<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Online Scanners and Sandboxes<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Domain Analysis<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Browser Malware<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Documents and Shellcode<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">File Carving<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Deobfuscation<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Debugging and Reverse Engineering<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Network<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Memory Forensics<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Windows Artifacts<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Storage and Workflow<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Miscellaneous<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Resources<\/span>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"circle\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Books<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Other<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/2&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<blockquote>\n<h2>Malware Analysis Tools and Resources<\/h2>\n<\/blockquote>\n[\/vc_column_text][nectar_single_testimonial testimonial_style=&#8221;small_modern&#8221; color=&#8221;Default&#8221; quote=&#8221;A collection of the best open-source intelligence-gathering tools available. OSINT stands for &#8220;open-source intelligence,&#8220; which refers to information gathered from open sources. The intelligence community (IC) uses the term &#8220;open&#8220; to describe information that is readily accessible to the general public (as opposed to covert or clandestine sources)&#8221;][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Digital Forensics Learning Resources&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<p style=\"margin: 0in; font-family: Calibri; font-size: 16.0pt;\"><span style=\"font-weight: bold;\">Anonymizers<\/span><\/p>\n<p style=\"margin: 0in; font-family: Calibri; font-size: 11.0pt;\"><span style=\"font-style: italic;\">Web traffic anonymizers for analysts.<\/span><\/p>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/anonymouse.org\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Anonymouse.org<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A free, web based anonymizer.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/openvpn.net\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">OpenVPN<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; VPN software and hosting solutions.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/www.privoxy.org\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Privoxy<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; An open source proxy server with some privacy features.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.torproject.org\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Tor<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; The Onion Router, for browsing the web without leaving traces of the client IP.<\/span><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Digital Forensics Learning Resources&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<p style=\"margin: 0in; font-family: Calibri; font-size: 16.0pt;\"><span style=\"font-weight: bold;\">Honeypots<\/span><\/p>\n<p style=\"margin: 0in; font-family: Calibri; font-size: 11.0pt;\"><span style=\"font-style: italic;\">Trap and collect your own samples.<\/span><\/p>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/mushorg\/conpot\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Conpot<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; ICS\/SCADA honeypot.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/micheloosterhof\/cowrie\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Cowrie<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; SSH honeypot, based on Kippo.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/RevengeComing\/DemonHunter\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">DemoHunter<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Low interaction Distributed Honeypots.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/DinoTools\/dionaea\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Dionaea<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Honeypot designed to trap malware.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/mushorg\/glastopf\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Glastopf<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Web application honeypot.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/www.honeyd.org\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Honeyd<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Create a virtual honeynet.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/bruteforcelab.com\/honeydrive\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">HoneyDrive<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Honeypot bundle Linux distro.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/honeytrap\/honeytrap\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Honeytrap<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Opensource system for running, monitoring and managing honeypots.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/pwnlandia\/mhn\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">MHN<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; MHN is a centralized server for management and data collection of honeypots. MHN allows you to deploy sensors quickly and to collect data immediately, viewable from a neat web interface.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/johnnykv\/mnemosyne\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Mnemosyne<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A normalizer for honeypot data; supports Dionaea.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/buffer\/thug\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Thug<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Low interaction honeyclient, for investigating malicious websites.<\/span><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Digital Forensics Learning Resources&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<p style=\"margin: 0in; font-family: Calibri; font-size: 16.0pt;\"><span style=\"font-weight: bold;\">Malware Corpora<\/span><\/p>\n<p style=\"margin: 0in; font-family: Calibri; font-size: 11.0pt;\"><span style=\"font-style: italic;\">Malware samples collected for analysis.<\/span><\/p>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/support.clean-mx.de\/clean-mx\/viruses.php\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Clean MX<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Realtime database of malware and malicious domains.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/contagiodump.blogspot.com\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Contagio<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A collection of recent malware samples and analyses.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.exploit-db.com\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Exploit Database<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Exploit and shellcode samples.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/infosec.cert-pa.it\/analyze\/submission.html\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Infosec &#8211; CERT-PA<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Malware samples collection and analysis.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/labs.inquest.net\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">InQuest Labs<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Evergrowing searchable corpus of malicious Microsoft documents.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/HynekPetrak\/javascript-malware-collection\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Javascript Mallware Collection<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Collection of almost 40.000 javascript malware samples<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/malpedia.caad.fkie.fraunhofer.de\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Malpedia<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A resource providing rapid identification and actionable context for malware investigations.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/malshare.com\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Malshare<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Large repository of malware actively scrapped from malicious sites.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/openmalware.org\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Open Malware Project<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Sample information and downloads. Formerly Offensive Computing.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/robbyFux\/Ragpicker\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Ragpicker<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Plugin based malware crawler with pre-analysis and reporting functionalities<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/ytisf\/theZoo\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">theZoo<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Live malware samples for analysts.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/tracker.h3x.eu\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Tracker h3x<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Agregator for malware corpus tracker and malicious download sites.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/vduddu\/Malware\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">vduddu malware repo<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Collection of various malware files and source code.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/beta.virusbay.io\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">VirusBay<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Community-Based malware repository and social network.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/www.virussign.com\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">ViruSign<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Malware database that detected by many anti malware programs except ClamAV.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/virusshare.com\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">VirusShare<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Malware repository, registration required.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/vxvault.net\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">VX Vault<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Active collection of malware samples.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/zeltser.com\/malware-sample-sources\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Zeltser&#8217;s Sources<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A list of malware sample sources put together by Lenny Zeltser.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/Visgean\/Zeus\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Zeus Source Code<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Source for the Zeus trojan leaked in 2011.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/vx-underground.org\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">VX Underground<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Massive and growing collection of free malware samples.<\/span><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Digital Forensics Learning Resources&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<p style=\"margin: 0in; font-family: Calibri; font-size: 18.0pt;\"><span style=\"font-weight: bold;\">Open Source Threat Intelligence<\/span><\/p>\n<p style=\"margin: 0in; font-family: Calibri; font-size: 16.0pt;\"><span style=\"font-weight: bold;\">Tools<\/span><\/p>\n<p style=\"margin: 0in; font-family: Calibri; font-size: 11.0pt;\"><span style=\"font-style: italic;\">Harvest and analyze IOCs.<\/span><\/p>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/abusesa\/abusehelper\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">AbuseHelper<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; An open-source framework for receiving and redistributing abuse feeds and threat intel.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/otx.alienvault.com\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">AlienVault Open Threat Exchange<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Share and collaborate in developing Threat Intelligence.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/mlsecproject\/combine\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Combine<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Tool to gather Threat Intelligence indicators from publicly available sources.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/keithjjones\/fileintel\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Fileintel<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Pull intelligence per file hash.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/keithjjones\/hostintel\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Hostintel<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Pull intelligence per host.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.enisa.europa.eu\/topics\/csirt-cert-services\/community-projects\/incident-handling-automation\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">IntelMQ<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A tool for CERTs for processing incident data using a message queue.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.fireeye.com\/services\/freeware\/ioc-editor.html\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">IOC Editor<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A free editor for XML IOC files.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/InQuest\/python-iocextract\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">iocextract<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Advanced Indicator of Compromise (IOC) extractor, Python library and command-line tool.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/mandiant\/ioc_writer\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">ioc_writer<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Python library for working with OpenIOC objects, from Mandiant.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/silascutler\/MalPipe\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">MalPipe<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Malware\/IOC ingestion and processing engine, that enriches collected data.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/csirtgadgets\/massive-octo-spice\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Massive Octo Spice<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Previously known as CIF (Collective Intelligence Framework). Aggregates IOCs from various lists. Curated by the <\/span><a href=\"http:\/\/csirtgadgets.org\/collective-intelligence-framework\"><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">CSIRT Gadgets Foundation<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/MISP\/MISP\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">MISP<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Malware Information Sharing Platform curated by <\/span><a href=\"http:\/\/www.misp-project.org\/\"><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">The MISP Project<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/pulsedive.com\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Pulsedive<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Free, community-driven threat intelligence platform collecting IOCs from open-source feeds.