Reference Guide – Reversing & Malware Analysis Training

Posted: 24/12/2012 in Uncategorized

reblogged from http://xcyb0rg.wordpress.com/2012/08/13/reference-guide-reversing-malware-analysis-training/

 

Source: securityxploded.com/malware-analysis-training-reference

Here is the complete reference guide to all sessions of our Reverse Engineering & Malware Analysis Training program.

 
Part 1 – Lab Setup Guide
 
  1.  Virtualization:
    1. VmWare – http://www.vmware.com/
    2. VirtualBox – https://www.virtualbox.org/
  2.  Tools Development:
    1. Compilers/IDE:
      1. Dev C++ – http://www.bloodshed.net/devcpp.html
      2. Microsoft Visual C++ – http://www.microsoft.com/visualstudio/en-us/products/2010-editions/visual-cpp-express
    2.  Assemblers:
      1. MASM – http://www.masm32.com/
      2. NASM – http://www.nasm.us/
      3. WinAsm (IDE) – http://www.winasm.net/
    3. Langugages:
      1. Python – http://python.org/
  3. Tools Reverse Engineering:
    1. Disassembler:
      1. IDA (5.0) – http://www.hex-rays.com/products/ida/support/download.shtml
      2. IDAPython – http://code.google.com/p/idapython/
    2. Debuggers:
      1. OllyDbg – http://www.ollydbg.de/
      2. Immunity Debugger – http://immunityinc.com/products-immdbg.shtml
      3. Windbg – http://msdn.microsoft.com/en-us/windows/hardware/gg463009
      4. Pydbg – http://code.google.com/p/paimei/
    3. PE file Format:
      1. PEView – http://www.magma.ca/~wjr/
      2. PEBrowse – http://www.smidgeonsoft.prohosting.com/pebrowse-pro-file-viewer.html
      3. LordPE – http://www.woodmann.com/collaborative/tools/index.php/LordPE
      4. ImpRec – http://www.woodmann.com/collaborative/tools/index.php/ImpREC
      5. PEid – http://www.peid.info/ vi. ExeScan – http://securityxploded.com/exe-scan.php
    4. Process:
      1. ProcMon – http://technet.microsoft.com/en-us/sysinternals/bb896645
      2. Process Explorer – http://technet.microsoft.com/en-us/sysinternals/bb896653
    5. Network:
      1. WireShark – http://www.wireshark.org/
      2. TcpView – http://technet.microsoft.com/en-us/sysinternals/bb897437
    6. File and Registry:
      1. Regshot: http://sourceforge.net/projects/regshot/
      2. Capturebat – http://www.honeynet.org/node/315
      3. InstallWatchPro. – http://www.brothersoft.com/downloads/installwatch-pro-2.5c.html
      4. FileMon – http://technet.microsoft.com/en-us/sysinternals/bb896642
    7. Misc:
      1. CFFexplorer – http://www.ntcore.com/exsuite.php
      2. Notepad++ – http://notepad-plus-plus.org/
      3. Dependency walker – http://www.dependencywalker.com/
      4. Sysinternal Tools – http://technet.microsoft.com/en-us/sysinternals/bb842062
 
 
Part 2 – Introduction to Windows Internals
 
  1. Book: Windows Internals 5th Edition – Chapter 1, 2, 3, 5, 9
  2. Windows Architecture – http://technet.microsoft.com/en-us/library/cc768129.aspx
  3. Book: RootKit Arsenal – Part 1 – Windows System Architecture
  4. System Service Dispatching – http://www.codeproject.com/KB/system/hide-driver/NtCallScheme_small.png
 
 
Part 3 – Windows PE File Format Basics
 
  1. Portable Executable File Format – A Reverse Engineer View – Goppit – http://ivanlef0u.fr/repo/windoz/pe/CBM_1_2_2006_Goppit_PE_Format_Reverse_Engineer_View.pdf
  2. An In-Depth Look into the Win32 Portable Executable File Format by Matt Pietrek http://msdn.microsoft.com/en-us/magazine/cc301805.aspx
  3. Lena 151 tutorials – http://tuts4you.com/download.php?list.17
  4. Icezelion’s PE tutorials – http://win32assembly.online.fr/tutorials.html
 
