【逆向知识】GitHub:Awesome-Hacking(黑客技能列表-逆向)

0 初衷

GitHub这一份黑客技能列表很不错，包含了多个方向的安全。但目前我关注只有逆向工程与恶意代码，所以其他的被暂时略过。
虽然很感谢作者的辛勤付出，但并不打算复制粘贴全套转载。逐条整理是为了从大量资源里梳理出自己觉得实用性很高的东西。

《Awesome-Hacking》
https://github.com/Hack-with-Github/Awesome-Hacking

Awesome Hacking系列-逆向

• 逆向：关于逆向的图书、培训、实战、工具等
  https://github.com/tylerhalfpop/awesome-reversing

1 逆向

awesome-reversing系列逆向资源列表清单

2.1 Books

逆向工程书籍

• The IDA Pro Book 《《IDA Pro权威指南(第2版)》》
• Reverse Engineering for Beginners 《逆向工程权威指南》
• Assembly Language for Intel-Based Computers (5th Edition) 《Intel汇编语言程序设计（第五版）》
• Practical Reverse Engineering 《逆向工程实战》
• Reversing: Secrets of Reverse Engineering 《Reversing:逆向工程揭密》
• Practical Malware Analysis 《恶意代码分析实战》
• Malware Analyst's Cookbook 《恶意软件分析诀窍与工具箱》
• Gray Hat Hacking 《灰帽黑客》
• The Art of Memory Forensics
• Hacking: The Art of Exploitation 《黑客之道：漏洞发掘的艺术》
• Fuzzing for Software Security
• Art of Software Security Assessment
• The Antivirus Hacker's Handbook
• The Rootkit Arsenal 《Rootkit:系统灰色地带的潜伏者中文》
• Windows Internals Part 1 Part 2 《深入解析windows操作系统》
• Inside Windows Debugging
• iOS Reverse Engineering 《iOS逆向工程》
• The Shellcoders Handbook
• A Guide to Kernel Exploitation
• Agner's software optimization resources

2.2 Courses

逆向工程课程

• Lenas Reversing for Newbies
  https://tuts4you.com/download.php?list.17

• Open Security Training
  http://opensecuritytraining.info/Training.html

• Dr. Fu's Malware Analysis
  http://fumalwareanalysis.blogspot.sg/p/malware-analysis-tutorials-reverse.html

• Binary Auditing Course
  http://www.binary-auditing.com/

• TiGa's Video Tutorials
  http://www.woodmann.com/TiGa/

• Legend of Random
  https://tuts4you.com/download.php?list.97

• Modern Binary Exploitation
  http://security.cs.rpi.edu/courses/binexp-spring2015/

• RPISEC Malware Course
  https://github.com/RPISEC/Malware

• SANS FOR 610 GREM
  https://www.sans.org/course/reverse-engineering-malware-malware-analysis-tools-techniques/Type/asc/all

• REcon Training
  https://recon.cx/2015/training.html

• Blackhat Training
  https://www.blackhat.com/us-16/training/

• Offensive Security
  https://www.offensive-security.com/information-security-training/

• Corelan Training
  https://www.corelan-training.com/

• Offensive and Defensive Android Reversing
  https://github.com/rednaga/training/raw/master/DEFCON23/O%26D%20-%20Android%20Reverse%20Engineering.pdf

• Reverse Engineering Malware 101
  https://securedorg.github.io/RE101/

• ARM Assembly Basics
  https://azeria-labs.com/writing-arm-assembly-part-1/

2.3 Practice

实践逆向工程。小心恶意软件。

• Crackmes.de
  http://www.crackmes.de/
• OSX Crackmes
  https://reverse.put.as/crackmes/
• ESET Challenges
  http://www.joineset.com/jobs-analyst.html
• Flare-on Challenges
  http://flare-on.com/
• Github CTF Archives
  http://github.com/ctfs/
• Reverse Engineering Challenges
  http://challenges.re/
• xorpd Advanced Assembly Exercises
  http://www.xorpd.net/pages/xchg_rax/snip_00.html
• Virusshare.com
  http://virusshare.com/
• Contagio
  http://contagiodump.blogspot.com/
• Malware-Traffic-Analysis
  https://malware-traffic-analysis.com/
• Malshare
  http://malshare.com/
• Malware Blacklist
  http://www.malwareblacklist.com/showMDL.php
• malwr.com
  https://malwr.com/
• vxvault
  http://vxvault.net/

2.4 Hex Editors

• HxD
  https://mh-nexus.de/en/hxd

• 010 Editor
  http://www.sweetscape.com/010editor

• Hex Workshop
  http://www.hexworkshop.com

• HexFiend
  http://ridiculousfish.com/hexfiend

• Hiew
  http://www.hiew.ru

2.5 Binary Format

• CFF Explorer
  http://www.ntcore.com/exsuite.php

• Cerbero Profiler
  http://cerbero.io/profiler/

• Lite PE Insider
  http://cerbero.io/peinsider/

• Detect It Easy
  http://ntinfo.biz/

• PeStudio
  http://www.winitor.com/

• PEiD
  https://tuts4you.com/download.php?view.398

• MachoView
  https://github.com/gdbinit/MachOView

• nm - View Symbols
  https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man1/nm.1.html

• file - File information
  https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man1/file.1.html

• codesign - Code signing information usage: codesign -dvvv filename
  https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man1/codesign.1.html