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/pidydx\/PyIOCe\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">PyIOCe<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A Python OpenIOC editor.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/community.riskiq.com\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">RiskIQ<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Research, connect, tag and share IPs and domains. (Was PassiveTotal.)<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/jpsenior\/threataggregator\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">threataggregator<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Aggregates security threats from a number of sources, including some of those listed below in <\/span><a href=\"https:\/\/github.com\/rshipp\/awesome-malware-analysis#other-resources\"><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">other resources<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/threatconnect.com\/free\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">ThreatConnect<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; TC Open allows you to see and share open source threat data, with support and validation from our free community.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.threatcrowd.org\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">ThreatCrowd<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A search engine for threats, with graphical visualization.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/InQuest\/ThreatIngestor\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">ThreatIngestor<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Build automated threat intel pipelines sourcing from Twitter, RSS, GitHub, and more.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/michael-yip\/ThreatTracker\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">ThreatTracker<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A Python script to monitor and generate alerts based on IOCs indexed by a set of Google Custom Search Engines.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/mlsecproject\/tiq-test\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">TIQ-test<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Data visualization and statistical analysis of Threat Intelligence feeds.<\/span><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Digital Forensics Learning Resources&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<p style=\"margin: 0in; font-family: Calibri; font-size: 16.0pt;\"><span style=\"font-weight: bold;\">Other Resources<\/span><\/p>\n<p style=\"margin: 0in; font-family: Calibri; font-size: 11.0pt;\"><span style=\"font-style: italic;\">Threat intelligence and IOC resources.<\/span><\/p>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.autoshun.org\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Autoshun<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> (<\/span><a href=\"https:\/\/www.autoshun.org\/files\/shunlist.csv\"><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">list<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">) &#8211; Snort plugin and blocklist.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/osint.bambenekconsulting.com\/feeds\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Bambenek Consulting Feeds<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; OSINT feeds based on malicious DGA algorithms.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.fidelissecurity.com\/resources\/fidelis-barncat\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Fidelis Barncat<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Extensive malware config database (must request access).<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/cinsscore.com\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">CI Army<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> (<\/span><a href=\"http:\/\/cinsscore.com\/list\/ci-badguys.txt\"><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">list<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">) &#8211; Network security blocklists.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/intel.criticalstack.com\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Critical Stack- Free Intel Market<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Free intel aggregator with deduplication featuring 90+ feeds and over 1.2M indicators.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/cybercrime-tracker.net\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Cybercrime tracker<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Multiple botnet active tracker.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/fireeye\/iocs\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">FireEye IOCs<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Indicators of Compromise shared publicly by FireEye.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/iplists.firehol.org\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">FireHOL IP Lists<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Analytics for 350+ IP lists with a focus on attacks, malware and abuse. Evolution, Changes History, Country Maps, Age of IPs listed, Retention Policy, Overlaps.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/riskdiscovery.com\/honeydb\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">HoneyDB<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Community driven honeypot sensor data collection and aggregation.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/rep\/hpfeeds\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">hpfeeds<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Honeypot feed protocol.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/infosec.cert-pa.it\/analyze\/statistics.html\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Infosec &#8211; CERT-PA lists<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> (<\/span><a href=\"https:\/\/infosec.cert-pa.it\/analyze\/listip.txt\"><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">IPs<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; <\/span><a href=\"https:\/\/infosec.cert-pa.it\/analyze\/listdomains.txt\"><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">Domains<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; <\/span><a href=\"https:\/\/infosec.cert-pa.it\/analyze\/listurls.txt\"><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">URLs<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">) &#8211; Blocklist service.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/labs.inquest.net\/repdb\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">InQuest REPdb<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Continuous aggregation of IOCs from a variety of open reputation sources.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/labs.inquest.net\/iocdb\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">InQuest IOCdb<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Continuous aggregation of IOCs from a variety of blogs, Github repos, and Twitter.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/isc.sans.edu\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Internet Storm Center (DShield)<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Diary and searchable incident database, with a web <\/span><a href=\"https:\/\/dshield.org\/api\/\"><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">API<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">. (<\/span><a href=\"https:\/\/github.com\/rshipp\/python-dshield\"><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">unofficial Python library<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">).<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/malc0de.com\/database\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">malc0de<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Searchable incident database.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/www.malwaredomainlist.com\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Malware Domain List<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Search and share malicious URLs.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.opswat.com\/developers\/threat-intelligence-feed\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">MetaDefender Threat Intelligence Feed<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; List of the most looked up file hashes from MetaDefender Cloud.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.fireeye.com\/services\/freeware.html\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">OpenIOC<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Framework for sharing threat intelligence.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.proofpoint.com\/us\/products\/et-intelligence\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Proofpoint Threat Intelligence<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Rulesets and more. (Formerly Emerging Threats.)<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/docs.google.com\/spreadsheets\/d\/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g\/pubhtml\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Ransomware overview<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A list of ransomware overview with details, detection and prevention.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/stixproject.github.io\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">STIX &#8211; Structured Threat Information eXpression<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Standardized language to represent and share cyber threat information. Related efforts from <\/span><a href=\"https:\/\/www.mitre.org\/\"><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">MITRE<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">: <\/span>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"circle\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/capec.mitre.org\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">CAPEC &#8211; Common Attack Pattern Enumeration and Classification<\/span><\/a><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/cyboxproject.github.io\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">CybOX &#8211; Cyber Observables eXpression<\/span><\/a><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/maec.mitre.org\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">MAEC &#8211; Malware Attribute Enumeration and Characterization<\/span><\/a><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/taxiiproject.github.io\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">TAXII &#8211; Trusted Automated eXchange of Indicator Information<\/span><\/a><\/li>\n<\/ul>\n<\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.systemlookup.com\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">SystemLookup<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; SystemLookup hosts a collection of lists that provide information on the components of legitimate and potentially unwanted programs.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.threatminer.org\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">ThreatMiner<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Data mining portal for threat intelligence, with search.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/threatrecon.co\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">threatRECON<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Search for indicators, up to 1000 free per month.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/threatshare.io\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">ThreatShare<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; C2 panel tracker<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/Yara-Rules\/rules\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Yara rules<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Yara rules repository.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/yeti-platform\/yeti\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">YETI<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Yeti is a platform meant to organize observables, indicators of compromise, TTPs, and knowledge on threats in a single, unified repository.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/zeustracker.abuse.ch\/blocklist.php\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">ZeuS Tracker<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; ZeuS blocklists.<\/span><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Digital Forensics Learning Resources&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<p style=\"margin: 0in; font-family: Calibri; font-size: 18.0pt;\"><span style=\"font-weight: bold;\">Detection and Classification<\/span><\/p>\n<p style=\"margin: 0in; font-family: Calibri; font-size: 11.0pt;\"><span style=\"font-style: italic;\">Antivirus and other malware identification tools<\/span><\/p>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/hiddenillusion\/AnalyzePE\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">AnalyzePE<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Wrapper for a variety of tools for reporting on Windows PE files.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/bitbucket.org\/cse-assemblyline\/assemblyline\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Assemblyline<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A scalable distributed file analysis framework.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/airbnb\/binaryalert\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">BinaryAlert<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; An open source, serverless AWS pipeline that scans and alerts on uploaded files based on a set of YARA rules.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/fireeye\/capa\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">capa<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Detects capabilities in executable files.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/www.chkrootkit.org\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">chkrootkit<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Local Linux rootkit detection.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/www.clamav.net\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">ClamAV<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Open source antivirus engine.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/horsicq\/Detect-It-Easy\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Detect It Easy(DiE)<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A program for determining types of files.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/exeinfo.pe.hu\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Exeinfo PE<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Packer, compressor detector, unpack info, internal exe tools.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/sno.phy.queensu.ca\/~phil\/exiftool\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">ExifTool<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Read, write and edit file metadata.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/EmersonElectricCo\/fsf\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">File Scanning Framework<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Modular, recursive file scanning solution.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/cmu-sei\/pharos\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">fn2yara<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; FN2Yara is a tool to generate Yara signatures for matching functions (code) in an executable program.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/uppusaikiran\/generic-parser\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Generic File Parser<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A Single Library Parser to extract meta information,static analysis and detect macros within the files.