 
Part 4 – Assembly Programming Basics
 
  1. Assembly Programming: A Beginners Guide – http://securityxploded.com/assembly-programming-beginners-guide.php
  2. Icezelion’s Win32 Assembly Programming Tutorials  – http://win32assembly.online.fr/tutorials.html
  3. Function Calling Convention Demystified – http://www.codeproject.com/KB/cpp/calling_conventions_demystified.aspx
  4. Intel Manual – Volume 2 (Instruction set), Volume 3 (system programming 3A) –
    http://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-manual-325462.pdf
 
 
Part 5 – Reverse Engineering Tools Basics
 
  1. Video – Intro to OllyDbg and its Settings – http://www.youtube.com/watch?v=UqnQCVvYk3A
  2. Video – Intro to IDA Pro Disassembler – http://www.youtube.com/watch?v=zvWc-XsBKrA
  3. Automation of Reversing Through Scripting – http://securityxploded.com/automation-reversing-scripting.php
 
 
Part 6 – Practical Reversing (I)
 
  1. Video Demonstration – Reversing Sample Crackme using IDA Pro http://www.youtube.com/watch?v=6r5Q7YYnUSc
  2. Creating KEYGEN for Crackme Code http://securityxploded.com/creating-keygen-for-crackme.php
  3. Lena 151 tutorials – part1 to part 10 –http://tuts4you.com/download.php?list.17
  4. Book: ‘The IDA Pro Book’ – Unofficial Guide to IDA Pro http://www.amazon.com/The-IDA-Pro-Book-Disassembler/dp/1593272898
  5. Book: Practical Malware Analysis – chapter 1-7 http://www.amazon.com/Practical-Malware-Analysis-Dissecting-Malicious/dp/1593272901
  6. Book: Reversing – Secrets of Reverse Engineering – chapter 1,2,3,4,5,8 http://www.amazon.com/Reversing-Secrets-Engineering-Eldad-Eilam/dp/0764574817
 
 
Part 7 – Practical Reversing II: Unpacking UPX
 
  1. Video Demonstration – Unpacking UPX using OllyDbg & ImpREC http://http://vimeo.com/42197903
  2. Manual Unpacking of UPX using OllyDbg http://securityxploded.com/unpackingupx.php
  3. UPX: Ultimate Packer for Executables http://upx.sourceforge.net/
  4. ImpREC: Import Table Reconstruction Tool http://securityxploded.net/download/Imprec.zip
  5. Best Unpacking Tutorials by ARTeam http://www.accessroot.com/
 
 
Part 8 – Practical Reversing III: Malware Memory Forensics
 
  1. Demo Video – http://www.youtube.com/watch?v=YcVusDjnBxw
  2. Malware Memory Forensics Article http://securityxploded.com/malware-memory-forensics.php
  3. Volatility – An advanced memory forensics framework http://code.google.com/p/volatility/
  4. Volatility – Volatile memory analysis research http://volatility.tumblr.com/
  5. MoonSols Windows Memory Toolkit http://www.moonsols.com/windows-memory-toolkit/
 
 
Part 9 – Practical Reversing IV: Advanced Malware Analysis
 
  1. Demo Video 1 – http://youtu.be/592uIELKUX8
  2. Demo Video 2 – http://youtu.be/3bxzvrGf5w8
  3. Volatility – An advanced memory forensics framework http://code.google.com/p/volatility/
  4. Volatility – Volatile memory analysis research http://volatility.tumblr.com/
  5. The Honeynet Project – http://www.honeynet.org/node/315
  6. Malware Analysis Tools & Training – http://zeltser.com/reverse-malware/
 
 
Part 10 – Practical Reversing V: Exploit Development Basics
 
  1. Demo Video 1 [EIP Overwrite]- http://www.youtube.com/watch?v=erl_Aee8oDg
  2. Demo Video 2 [SEH Exploitation]- http://www.youtube.com/watch?v=njQ47H7jO4s
  3. Remote Buffer Overflow Exploits – http://securityxploded.com/remote-buffer-overflow-exploits.php
  4. Exploit writing tutorials https://www.corelan.be/index.php/articles/
 
 
See Also
 

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s