2.6 Disassemblers

• IDA Pro
  https://www.hex-rays.com/products/ida/index.shtml

• Binary Ninja
  https://binary.ninja/

• Radare
  http://www.radare.org/r/

• Hopper
  http://hopperapp.com/

• Capstone
  http://www.capstone-engine.org/

• objdump
  http://linux.die.net/man/1/objdump

• fREedom
  https://github.com/cseagle/fREedom

2.7 Binary Analysis

• Mobius Resources
  http://www.msreverseengineering.com/research/

• z3
  https://github.com/Z3Prover/z3

• bap
  https://github.com/BinaryAnalysisPlatform/bap

• angr
  https://github.com/angr/angr

2.8 Bytecode Analysis

• dnSpy
  https://github.com/0xd4d/dnSpy

• Bytecode Viewer
  https://bytecodeviewer.com/

• Bytecode Visualizer
  http://www.drgarbage.com/bytecode-visualizer/

• JPEXS Flash Decompiler
  https://www.free-decompiler.com/flash/

2.9 Import Reconstruction

输入表重建工具

• ImpRec
  http://www.woodmann.com/collaborative/tools/index.php/ImpREC

• Scylla
  https://github.com/NtQuery/Scylla

• LordPE
  http://www.woodmann.com/collaborative/tools/images/Bin_LordPE_2010-6-29_3.9_LordPE_1.41_Deluxe_b.zip

3.0 Dynamic Analysis

• ProcessHacker
  http://processhacker.sourceforge.net/
• Process Explorer
  https://technet.microsoft.com/en-us/sysinternals/processexplorer
• Process Monitor
  https://technet.microsoft.com/en-us/sysinternals/processmonitor
• Autoruns
  https://technet.microsoft.com/en-us/sysinternals/bb963902
• Noriben
  https://github.com/Rurik/Noriben
• API Monitor
  http://www.rohitab.com/apimonitor
• iNetSim
  http://www.inetsim.org/
• Wireshark
  https://www.wireshark.org/download.html
• Fakenet
  http://practicalmalwareanalysis.com/fakenet/
• netzob
  https://www.netzob.org/
• Volatility
  https://github.com/volatilityfoundation/volatility
• LiME
  https://github.com/504ensicsLabs/LiME

• Cuckoo
  https://www.cuckoosandbox.org/
  -Objective-See Utilities
  https://objective-see.com/products.html

• dtrace - sudo dtruss = strace dtrace recipes
  http://dtrace.org/blogs/brendan/2011/10/10/top-10-dtrace-scripts-for-mac-os-x/
  http://mfukar.github.io/2014/03/19/dtrace.html
• fs_usage - report system calls and page faults related to filesystem activity in real-time. File I/O: fs_usage -w -f filesystem
  https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man1/fs_usage.1.html

• dmesg - display the system message buffer
  https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man8/dmesg.8.html

3.1 Debugging

• WinDbg
  https://msdn.microsoft.com/en-us/windows/hardware/hh852365.aspx
• OllyDbg v1.10
  http://www.ollydbg.de/
• OllyDbg v2.01
  http://www.ollydbg.de/version2.html
• OllySnD
  https://tuts4you.com/download.php?view.2061
• Olly Shadow
  https://tuts4you.com/download.php?view.6
• Olly CiMs
  https://tuts4you.com/download.php?view.1206
• Olly UST_2bg
  https://tuts4you.com/download.php?view.2816
• x64dbg
  http://x64dbg.com/#start
• gdb
  https://www.gnu.org/software/gdb/
• vdb
  https://github.com/vivisect/vivisect
• lldb
  http://lldb.llvm.org/
• qira
  http://qira.me/
• unicorn
  https://github.com/unicorn-engine/unicorn

3.2 Mac Decrypt

• Cerbero Profiler - Select all -> Copy to new file
  http://cerbero-blog.com/?p=1311

• AppEncryptor - Tool for decrypting
  https://github.com/AlanQuatermain/appencryptor

• Class-Dump - use deprotect option
  http://stevenygard.com/projects/class-dump/

• readmem - OS X Reverser's process dumping tool
  https://github.com/gdbinit/readmem

3.3 Document Analysis

• Ole Tools
  http://www.decalage.info/python/oletools
• Didier's PDF Tools
  http://blog.didierstevens.com/programs/pdf-tools/
• Origami
  https://github.com/cogent/origami-pdf

3.4 Scripting

• IDA Python Src
  https://github.com/idapython/src
• IDC Functions Doc
  https://www.hex-rays.com/products/ida/support/idadoc/162.shtml
• Using IDAPython to Make your Life Easier
  http://researchcenter.paloaltonetworks.com/tag/idapython/
• Introduction to IDA Python
  https://tuts4you.com/download.php?view.3229
• The Beginner's Guide to IDA Python
  https://leanpub.com/IDAPython-Book
• IDA Plugin Contest
  https://www.hex-rays.com/contests/
• onehawt IDA Plugin List
  https://github.com/onethawt/idaplugins-list
• pefile Python Libray
  https://github.com/erocarrera/pefile

3.5 Android

• Android Developer Studio
  http://developer.android.com/sdk/index.html
• APKtool
  http://ibotpeaches.github.io/Apktool/
• dex2jar
  https://github.com/pxb1988/dex2jar
• Bytecode Viewer
  https://bytecodeviewer.com/
• IDA Pro
  https://www.hex-rays.com/products/ida/index.shtml

3.6 Yara

• Yara docs
  http://yara.readthedocs.org/en/v3.4.0/writingrules.html

• yarGen
  https://github.com/Neo23x0/yarGen

参考

• 1、GitHub 万星推荐：黑客成长技术清单
  http://www.4hou.com/info/news/7061.html