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/jessek\/hashdeep\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">hashdeep<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Compute digest hashes with a variety of algorithms.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/gurnec\/HashCheck\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">HashCheck<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Windows shell extension to compute hashes with a variety of algorithms.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/Neo23x0\/Loki\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Loki<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Host based scanner for IOCs.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/Dynetics\/Malfunction\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Malfunction<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Catalog and compare malware at a function level.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/JusticeRage\/Manalyze\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Manalyze<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Static analyzer for PE executables.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/KoreLogicSecurity\/mastiff\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">MASTIFF<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Static analysis framework.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/mitre\/multiscanner\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">MultiScanner<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Modular file scanning\/analysis framework<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/horsicq\/Nauz-File-Detector\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Nauz File Detector(NFD)<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Linker\/Compiler\/Tool detector for Windows, Linux and MacOS.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/rjhansen\/nsrllookup\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">nsrllookup<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A tool for looking up hashes in NIST&#8217;s National Software Reference Library database.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/handlers.sans.org\/jclausing\/packerid.py\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">packerid<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A cross-platform Python alternative to PEiD.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/hshrzd.wordpress.com\/pe-bear\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">PE-bear<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Reversing tool for PE files.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/guelfoweb\/peframe\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">PEframe<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; PEframe is an open source tool to perform static analysis on Portable Executable malware and malicious MS Office documents.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/pev.sourceforge.net\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">PEV<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A multiplatform toolkit to work with PE files, providing feature-rich tools for proper analysis of suspicious binaries.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/katjahahn\/PortEx\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">PortEx<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Java library to analyse PE files with a special focus on malware analysis and PE malformation robustness.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/quark-engine\/quark-engine\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Quark-Engine<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; An Obfuscation-Neglect Android Malware Scoring System<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/rkhunter.sourceforge.net\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Rootkit Hunter<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Detect Linux rootkits.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/ssdeep-project.github.io\/ssdeep\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">ssdeep<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Compute fuzzy hashes.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/gist.github.com\/gleblanc1783\/3c8e6b379fa9d646d401b96ab5c7877f\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">totalhash.py<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Python script for easy searching of the <\/span><a href=\"https:\/\/totalhash.cymru.com\/\"><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">TotalHash.cymru.com<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> database.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/mark0.net\/soft-trid-e.html\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">TrID<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; File identifier.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/plusvic.github.io\/yara\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">YARA<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Pattern matching tool for analysts.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/Neo23x0\/yarGen\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Yara rules generator<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Generate yara rules based on a set of malware samples. Also contains a good strings DB to avoid false positives.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/uppusaikiran\/yara-finder\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Yara Finder<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A simple tool to yara match the file against various yara rules to find the indicators of suspicion.<\/span><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Digital Forensics Learning Resources&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<p style=\"margin: 0in; font-family: Calibri; font-size: 18.0pt;\"><span style=\"font-weight: bold;\">Online Scanners and Sandboxes<\/span><\/p>\n<p style=\"margin: 0in; font-family: Calibri; font-size: 11.0pt;\"><span style=\"font-style: italic;\">Web-based multi-AV scanners, and malware sandboxes for automated analysis.<\/span><\/p>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/sandbox.anlyz.io\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">anlyz.io<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Online sandbox.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/app.any.run\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">any.run<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Online interactive sandbox.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/andrototal.org\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">AndroTotal<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Free online analysis of APKs against multiple mobile antivirus apps.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/avcaesar.malware.lu\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">AVCaesar<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Malware.lu online scanner and malware repository.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/nbeede\/BoomBox\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">BoomBox<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Automatic deployment of Cuckoo Sandbox malware lab using Packer and Vagrant.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/www.cryptam.com\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Cryptam<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Analyze suspicious office documents.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/cuckoosandbox.org\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Cuckoo Sandbox<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Open source, self hosted sandbox and automated analysis system.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/brad-accuvant\/cuckoo-modified\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">cuckoo-modified<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Modified version of Cuckoo Sandbox released under the GPL. Not merged upstream due to legal concerns by the author.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/keithjjones\/cuckoo-modified-api\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">cuckoo-modified-api<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A Python API used to control a cuckoo-modified sandbox.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.deepviz.com\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">DeepViz<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Multi-format file analyzer with machine-learning classification.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/detuxsandbox\/detux\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">detux<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A sandbox developed to do traffic analysis of Linux malwares and capturing IOCs.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/tklengyel\/drakvuf\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">DRAKVUF<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Dynamic malware analysis system.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/firmware.re\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">firmware.re<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Unpacks, scans and analyzes almost any firmware package.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/Tencent\/HaboMalHunter\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">HaboMalHunter<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; An Automated Malware Analysis Tool for Linux ELF Files.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.hybrid-analysis.com\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Hybrid Analysis<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Online malware analysis tool, powered by VxSandbox.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/analyze.intezer.com\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Intezer<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Detect, analyze, and categorize malware by identifying code reuse and code similarities.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/irma.quarkslab.com\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">IRMA<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; An asynchronous and customizable analysis platform for suspicious files.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.joesecurity.org\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Joe Sandbox<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Deep malware analysis with Joe Sandbox.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/virusscan.jotti.org\/en\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Jotti<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Free online multi-AV scanner.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/monnappa22\/Limon\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Limon<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Sandbox for Analyzing Linux Malware.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/rieck\/malheur\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Malheur<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Automatic sandboxed analysis of malware behavior.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/maliceio\/malice\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">malice.io<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Massively scalable malware analysis framework.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/diogo-fernan\/malsub\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">malsub<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A Python RESTful API framework for online malware and URL analysis services.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/malwareconfig.com\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Malware config<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Extract, decode and display online the configuration settings from common malwares.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/malwareanalyser.io\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">MalwareAnalyser.io<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/malwr.com\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Malwr<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Free analysis with an online Cuckoo Sandbox instance.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/metadefender.opswat.com\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">MetaDefender Cloud<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Scan a file, hash, IP, URL or domain address for malware for free.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.networktotal.com\/index.html\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">NetworkTotal<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A service that analyzes pcap files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware using Suricata configured with EmergingThreats Pro.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/Rurik\/Noriben\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Noriben<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Uses Sysinternals Procmon to collect information about malware in a sandboxed environment.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/packettotal.com\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">PacketTotal<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; PacketTotal is an online engine for analyzing .pcap files, and visualizing the network traffic within.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/www.pdfexaminer.com\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">PDF Examiner<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Analyse suspicious PDF files.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/www.procdot.com\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">ProcDot<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A graphical malware analysis tool kit.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/secretsquirrel\/recomposer\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Recomposer<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A helper script for safely uploading binaries to sandbox sites.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/InQuest\/python-sandboxapi\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">sandboxapi<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Python library for building integrations with several open source and commercial malware sandboxes.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/F-Secure\/see\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">SEE<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Sandboxed Execution Environment (SEE) is a framework for building test automation in secured Environments.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/malware.sekoia.fr\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">SEKOIA Dropper Analysis<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Online dropper analysis (Js, VBScript, Microsoft Office, PDF).<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.virustotal.com\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">VirusTotal<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Free online analysis of malware samples and URLs<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/keithjjones\/visualize_logs\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Visualize_Logs<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Open source visualization library and command line tools for logs. (Cuckoo, Procmon, more to come&#8230;)<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/zeltser.com\/automated-malware-analysis\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Zeltser&#8217;s List<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Free automated sandboxes and services, compiled by Lenny Zeltser.