2016년 1월 6일 수요일

리버싱 준비 도구

1.  가상화(Virtualization):
  i.VmWare - http://www.vmware.com/
  ii.VirtualBox - https://www.virtualbox.org/ 

2.  개발 툴(Tools Development):
  2.1. Compilers/IDE: 
      i. Dev C++ - http://www.bloodshed.net/devcpp.html
      ii. Microsoft Visual C++ - http://www.microsoft.com/visualstudio/en-us/products/2010-editions/visual-cpp-express 
  2.2. Assemblers: 
      i. MASM - http://www.masm32.com/
      ii. NASM - http://www.nasm.us/
      iii. WinAsm (IDE) - http://www.winasm.net/
  2.3. Langugages: 
      i. Python - http://python.org/

3. 리버스 엔지니어링 툴(Tools Reverse Engineering):
  3.1. Disassembler:
      i. IDA (5.0) - http://www.hex-rays.com/products/ida/support/download.shtml 
      ii.IDAPython - http://code.google.com/p/idapython/
  3.2. Debuggers:
      i. OllyDbg - http://www.ollydbg.de/ 
      ii. Immunity Debugger - http://immunityinc.com/products-immdbg.shtml 
      iii. Windbg - http://msdn.microsoft.com/en-us/windows/hardware/gg463009 
      iv. Pydbg - http://code.google.com/p/paimei/ 
  3.3. PE file Format: 
      i. PEView - http://www.magma.ca/~wjr/ 
      ii. PEBrowse - http://www.smidgeonsoft.prohosting.com/pebrowse-pro-file-viewer.html 
      iii. LordPE - http://www.woodmann.com/collaborative/tools/index.php/LordPE
      iv. ImpRec - http://www.woodmann.com/collaborative/tools/index.php/ImpREC
      v. PEid - http://www.peid.info/ vi. ExeScan - http://securityxploded.com/exe-scan.php
  3.4. Process:
      i. ProcMon - http://technet.microsoft.com/en-us/sysinternals/bb896645 
      ii. Process Explorer - http://technet.microsoft.com/en-us/sysinternals/bb896653 
  3.5. Network:
      i. WireShark - http://www.wireshark.org/
      ii. TcpView - http://technet.microsoft.com/en-us/sysinternals/bb897437 
  3.6. File and Registry:
      i. Regshot: http://sourceforge.net/projects/regshot/ 
      ii. Capturebat - http://www.honeynet.org/node/315 
      iii. InstallWatchPro. - http://www.brothersoft.com/downloads/installwatch-pro-2.5c.html 
      iv. FileMon - http://technet.microsoft.com/en-us/sysinternals/bb896642 
  3.7. Misc:
      i. CFFexplorer - http://www.ntcore.com/exsuite.php 
      ii. Notepad++ - http://notepad-plus-plus.org/ 
      iii. Dependency walker - http://www.dependencywalker.com/ 
      iv. Sysinternal Tools - http://technet.microsoft.com/en-us/sysinternals/bb842062

# References
   http://securityxploded.com/malware-analysis-training-reference.php
작성자: 시간:

댓글 없음:

댓글 쓰기

피드 구독하기: 댓글 (Atom)