Request for Resources [Malware Reversing]

[maboroshi]

Looking for resources such as websites/videos/books/articles on malware reversing. I want to understand tactics used to obfuscate/hide/remove themselves on the underlying OS I want to know the tactics used to prevent Malware Analyzers from uncovering there secrets.

I want to know as much as I can... Essentially starting from the set up of a Sandbox, tools for Network analysis to removing obfuscation from code to whatever.

Please PM me any non open source information.

Edit * From starting at complete beginner.

*cheers

Maboroshi

[scatter]

lol lucky for you am playing with same thing too as u may noticed on my last posts including exploits dev and malwares okay so here r some ressources I found to be best ones

This first section will include , slides, written courses and recorded conferences , also Vmwares used in the course env etc :

•Android Forensics & Security Testing
http://opensecuritytraining.info/AndroidForensics.html" onclick="window.open(this.href);return false;

•Pcap Analysis & Network Hunting
http://opensecuritytraining.info/Pcap.html" onclick="window.open(this.href);return false;

•Malware Dynamic Analysis
http://opensecuritytraining.info/Malwar ... lysis.html" onclick="window.open(this.href);return false;

*Crypto
http://opensecuritytraining.info/CryptoCore.html" onclick="window.open(this.href);return false;
http://opensecuritytraining.info/Cryptanalysis.html" onclick="window.open(this.href);return false;

•Introduction to Reverse Engineering Software
http://opensecuritytraining.info/Introd ... ering.html" onclick="window.open(this.href);return false;

•Reverse Engineering Malware
http://opensecuritytraining.info/Introd ... ering.html" onclick="window.open(this.href);return false;


•Rootkits: What they are, and how to find them
http://opensecuritytraining.info/Rootkits.html" onclick="window.open(this.href);return false;

•The Adventures of a Keystroke: An in-depth look into keylogging on Windows
http://opensecuritytraining.info/Keylogging.html" onclick="window.open(this.href);return false;

2nd section

*Reversing and cracking:
http://repo.zenk-security.com/Reversing%20.%20cracking/" onclick="window.open(this.href);return false; ==> French ressources and courses if you understand french, I downloaded almost all of them

http://mirror7.meh.or.id/Reverse%20Engineering/" onclick="window.open(this.href);return false; ==> List of ebooks and papers of big conferences

*Malware must die:
http://malwaremustdie.org/" onclick="window.open(this.href);return false; => they have a rich blog and they are always online especially on twitter and they always post interesting infos , to make it short they r best malware hunters and

their twitter
https://twitter.com/MalwareMustDie" onclick="window.open(this.href);return false;‎

another malware hunter who always posts good ressources and research
https://twitter.com/unixfreaxjp" onclick="window.open(this.href);return false;
his website: http://0day.jp/" onclick="window.open(this.href);return false;

A website of famous malware hunter
http://www.xylibox.com/" onclick="window.open(this.href);return false;

Malware Analysis: The Final Frontier
http://malwageddon.blogspot.fr/" onclick="window.open(this.href);return false;

Malware diaries
http://malwareblacklist.com/" onclick="window.open(this.href);return false;

List of malware sources:
http://secuboxlabs.fr/" onclick="window.open(this.href);return false;

http://vxvault.siri-urz.net/ViriList.php" onclick="window.open(this.href);return false;

Malware domain list
http://www.malwaredomainlist.com/mdl.php" onclick="window.open(this.href);return false;

[maboroshi]

Sweet thank you!

More than enough to get me started

[scatter]

Best ebook in reversing:

Reversing secrets of reverse engineering
http://rogunix.com/docs/Reversing&Explo ... eering.pdf" onclick="window.open(this.href);return false;

Hacking malware and rootkits exposed
https://www.dropbox.com/s/rkcvdqviplo8g ... otkits.pdf" onclick="window.open(this.href);return false;

":"Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software:":
https://www.dropbox.com/s/zvjnvo794m2yj ... alysis.pdf" onclick="window.open(this.href);return false;

"The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler"
https://www.dropbox.com/s/fbg5duo94avgt ... _Guide.pdf" onclick="window.open(this.href);return false;

[scatter]

Sweet thank you!

More than enough to get me started

hehe you welcome I already downloaded all of them and started

[scatter]

BTW , my latest research about the Duqu malware pack that included stiuxnet
http://en.wikipedia.org/wiki/Duqu" onclick="window.open(this.href);return false;

Read this kaspersky analysis http://www.securelist.com/en/blog/667/T ... _Framework" onclick="window.open(this.href);return false;

and look in the comments of Wes Brown who think it was made by mosquito lisp and kaspersky agree that mosquito lisp is the mysterious language used in this

Benefits of mosquito lisp :
http://dl.packetstormsecurity.net/hitb0 ... MOSREF.pdf" onclick="window.open(this.href);return false;

[bad_brain]

vxheaven might also be a good resource, now that it's finally back...

[maboroshi]

Oh nice thanks gentlemen!

[scatter]

thx b_b

also you can add this http://conference.hitb.org/hitbsecconf2 ... zation.pdf" onclick="window.open(this.href);return false;

Wes Brown seems to have many strong ressources and infos, someone must follow his path coz that man is a genius