<\/span><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Digital Forensics Learning Resources&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<p style=\"margin: 0in; font-family: Calibri; font-size: 18.0pt;\"><span style=\"font-weight: bold;\">Domain Analysis<\/span><\/p>\n<p style=\"margin: 0in; font-family: Calibri; font-size: 11.0pt;\"><span style=\"font-style: italic;\">Inspect domains and IP addresses.<\/span><\/p>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.abuseipdb.com\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">AbuseIPDB<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; AbuseIPDB is a project dedicated to helping combat the spread of hackers, spammers, and abusive activity on the internet.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.badips.com\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">badips.com<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Community based IP blacklist service.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/EmersonElectricCo\/boomerang\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">boomerang<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A tool designed for consistent and safe capture of off network web resources.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/cymon.io\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Cymon<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Threat intelligence tracker, with IP\/domain\/hash search.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/desenmascara.me\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Desenmascara.me<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; One click tool to retrieve as much metadata as possible for a website and to assess its good standing.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/networking.ringofsaturn.com\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Dig<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Free online dig and other network tools.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/elceef\/dnstwist\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">dnstwist<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Domain name permutation engine for detecting typo squatting, phishing and corporate espionage.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/hiddenillusion\/IPinfo\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">IPinfo<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Gather information about an IP or domain by searching online resources.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/hurricanelabs\/machinae\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Machinae<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; OSINT tool for gathering information about URLs, IPs, or hashes. Similar to Automator.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/FGRibreau\/mailchecker\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">mailchecker<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Cross-language temporary email detection library.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/michael-yip\/MaltegoVT\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">MaltegoVT<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Maltego transform for the VirusTotal API. Allows domain\/IP research, and searching for file hashes and scan reports.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/multirbl.valli.org\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Multi rbl<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Multiple DNS blacklist and forward confirmed reverse DNS lookup over more than 300 RBLs.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/services.normshield.com\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">NormShield Services<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Free API Services for detecting possible phishing domains, blacklisted ip addresses and breached accounts.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/phishstats.info\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">PhishStats<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Phishing Statistics with search for IP, domain and website title<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/spyse.com\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Spyse<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; subdomains, whois, realted domains, DNS, hosts AS, SSL\/TLS info,<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/securitytrails.com\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">SecurityTrails<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Historical and current WHOIS, historical and current DNS records, similar domains, certificate information and other domain and IP related API and tools.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.spamcop.net\/bl.shtml\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">SpamCop<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; IP based spam block list.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.spamhaus.org\/lookup\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">SpamHaus<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Block list based on domains and IPs.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/sitecheck.sucuri.net\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Sucuri SiteCheck<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Free Website Malware and Security Scanner.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/talosintelligence.com\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Talos Intelligence<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Search for IP, domain or network owner. (Previously SenderBase.)<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/www.tekdefense.com\/automater\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">TekDefense Automater<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; OSINT tool for gathering information about URLs, IPs, or hashes.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/urlhaus.abuse.ch\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">URLhaus<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A project from abuse.ch with the goal of sharing malicious URLs that are being used for malware distribution.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/urlquery.net\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">URLQuery<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Free URL Scanner.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/urlscan.io\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">urlscan.io<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Free URL Scanner &amp; domain information.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/whois.domaintools.com\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Whois<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; DomainTools free online whois search.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/zeltser.com\/lookup-malicious-websites\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Zeltser&#8217;s List<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Free online tools for researching malicious websites, compiled by Lenny Zeltser.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/zulu.zscaler.com\/#\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">ZScalar Zulu<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Zulu URL Risk Analyzer.<\/span><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Digital Forensics Learning Resources&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<p style=\"margin: 0in; font-family: Calibri; font-size: 18.0pt;\"><span style=\"font-weight: bold;\">Browser Malware<\/span><\/p>\n<p style=\"margin: 0in; font-family: Calibri; font-size: 11.0pt;\"><span lang=\"en-AE\" style=\"font-style: italic;\">Analyze malicious URLs. See also the <\/span><a href=\"https:\/\/github.com\/rshipp\/awesome-malware-analysis#domain-analysis\"><span lang=\"en-US\" style=\"font-style: italic;\">domain analysis<\/span><\/a><span lang=\"en-AE\" style=\"font-style: italic;\"> and <\/span><a href=\"https:\/\/github.com\/rshipp\/awesome-malware-analysis#documents-and-shellcode\"><span lang=\"en-US\" style=\"font-style: italic;\">documents and shellcode<\/span><\/a><span lang=\"en-AE\" style=\"font-style: italic;\"> sections.<\/span><\/p>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/Konloch\/bytecode-viewer\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Bytecode Viewer<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Combines multiple Java bytecode viewers and decompilers into one tool, including APK\/DEX support.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/getfirebug.com\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Firebug<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Firefox extension for web development.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/jd.benow.ca\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Java Decompiler<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Decompile and inspect Java apps.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/Rurik\/Java_IDX_Parser\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Java IDX Parser<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Parses Java IDX cache files.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/www.relentless-coding.com\/projects\/jsdetox\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">JSDetox<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; JavaScript malware analysis tool.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/urule99\/jsunpack-n\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">jsunpack-n<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A javascript unpacker that emulates browser functionality.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/Storyyeller\/Krakatau\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Krakatau<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Java decompiler, assembler, and disassembler.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/malzilla.sourceforge.net\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Malzilla<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Analyze malicious web pages.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/CyberShadow\/RABCDAsm\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">RABCDAsm<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A &#8220;Robust ActionScript Bytecode Disassembler.&#8221;<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/labs.adobe.com\/technologies\/swfinvestigator\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">SWF Investigator<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Static and dynamic analysis of SWF applications.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/www.swftools.org\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">swftools<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Tools for working with Adobe Flash files.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/hooked-on-mnemonics.blogspot.com\/2011\/12\/xxxswfpy.html\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">xxxswf<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A Python script for analyzing Flash files.<\/span><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Digital Forensics Learning Resources&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<p style=\"margin: 0in; font-family: Calibri; font-size: 18.0pt;\"><span style=\"font-weight: bold;\">Documents and Shellcode<\/span><\/p>\n<p style=\"margin: 0in; font-family: Calibri; font-size: 11.0pt;\"><span lang=\"en-AE\" style=\"font-style: italic;\">Analyze malicious JS and shellcode from PDFs and Office documents. See also the <\/span><a href=\"https:\/\/github.com\/rshipp\/awesome-malware-analysis#browser-malware\"><span lang=\"en-US\" style=\"font-style: italic;\">browser malware<\/span><\/a><span lang=\"en-AE\" style=\"font-style: italic;\"> section.<\/span><\/p>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/hiddenillusion\/AnalyzePDF\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">AnalyzePDF<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A tool for analyzing PDFs and attempting to determine whether they are malicious.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/CapacitorSet\/box-js\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">box-js<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A tool for studying JavaScript malware, featuring JScript\/WScript support and ActiveX emulation.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/www.ragestorm.net\/distorm\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">diStorm<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Disassembler for analyzing malicious shellcode.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/labs.inquest.net\/dfi\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">InQuest Deep File Inspection<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Upload common malware lures for Deep File Inspection and heuristical analysis.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/jsbeautifier.org\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">JS Beautifier<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; JavaScript unpacking and deobfuscation.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/libemu.carnivore.it\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">libemu<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Library and tools for x86 shellcode emulation.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/9b\/malpdfobj\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">malpdfobj<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Deconstruct malicious PDFs into a JSON representation.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/www.reconstructer.org\/code.html\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">OfficeMalScanner<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Scan for malicious traces in MS Office documents.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/www.decalage.info\/python\/olevba\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">olevba<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A script for parsing OLE and OpenXML documents and extracting useful information.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/code.google.com\/archive\/p\/origami-pdf\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Origami PDF<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A tool for analyzing malicious PDFs, and more.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/blog.didierstevens.com\/programs\/pdf-tools\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">PDF Tools<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; pdfid, pdf-parser, and more from Didier Stevens.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/9b\/pdfxray_lite\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">PDF X-Ray Lite<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A PDF analysis tool, the backend-free version of PDF X-RAY.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/eternal-todo.com\/tools\/peepdf-pdf-analysis-tool\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">peepdf<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Python tool for exploring possibly malicious PDFs.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.quicksand.io\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">QuickSand<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; QuickSand is a compact C framework to analyze suspected malware documents to identify exploits in streams of different encodings and to locate and extract embedded executables.