Red Teaming and Malware Analysis
Red Teaming and Malware Analysis
@sirpedrotavares
seguranca-informatica.pt
0xSI_f33d
About
Red Teaming
Cheat Sheet
Active Directory 101
Fuzzing and Web
Initial Foothold
Privilege Escalation (Privesc)
Lateral Movement (Pivoting)
Persistence
Command and Control (C&C)
Data Exfiltration
CVE & Exploits / CTF
Tools
Resources
Malware Analysis
Unpacking
Tools
Debuggers / Disassemblers
Decompilers
Detection and Classification
Deobfuscation
Debugging and Reverse Engineering
Memory
File Analysis
Emulators
Network Traffic Analysis
Other
Online Tools
Resources
Mobile
Tools
Android Dynamic Analysis
IoT / ARM
Reverse IoT devices
Tools
Resources
Powered by GitBook

Debuggers / Disassemblers

Ollydbg [v1.10 or v2.0.] – OllyDbg is a 32-bit assembler level analyzing debugger for Microsoft® Windows®.

Ollydbg Plugins: StrongOD (OllyDbg plugin) – This plug-in provides three kinds of ways to initiate the process. Ollydbg with 10 plugins – StrongOD v0.4.8.892; PhantOm Plugin v1.85; OllyStepNSearch v0.6.2; OllyDump v3.00.110; EasyController v1.0.5.0; Analyze This v0.1; Labless v1.1.2.85

OllyDRXA modified version of Ollydgb with useful plugins.

Immunity Debugger – It’s a powerful new way to write exploits, analyze malware, and reverse engineer binary files.

WINDBGMicrosoft Windows Debugger (WinDbg) is a powerful Windows-based debugger that is capable of both user-mode and kernel-mode debugging (my favourite tool).

x64dbg – An open-source x64/x32 debugger for Windows. Please, see all the available plugins here.

IDA PRO – IDA is a Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger that offers so many features it is hard to describe them all.

IDA PRO Plugins: IDAGolangHelper – Set of IDA Pro scripts for parsing GoLang types information stored in compiled binary.

ScyllaHide – ScyllaHide is an advanced open-source x64/x86 usermode Anti-Anti-Debug library. It can be used both in Ollydbg and X64dbg. Enjoy it.

flare-ida – This repository contains a collection of IDA Pro scripts and plugins used by the FireEye Labs Advanced Reverse Engineering (FLARE) team.

GHIDRA – A software reverse engineering (SRE) suite of tools developed by NSA’s Research Directorate in support of the Cybersecurity mission.

Hopper – The macOS and Linux Disassembler.

plasma – PLASMA is an interactive disassembler. It can generate a more readable assembly (pseudo code) with colored syntax.

Previous
Tools
Next
Decompilers
Last updated 3 months ago