Malware analysis and reverse engineering is up there as a favorite with computer forensics. I am not sure if it is the investigative approach to malware analysis – finding out how these bad programs work, or the opportunity to hone my assembly programming skills.
- PCSL – Malware Research & Independent Testing of Security Software
- Frank Boldewin’s Reconstructor.org
- VX Heavens
- MC AV-Test site
- F-Secure News from the Lab Blog
- Open Reverse Code (OpenRCE)
- Uninformed (Reverse Engineering)
- Evilcodecave (Reverse Engineering)
- Microsoft Malware Protection Center
- McAfee Labs Blog
- Anti-Malware Testing Standards Organization
- Inguardians’ Spycar Spyware Simulator Tool
- Tracking GhostNet – Investigating a Cyber Espionage Network
- Malware Domain List
- Fighting Malware (URL List)
- Popular Malware Kits and Tools
- finjan Malicious Code Research
- IcePack Malware Kit
- If you are looking for a good spot to find some of the latest malware kits, have a look at Contagio – http://contagiodump.blogspot.ca/
Tools
- RECmd – RECmd is the command line component of Registry Explorer and opens up a remarkable capability to script and automate registry data collection. Tool that assists in finding Registry Malware Persistence with RECmd
- Timeline Explorer – a program that started out as a means to view mactime and Plaso generated CSV timelines without the need to use Excel. From these two formats, it has expanded into a tool that supports a wide variety of file formats generated by forensic tools in addition to any random CSV or Excel file you may run across.
- ApateDNS – A must when undertaking dynamic memory analysis. This tool is perfect for controlling DNS responses though an easy-to-use GUI.
- FLARE VM – FLARE VM is a Windows-based security distribution for malware analysis, incident response, and penetration testing.
Comments are closed.