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Mozilla\/Projects\/SpiderMonkey\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Spidermonkey<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Mozilla&#8217;s JavaScript engine, for debugging malicious JS.<\/span><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Digital Forensics Learning Resources&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<p style=\"margin: 0in; font-family: Calibri; font-size: 18.0pt;\"><span style=\"font-weight: bold;\">File Carving<\/span><\/p>\n<p style=\"margin: 0in; font-family: Calibri; font-size: 11.0pt;\"><span style=\"font-style: italic;\">For extracting files from inside disk and memory images.<\/span><\/p>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/simsong\/bulk_extractor\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">bulk_extractor<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Fast file carving tool.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/williballenthin\/EVTXtract\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">EVTXtract<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Carve Windows Event Log files from raw binary data.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/foremost.sourceforge.net\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Foremost<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; File carving tool designed by the US Air Force.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/vstinner\/hachoir3\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">hachoir3<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Hachoir is a Python library to view and edit a binary stream field by field.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/sleuthkit\/scalpel\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Scalpel<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Another data carving tool.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/jbremer\/sflock\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">SFlock<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Nested archive extraction\/unpacking (used in Cuckoo Sandbox).<\/span><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Digital Forensics Learning Resources&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<p style=\"margin: 0in; font-family: Calibri; font-size: 18.0pt;\"><span style=\"font-weight: bold;\">Deobfuscation<\/span><\/p>\n<p style=\"margin: 0in; font-family: Calibri; font-size: 11.0pt;\"><span style=\"font-style: italic;\">Reverse XOR and other code obfuscation methods.<\/span><\/p>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/bitbucket.org\/decalage\/balbuzard\/wiki\/Home\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Balbuzard<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A malware analysis tool for reversing obfuscation (XOR, ROL, etc) and more.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/0xd4d\/de4dot\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">de4dot<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; .NET deobfuscator and unpacker.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/hooked-on-mnemonics.blogspot.com\/2014\/04\/expexorpy.html\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">ex_pe_xor<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &amp; <\/span><a href=\"http:\/\/hooked-on-mnemonics.blogspot.com\/p\/iheartxor.html\"><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">iheartxor<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Two tools from Alexander Hanel for working with single-byte XOR encoded files.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/fireeye\/flare-floss\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">FLOSS<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; The FireEye Labs Obfuscated String Solver uses advanced static analysis techniques to automatically deobfuscate strings from malware binaries.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/hiddenillusion\/NoMoreXOR\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">NoMoreXOR<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Guess a 256 byte XOR key using frequency analysis.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/BromiumLabs\/PackerAttacker\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">PackerAttacker<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A generic hidden code extractor for Windows malware.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/extremecoders-re\/pyinstxtractor\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">PyInstaller Extractor<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A Python script to extract the contents of a PyInstaller generated Windows executable file. The contents of the pyz file (usually pyc files) present inside the executable are also extracted and automatically fixed so that a Python bytecode decompiler will recognize it.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/rocky\/python-uncompyle6\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">uncompyle6<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A cross-version Python bytecode decompiler. Translates Python bytecode back into equivalent Python source code.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/unipacker\/unipacker\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">un{i}packer<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Automatic and platform-independent unpacker for Windows binaries based on emulation.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/malwaremusings\/unpacker\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">unpacker<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Automated malware unpacker for Windows malware based on WinAppDbg.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/tomchop\/unxor\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">unxor<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Guess XOR keys using known-plaintext attacks.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/jnraber\/VirtualDeobfuscator\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">VirtualDeobfuscator<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Reverse engineering tool for virtualization wrappers.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/eternal-todo.com\/var\/scripts\/xorbruteforcer\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">XORBruteForcer<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A Python script for brute forcing single-byte XOR keys.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/blog.didierstevens.com\/programs\/xorsearch\/\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">XORSearch &amp; XORStrings<\/span><\/a><span style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A couple programs from Didier Stevens for finding XORed data.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/hellman\/xortool\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">xortool<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Guess XOR key length, as well as the key itself.<\/span><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Digital Forensics Learning Resources&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<p style=\"margin: 0in; font-family: Calibri; font-size: 18.0pt;\"><span style=\"font-weight: bold;\">Debugging and Reverse Engineering<\/span><\/p>\n<p style=\"margin: 0in; font-family: Calibri; font-size: 11.0pt;\"><span style=\"font-style: italic;\">Disassemblers, debuggers, and other static and dynamic analysis tools.<\/span><\/p>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/angr\/angr\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">angr<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Platform-agnostic binary analysis framework developed at UCSB&#8217;s Seclab.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/bwall\/bamfdetect\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">bamfdetect<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Identifies and extracts information from bots and other malware.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/BinaryAnalysisPlatform\/bap\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">BAP<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Multiplatform and open source (MIT) binary analysis framework developed at CMU&#8217;s Cylab.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/programa-stic\/barf-project\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">BARF<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Multiplatform, open source Binary Analysis and Reverse engineering Framework.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/google\/binnavi\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">binnavi<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Binary analysis IDE for reverse engineering based on graph visualization.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/binary.ninja\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Binary ninja<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A reversing engineering platform that is an alternative to IDA.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/devttys0\/binwalk\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Binwalk<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Firmware analysis tool.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/season-lab\/bluepill\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">BluePill<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Framework for executing and debugging evasive malware and protected executables.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/aquynh\/capstone\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Capstone<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Disassembly framework for binary analysis and reversing, with support for many architectures and bindings in several languages.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/hugsy\/codebro\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">codebro<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Web based code browser using \u00a0clang to provide basic code analysis.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/radareorg\/cutter\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Cutter<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; GUI for Radare2.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/sycurelab\/DECAF\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">DECAF (Dynamic Executable Code Analysis Framework)<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211;\u00a0A binary analysis platform based \u00a0 on QEMU. DroidScope is now an extension to DECAF.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/0xd4d\/dnSpy\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">dnSpy<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; .NET assembly editor, decompiler and debugger.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.jetbrains.com\/decompiler\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">dotPeek<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Free .NET Decompiler and Assembly Browser.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/codef00.com\/projects#debugger\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Evan&#8217;s Debugger (EDB)<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A modular debugger with a Qt GUI.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/rabbitstack\/fibratus\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Fibratus<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Tool for exploration and tracing of the Windows kernel.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.mcafee.com\/us\/downloads\/free-tools\/fport.aspx\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">FPort<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Reports open TCP\/IP and UDP ports in a live system and maps them to the owning application.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/www.sourceware.org\/gdb\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">GDB<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; The GNU debugger.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/hugsy\/gef\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">GEF<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; GDB Enhanced Features, for exploiters and reverse engineers.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/NationalSecurityAgency\/ghidra\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Ghidra<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/codypierce\/hackers-grep\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">hackers-grep<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A utility to search for strings in PE executables including imports, exports, and debug symbols.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.hopperapp.com\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Hopper<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; The macOS and Linux Disassembler.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.hex-rays.com\/products\/ida\/index.shtml\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">IDA Pro<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Windows disassembler and debugger, with a free evaluation version.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/crypto2011\/IDR\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">IDR<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Interactive Delphi Reconstructor is a decompiler of Delphi executable files and dynamic libraries.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/debugger.immunityinc.com\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Immunity Debugger<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Debugger for malware analysis and more, with a Python API.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/ilspy.net\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">ILSpy<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; ILSpy is the open-source .NET assembly browser and decompiler.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/kaitai.io\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Kaitai Struct<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; DSL for file formats \/ network protocols \/ data structures reverse engineering and dissection, with code generation for C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/lief.quarkslab.com\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">LIEF<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; LIEF provides a cross-platform library to parse, modify and abstract ELF, PE and MachO formats.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/ltrace.org\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">ltrace<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Dynamic analysis for Linux executables.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/phdphuc\/mac-a-mal\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">mac-a-mal<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; An automated framework for mac malware hunting.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/en.wikipedia.org\/wiki\/Objdump\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">objdump<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Part of GNU binutils, for static analysis of Linux binaries.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/www.ollydbg.de\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">OllyDbg<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; An assembly-level debugger for Windows executables.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/low-priority.appspot.com\/ollydumpex\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">OllyDumpEx<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Dump memory from (unpacked) malware Windows process and store raw or rebuild PE file. This is a plugin for OllyDbg, Immunity Debugger, IDA Pro, WinDbg, and x64dbg.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/moyix\/panda\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">PANDA<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Platform for Architecture-Neutral Dynamic Analysis.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/longld\/peda\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">PEDA<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Python Exploit Development Assistance for GDB, an enhanced display with added commands.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/winitor.com\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">pestudio<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Perform static analysis of Windows executables.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/cmu-sei\/pharos\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Pharos<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; The Pharos binary analysis framework can be used to perform automated static analysis of binaries.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/plasma-disassembler\/plasma\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">plasma<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Interactive disassembler for x86\/ARM\/MIPS.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.mzrst.com\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">PPEE (puppy)<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A Professional PE file Explorer for reversers, malware researchers and those who want to statically inspect PE files in more detail.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/docs.microsoft.com\/en-us\/sysinternals\/downloads\/process-explorer\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Process Explorer<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Advanced task manager for Windows.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/processhacker.sourceforge.net\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Process Hacker<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Tool that monitors system resources.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/docs.microsoft.com\/en-us\/sysinternals\/downloads\/procmon\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Process Monitor<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Advanced monitoring tool for Windows programs.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/docs.microsoft.com\/en-us\/sysinternals\/downloads\/pstools\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">PSTools<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Windows command-line tools that help manage and investigate live systems.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/joxeankoret\/pyew\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Pyew<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Python tool for malware analysis.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/Cisco-Talos\/pyrebox\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">PyREBox<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Python scriptable reverse engineering sandbox by the Talos team at Cisco.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/ispras\/qemu\/releases\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">QKD<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; QEMU with embedded WinDbg server for stealth debugging.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/www.radare.org\/r\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Radare2<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Reverse engineering framework, with debugger support.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/sourceforge.net\/projects\/regshot\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">RegShot<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Registry compare utility that compares snapshots.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/retdec.com\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">RetDec<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Retargetable machine-code decompiler with an <\/span><a href=\"https:\/\/retdec.com\/decompilation\/\"><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">online decompilation service<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> and <\/span><a href=\"https:\/\/retdec.com\/api\/\"><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">API<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> that you can use in your tools.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/Cisco-Talos\/ROPMEMU\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">ROPMEMU<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A framework to analyze, dissect and decompile complex code-reuse attacks.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/NtQuery\/Scylla\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Scylla Imports Reconstructor<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Find and fix the IAT of an unpacked \/ dumped PE32 malware.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/x64dbg\/ScyllaHide\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">ScyllaHide<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; An Anti-Anti-Debug library and plugin for OllyDbg, x64dbg, IDA Pro, and TitanEngine.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/pidydx\/SMRT\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">SMRT<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Sublime Malware Research Tool, a plugin for Sublime 3 to aid with malware analyis.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/sourceforge.net\/projects\/strace\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">strace<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Dynamic analysis for Linux executables.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/fireeye\/stringsifter\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">StringSifter<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A machine learning tool that automatically ranks strings based on their relevance for malware analysis.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/triton.quarkslab.com\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Triton<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A dynamic binary analysis (DBA) framework.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/vmt\/udis86\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Udis86<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Disassembler library and tool for x86 and x86_64.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/vivisect\/vivisect\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Vivisect<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Python tool for malware analysis.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/developer.microsoft.com\/en-us\/windows\/hardware\/download-windbg\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">WinDbg<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; multipurpose debugger for the Microsoft Windows computer operating system, used to debug user mode applications, device drivers, and the kernel-mode memory dumps.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/x64dbg\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">X64dbg<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; An open-source x64\/x32 debugger for windows.<\/span><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Digital Forensics Learning Resources&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<p style=\"margin: 0in; font-family: Calibri; font-size: 18.0pt;\"><span style=\"font-weight: bold;\">Network<\/span><\/p>\n<p style=\"margin: 0in; font-family: Calibri; font-size: 11.0pt;\"><span style=\"font-style: italic;\">Analyze network interactions.<\/span><\/p>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.bro.org\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Bro<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Protocol analyzer that operates at incredible scale; both file and network protocols.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/hempnall\/broyara\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">BroYara<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Use Yara rules from Bro.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/omriher\/CapTipper\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">CapTipper<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Malicious HTTP traffic explorer.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/MITRECND\/chopshop\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">chopshop<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Protocol analysis and decoding framework.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.cloudshark.org\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">CloudShark<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Web-based tool for packet analysis and malware traffic detection.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/fireeye\/flare-fakenet-ng\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">FakeNet-NG<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Next generation dynamic network analysis tool.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.telerik.com\/fiddler\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Fiddler<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Intercepting web proxy designed for &#8220;web debugging.&#8221;<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/pjlantz\/Hale\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Hale<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Botnet C&amp;C monitor.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/www.haka-security.org\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Haka<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; An open source security oriented language for describing protocols and applying security policies on (live) captured traffic.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/jbremer\/httpreplay\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">HTTPReplay<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Library for parsing and reading out PCAP files, including TLS streams using TLS Master Secrets (used in Cuckoo Sandbox).<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/www.inetsim.org\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">INetSim<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Network service emulation, useful when building a malware lab.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/lmco\/laikaboss\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Laika BOSS<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Laika BOSS is a file-centric malware analysis and intrusion detection system.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/idaholab\/Malcolm\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Malcolm<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files) and Zeek logs.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/tomchop\/malcom\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Malcom<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Malware Communications Analyzer.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/stamparm\/maltrail\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Maltrail<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A malicious traffic detection system, utilizing publicly available (black)lists containing malicious and\/or generally suspicious trails and featuring an reporting and analysis interface.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/mitmproxy.org\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">mitmproxy<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Intercept network traffic on the fly.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/aol\/moloch\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Moloch<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; IPv4 traffic capturing, indexing and database system.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/www.netresec.com\/?page=NetworkMiner\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">NetworkMiner<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Network forensic analysis tool, with a free version.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/jpr5\/ngrep\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">ngrep<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Search through network traffic like grep.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/mateuszk87\/PcapViz\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">PcapViz<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Network topology and traffic visualizer.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/RamadhanAmizudin\/python-icap-yara\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Python ICAP Yara<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; An ICAP Server with yara scanner for URL or content.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/ch3k1\/squidmagic\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Squidmagic<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; squidmagic is a tool designed to analyze a web-based network traffic to detect central command and control (C&amp;C) servers and malicious sites, using Squid proxy server and Spamhaus.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/www.tcpdump.org\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Tcpdump<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Collect network traffic.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/tcpick.sourceforge.net\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">tcpick<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Trach and reassemble TCP streams from network traffic.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/tcpxtract.sourceforge.net\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">tcpxtract<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Extract files from network traffic.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.wireshark.org\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Wireshark<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; The network traffic analysis tool.<\/span><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Digital Forensics Learning Resources&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<p style=\"margin: 0in; font-family: Calibri; font-size: 20.0pt;\"><span style=\"font-weight: bold;\">Resources<\/span><\/p>\n<p style=\"margin: 0in; font-family: Calibri; font-size: 18.0pt;\"><span style=\"font-weight: bold;\">Books<\/span><\/p>\n<p style=\"margin: 0in; font-family: Calibri; font-size: 11.0pt;\"><span style=\"font-style: italic;\">Essential malware analysis reading material.<\/span><\/p>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.packtpub.com\/networking-and-servers\/learning-malware-analysis\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Learning Malware Analysis<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Learning Malware Analysis: Explore the concepts, tools, and techniques to analuze and investigate Windows malware<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/amzn.com\/dp\/0470613033\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Malware Analyst&#8217;s Cookbook and DVD<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Tools and Techniques for Fighting Malicious Code.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.packtpub.com\/networking-and-servers\/mastering-malware-analysis\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Mastering Malware Analysis<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Mastering Malware Analysis: The complete malware analyst&#8217;s guide to combating malicious software, APT, cybercime, and IoT attacks<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.packtpub.com\/networking-and-servers\/mastering-reverse-engineering\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Mastering Reverse Engineering<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Mastering Reverse Engineering: Re-engineer your ethical hacking skills<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/amzn.com\/dp\/1593272901\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Practical Malware Analysis<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; The Hands-On Guide to Dissecting Malicious Software.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.amzn.com\/dp\/1118787315\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Practical Reverse Engineering<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Intermediate Reverse Engineering.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.amzn.com\/dp\/0321240693\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Real Digital Forensics<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Computer Security and Incident Response.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.amazon.com\/dp\/1593277164\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Rootkits and Bootkits<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/amzn.com\/dp\/1118825098\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">The Art of Memory Forensics<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Detecting Malware and Threats in Windows, Linux, and Mac Memory.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/amzn.com\/dp\/1593272898\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">The IDA Pro Book<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; The Unofficial Guide to the World&#8217;s Most Popular Disassembler.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/amzn.com\/dp\/144962636X\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">The Rootkit Arsenal<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System<\/span><\/li>\n<\/ul>\n<p style=\"margin: 0in; font-family: Calibri; font-size: 18.0pt;\"><span style=\"font-weight: bold;\">Other<\/span><\/p>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/aptnotes\/data\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">APT Notes<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A collection of papers and notes related to Advanced Persistent Threats.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/endgameinc\/ember\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Ember<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Endgame Malware BEnchmark for Research, a repository that makes it easy to (re)create a machine learning model that can be used to predict a score for a PE file based on static analysis.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/corkami\/pics\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">File Formats posters<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Nice visualization of commonly used file format (including PE &amp; ELF).<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/honeynet.org\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Honeynet Project<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Honeypot tools, papers, and other resources.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/www.kernelmode.info\/forum\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Kernel Mode<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; An active community devoted to malware analysis and kernel development.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/zeltser.com\/malicious-software\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Malicious Software<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Malware blog and resources by Lenny Zeltser.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/cse.google.com\/cse\/home?cx=011750002002865445766%3Apc60zx1rliu\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Malware Analysis Search<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Custom Google search engine from <\/span><a href=\"https:\/\/github.com\/rshipp\/awesome-malware-analysis\/blob\/main\/journeyintoir.blogspot.com\"><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">Corey Harrell<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/fumalwareanalysis.blogspot.nl\/p\/malware-analysis-tutorials-reverse.html\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Malware Analysis Tutorials<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; The Malware Analysis Tutorials by Dr. Xiang Fu, a great resource for learning practical malware analysis.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.slideshare.net\/bartblaze\/malware-analysis-threat-intelligence-and-reverse-engineering\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Malware Analysis, Threat Intelligence and Reverse Engineering<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Presentation introducing the concepts of malware analysis, threat intelligence and reverse engineering. Experience or prior knowledge is not required. Labs link in description.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/Karneades\/malware-persistence\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Malware Persistence<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Collection of various information focused on malware persistence: detection (techniques), response, pitfalls and the log collection (tools).<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/malware-traffic-analysis.net\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Malware Samples and Traffic<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; This blog focuses on network traffic related to malware infections.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/addons.mozilla.org\/fr\/firefox\/addon\/malware-search-plusplusplus\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Malware Search+++<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> Firefox extension allows you to easily search some of the most popular malware databases<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/bluesoul.me\/practical-malware-analysis-starter-kit\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Practical Malware Analysis Starter Kit<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; This package contains most of the software referenced in the Practical Malware Analysis book.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/RPISEC\/Malware\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">RPISEC Malware Analysis<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; These are the course materials used in the Malware Analysis course at at Rensselaer Polytechnic Institute during Fall 2015.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/windowsir.blogspot.com\/p\/malware.html\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">WindowsIR: Malware<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Harlan Carvey&#8217;s page on Malware.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/msuhanov\/regf\/blob\/master\/Windows%20registry%20file%20format%20specification.md\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Windows Registry specification<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Windows registry file format specification.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.reddit.com\/r\/csirt_tools\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">\/r\/csirt_tools<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Subreddit for CSIRT tools and resources, with a <\/span><a href=\"https:\/\/www.reddit.com\/r\/csirt_tools\/search?q=flair%3A%22Malware%20analysis%22&amp;sort=new&amp;restrict_sr=on\"><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">malware analysis<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> flair.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.reddit.com\/r\/Malware\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">\/r\/Malware<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; The malware subreddit.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.reddit.com\/r\/ReverseEngineering\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">\/r\/ReverseEngineering<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Reverse engineering subreddit, not limited to just malware.<\/span><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Digital Forensics Learning Resources&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<p style=\"margin: 0in; font-family: Calibri; font-size: 18.0pt;\"><span style=\"font-weight: bold;\">Memory Forensics<\/span><\/p>\n<p style=\"margin: 0in; font-family: Calibri; font-size: 11.0pt;\"><span style=\"font-style: italic;\">Tools for dissecting malware in memory images or running systems.<\/span><\/p>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/www.blackbagtech.com\/blacklight.html\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">BlackLight<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Windows\/MacOS forensics client supporting hiberfil, pagefile, raw memory analysis.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/504ensicsLabs\/DAMM\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">DAMM<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Differential Analysis of Malware in Memory, built on Volatility.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/JamesHabben\/evolve\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">evolve<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Web interface for the Volatility Memory Forensics Framework.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/sourceforge.net\/projects\/findaes\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">FindAES<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Find AES encryption keys in memory.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/ShaneK2\/inVtero.net\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">inVtero.net<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; High speed memory analysis framework developed in .NET supports all Windows x64, includes code integrity and write support.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/ytisf\/muninn\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Muninn<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A script to automate portions of analysis using Volatility, and create a readable report.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/www.rekall-forensic.com\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Rekall<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Memory analysis framework, forked from Volatility in 2013.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/sketchymoose\/TotalRecall\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">TotalRecall<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Script based on Volatility for automating various malware analysis tasks.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/aim4r\/VolDiff\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">VolDiff<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Run Volatility on memory images before and after malware execution, and report changes.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/volatilityfoundation\/volatility\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Volatility<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Advanced memory forensics framework.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/kevthehermit\/VolUtility\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">VolUtility<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Web Interface for Volatility Memory Analysis framework.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/swwwolf\/wdbgark\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">WDBGARK<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; WinDBG Anti-RootKit Extension.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/developer.microsoft.com\/en-us\/windows\/hardware\/windows-driver-kit\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">WinDbg<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Live memory inspection and kernel debugging for Windows systems.<\/span><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Digital Forensics Learning Resources&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<p style=\"margin: 0in; font-family: Calibri; font-size: 18.0pt;\"><span style=\"font-weight: bold;\">Windows Artifacts<\/span><\/p>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/OMENScan\/AChoir\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">AChoir<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A live incident response script for gathering Windows artifacts.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/williballenthin\/python-evt\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">python-evt<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Python library for parsing Windows Event Logs.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/www.williballenthin.com\/registry\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">python-registry<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Python library for parsing registry files.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/brettshavers.cc\/index.php\/brettsblog\/tags\/tag\/regripper\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">RegRipper<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> (<\/span><a href=\"https:\/\/github.com\/keydet89\/RegRipper2.8\"><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">GitHub<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">) &#8211; Plugin-based registry analysis tool.<\/span><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Digital Forensics Learning Resources&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<p style=\"margin: 0in; font-family: Calibri; font-size: 18.0pt;\"><span style=\"font-weight: bold;\">Storage and Workflow<\/span><\/p>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/merces\/aleph\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Aleph<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Open Source Malware Analysis Pipeline System.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/crits.github.io\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">CRITs<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Collaborative Research Into Threats, a malware and threat repository.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/certsocietegenerale.github.io\/fame\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">FAME<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A malware analysis framework featuring a pipeline that can be extended with custom modules, which can be chained and interact with each other to perform end-to-end analysis.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/sroberts\/malwarehouse\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Malwarehouse<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Store, tag, and search malware.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/ANSSI-FR\/polichombr\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Polichombr<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A malware analysis platform designed to help analysts to reverse malwares collaboratively.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/stoq.punchcyber.com\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">stoQ<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Distributed content analysis framework with extensive plugin support, from input to output, and everything in between.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"http:\/\/viper.li\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Viper<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A binary management and analysis framework for analysts and researchers.<\/span><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Digital Forensics Learning Resources&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<p style=\"margin: 0in; font-family: Calibri; font-size: 18.0pt;\"><span style=\"font-weight: bold;\">Miscellaneous<\/span><\/p>\n<ul style=\"direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;\" type=\"disc\">\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/LordNoteworthy\/al-khaser\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">al-khaser<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A PoC malware with good intentions that aimes to stress anti-malware systems.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/AbertayMachineLearningGroup\/CryptoKnight\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">CryptoKnight<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Automated cryptographic algorithm reverse engineering and classification framework.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/Defense-Cyber-Crime-Center\/DC3-MWCP\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">DC3-MWCP<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; The Defense Cyber Crime Center&#8217;s Malware Configuration Parser framework.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/fireeye\/flare-vm\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">FLARE VM<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A fully customizable, Windows-based, security distribution for malware analysis.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/misterch0c\/malSploitBase\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">MalSploitBase<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A database containing exploits used by malware.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/archive.org\/details\/malwaremuseum\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Malware Museum<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Collection of malware programs that were distributed in the 1980s and 1990s.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/uppusaikiran\/malware-organiser\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Malware Organiser<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; A simple tool to organise large malicious\/benign files into a organised Structure.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/github.com\/a0rtega\/pafish\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Pafish<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Paranoid Fish, a demonstration tool that employs several techniques to detect sandboxes and analysis environments in the same way as malware families do.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/remnux.org\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">REMnux<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Linux distribution and docker images for malware reverse engineering and analysis.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/tsurugi-linux.org\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Tsurugi Linux<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Linux distribution designed to support your DFIR investigations, malware analysis and OSINT (Open Source INTelligence) activities.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><a href=\"https:\/\/santoku-linux.com\/\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Santoku Linux<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> &#8211; Linux distribution for mobile forensics, malware analysis, and security.<\/span><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row]\n","protected":false},"excerpt":{"rendered":"<p>Sed condimentum massa in enim cursus, sed mattis elit malesuada. Lorem sapien acveh icula vestibulum, arcu magna aliquet velit. Nunc elementum mattis diam eu aliquam. Phasellus augue nulla, venenatis non hendrerit ac, volutpat sit amet sem. Donec eleifend nulla<\/p>\n","protected":false},"author":1,"featured_media":6342,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[41,5,1],"tags":[30,42,77,78],"class_list":{"0":"post-6340","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-osint","8":"category-threat-intelligence","9":"category-utilities","10":"tag-cyber-security","11":"tag-osint","12":"tag-threat-intelligence","13":"tag-utilities"},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Malware Analysis Tools and Resources | Sajin Shivdas<\/title>\n<meta name=\"description\" content=\"Explore essential malware analysis tools and resources to enhance your cybersecurity skills and protect against threats.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/sajinshivdas.com\/cybersecurity\/malware-analysis-tools-and-resources\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Malware Analysis Tools and Resources | Sajin Shivdas\" \/>\n<meta property=\"og:description\" content=\"Explore essential malware analysis tools and resources to enhance your cybersecurity skills and protect against threats.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/sajinshivdas.com\/cybersecurity\/malware-analysis-tools-and-resources\/\" \/>\n<meta property=\"og:site_name\" content=\"Sajin Shivdas | Cybersecurity\" \/>\n<meta property=\"article:published_time\" content=\"2022-12-08T11:09:55+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-08-13T10:18:16+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/sajinshivdas.com\/cybersecurity\/wp-content\/uploads\/2022\/12\/4027551_15971-scaled.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"2560\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Sajin Shivdas\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Sajin Shivdas\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"25 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":[\"Article\",\"BlogPosting\"],\"@id\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/malware-analysis-tools-and-resources\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/malware-analysis-tools-and-resources\\\/\"},\"author\":{\"name\":\"Sajin Shivdas\",\"@id\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/#\\\/schema\\\/person\\\/af1d121cbedd3ce64369f21a359ff2e6\"},\"headline\":\"Malware Analysis Tools and Resources\",\"datePublished\":\"2022-12-08T11:09:55+00:00\",\"dateModified\":\"2024-08-13T10:18:16+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/malware-analysis-tools-and-resources\\\/\"},\"wordCount\":8510,\"publisher\":{\"@id\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/#\\\/schema\\\/person\\\/af1d121cbedd3ce64369f21a359ff2e6\"},\"image\":{\"@id\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/malware-analysis-tools-and-resources\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/wp-content\\\/uploads\\\/2022\\\/12\\\/4027551_15971-scaled.jpg\",\"keywords\":[\"Cyber Security\",\"OSINT\",\"Threat Intelligence\",\"Utilities\"],\"articleSection\":[\"OSINT\",\"Threat Intelligence\",\"Utilities\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/malware-analysis-tools-and-resources\\\/\",\"url\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/malware-analysis-tools-and-resources\\\/\",\"name\":\"Malware Analysis Tools and Resources | Sajin Shivdas\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/malware-analysis-tools-and-resources\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/malware-analysis-tools-and-resources\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/wp-content\\\/uploads\\\/2022\\\/12\\\/4027551_15971-scaled.jpg\",\"datePublished\":\"2022-12-08T11:09:55+00:00\",\"dateModified\":\"2024-08-13T10:18:16+00:00\",\"description\":\"Explore essential malware analysis tools and resources to enhance your cybersecurity skills and protect against threats.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/malware-analysis-tools-and-resources\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/malware-analysis-tools-and-resources\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/malware-analysis-tools-and-resources\\\/#primaryimage\",\"url\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/wp-content\\\/uploads\\\/2022\\\/12\\\/4027551_15971-scaled.jpg\",\"contentUrl\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/wp-content\\\/uploads\\\/2022\\\/12\\\/4027551_15971-scaled.jpg\",\"width\":2560,\"height\":2560,\"caption\":\"Internet hackers groups gangs and criminal professional programmers net flat round infographic poster with octopus symbol vector illustration\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/malware-analysis-tools-and-resources\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Malware Analysis Tools and Resources\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/#website\",\"url\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/\",\"name\":\"sajinshivdas.com\",\"description\":\"Cybersecurity - Information security Resources, Articles and Latest News\",\"publisher\":{\"@id\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/#\\\/schema\\\/person\\\/af1d121cbedd3ce64369f21a359ff2e6\"},\"alternateName\":\"Sajin Shivdas\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/#\\\/schema\\\/person\\\/af1d121cbedd3ce64369f21a359ff2e6\",\"name\":\"Sajin Shivdas\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/5dbd4f42-9550-4c99-82e9-34f3c99a2253.png\",\"url\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/5dbd4f42-9550-4c99-82e9-34f3c99a2253.png\",\"contentUrl\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/5dbd4f42-9550-4c99-82e9-34f3c99a2253.png\",\"width\":1000,\"height\":500,\"caption\":\"Sajin Shivdas\"},\"logo\":{\"@id\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/5dbd4f42-9550-4c99-82e9-34f3c99a2253.png\"},\"sameAs\":[\"http:\\\/\\\/sajinshivdas.com\\\/security\",\"www.linkedin.com\\\/in\\\/sajin-shivdas\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Malware Analysis Tools and Resources | Sajin Shivdas","description":"Explore essential malware analysis tools and resources to enhance your cybersecurity skills and protect against threats.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/sajinshivdas.com\/cybersecurity\/malware-analysis-tools-and-resources\/","og_locale":"en_US","og_type":"article","og_title":"Malware Analysis Tools and Resources | Sajin Shivdas","og_description":"Explore essential malware analysis tools and resources to enhance your cybersecurity skills and protect against threats.","og_url":"https:\/\/sajinshivdas.com\/cybersecurity\/malware-analysis-tools-and-resources\/","og_site_name":"Sajin Shivdas | Cybersecurity","article_published_time":"2022-12-08T11:09:55+00:00","article_modified_time":"2024-08-13T10:18:16+00:00","og_image":[{"width":2560,"height":2560,"url":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-content\/uploads\/2022\/12\/4027551_15971-scaled.jpg","type":"image\/jpeg"}],"author":"Sajin Shivdas","twitter_misc":{"Written by":"Sajin Shivdas","Est. reading time":"25 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":["Article","BlogPosting"],"@id":"https:\/\/sajinshivdas.com\/cybersecurity\/malware-analysis-tools-and-resources\/#article","isPartOf":{"@id":"https:\/\/sajinshivdas.com\/cybersecurity\/malware-analysis-tools-and-resources\/"},"author":{"name":"Sajin Shivdas","@id":"https:\/\/sajinshivdas.com\/cybersecurity\/#\/schema\/person\/af1d121cbedd3ce64369f21a359ff2e6"},"headline":"Malware Analysis Tools and Resources","datePublished":"2022-12-08T11:09:55+00:00","dateModified":"2024-08-13T10:18:16+00:00","mainEntityOfPage":{"@id":"https:\/\/sajinshivdas.com\/cybersecurity\/malware-analysis-tools-and-resources\/"},"wordCount":8510,"publisher":{"@id":"https:\/\/sajinshivdas.com\/cybersecurity\/#\/schema\/person\/af1d121cbedd3ce64369f21a359ff2e6"},"image":{"@id":"https:\/\/sajinshivdas.com\/cybersecurity\/malware-analysis-tools-and-resources\/#primaryimage"},"thumbnailUrl":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-content\/uploads\/2022\/12\/4027551_15971-scaled.jpg","keywords":["Cyber Security","OSINT","Threat Intelligence","Utilities"],"articleSection":["OSINT","Threat Intelligence","Utilities"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/sajinshivdas.com\/cybersecurity\/malware-analysis-tools-and-resources\/","url":"https:\/\/sajinshivdas.com\/cybersecurity\/malware-analysis-tools-and-resources\/","name":"Malware Analysis Tools and Resources | Sajin Shivdas","isPartOf":{"@id":"https:\/\/sajinshivdas.com\/cybersecurity\/#website"},"primaryImageOfPage":{"@id":"https:\/\/sajinshivdas.com\/cybersecurity\/malware-analysis-tools-and-resources\/#primaryimage"},"image":{"@id":"https:\/\/sajinshivdas.com\/cybersecurity\/malware-analysis-tools-and-resources\/#primaryimage"},"thumbnailUrl":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-content\/uploads\/2022\/12\/4027551_15971-scaled.jpg","datePublished":"2022-12-08T11:09:55+00:00","dateModified":"2024-08-13T10:18:16+00:00","description":"Explore essential malware analysis tools and resources to enhance your cybersecurity skills and protect against threats.","breadcrumb":{"@id":"https:\/\/sajinshivdas.com\/cybersecurity\/malware-analysis-tools-and-resources\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/sajinshivdas.com\/cybersecurity\/malware-analysis-tools-and-resources\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sajinshivdas.com\/cybersecurity\/malware-analysis-tools-and-resources\/#primaryimage","url":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-content\/uploads\/2022\/12\/4027551_15971-scaled.jpg","contentUrl":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-content\/uploads\/2022\/12\/4027551_15971-scaled.jpg","width":2560,"height":2560,"caption":"Internet hackers groups gangs and criminal professional programmers net flat round infographic poster with octopus symbol vector illustration"},{"@type":"BreadcrumbList","@id":"https:\/\/sajinshivdas.com\/cybersecurity\/malware-analysis-tools-and-resources\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/sajinshivdas.com\/cybersecurity\/"},{"@type":"ListItem","position":2,"name":"Malware Analysis Tools and Resources"}]},{"@type":"WebSite","@id":"https:\/\/sajinshivdas.com\/cybersecurity\/#website","url":"https:\/\/sajinshivdas.com\/cybersecurity\/","name":"sajinshivdas.com","description":"Cybersecurity - Information security Resources, Articles and Latest News","publisher":{"@id":"https:\/\/sajinshivdas.com\/cybersecurity\/#\/schema\/person\/af1d121cbedd3ce64369f21a359ff2e6"},"alternateName":"Sajin Shivdas","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/sajinshivdas.com\/cybersecurity\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/sajinshivdas.com\/cybersecurity\/#\/schema\/person\/af1d121cbedd3ce64369f21a359ff2e6","name":"Sajin Shivdas","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-content\/uploads\/2023\/01\/5dbd4f42-9550-4c99-82e9-34f3c99a2253.png","url":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-content\/uploads\/2023\/01\/5dbd4f42-9550-4c99-82e9-34f3c99a2253.png","contentUrl":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-content\/uploads\/2023\/01\/5dbd4f42-9550-4c99-82e9-34f3c99a2253.png","width":1000,"height":500,"caption":"Sajin Shivdas"},"logo":{"@id":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-content\/uploads\/2023\/01\/5dbd4f42-9550-4c99-82e9-34f3c99a2253.png"},"sameAs":["http:\/\/sajinshivdas.com\/security","www.linkedin.com\/in\/sajin-shivdas"]}]}},"_links":{"self":[{"href":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-json\/wp\/v2\/posts\/6340","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-json\/wp\/v2\/comments?post=6340"}],"version-history":[{"count":0,"href":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-json\/wp\/v2\/posts\/6340\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-json\/wp\/v2\/media\/6342"}],"wp:attachment":[{"href":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-json\/wp\/v2\/media?parent=6340"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-json\/wp\/v2\/categories?post=6340"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-json\/wp\/v2\/tags?post=6340"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}