diff --git a/README.md b/README.md index 3de0fba..357c7ea 100644 --- a/README.md +++ b/README.md @@ -261,13 +261,13 @@ A curated list of awesome malware analysis tools and resources. Inspired by * [Dig](http://networking.ringofsaturn.com/) - Free online dig and other network tools. * [dnstwist](https://github.com/elceef/dnstwist) - Domain name permutation -engine for detecting typo squatting, phishing and corporate espionage. + engine for detecting typo squatting, phishing and corporate espionage. * [IPinfo](https://github.com/hiddenillusion/IPinfo) - Gather information about an IP or domain by searching online resources. * [Machinae](https://github.com/hurricanelabs/machinae) - OSINT tool for gathering information about URLs, IPs, or hashes. Similar to Automator. * [mailchecker](https://github.com/FGRibreau/mailchecker) - Cross-language -temporary email detection library. + temporary email detection library. * [MaltegoVT](https://github.com/jiachongzhi/MaltegoVT) - Maltego transform for the VirusTotal API. Allows domain/IP research, and searching for file hashes and scan reports. @@ -304,7 +304,7 @@ temporary email detection library. * [jsunpack-n](https://github.com/urule99/jsunpack-n) - A javascript unpacker that emulates browser functionality. * [Krakatau](https://github.com/Storyyeller/Krakatau) - Java decompiler, -assembler, and disassembler. + assembler, and disassembler. * [Malzilla](http://malzilla.sourceforge.net/) - Analyze malicious web pages. * [RABCDAsm](https://github.com/CyberShadow/RABCDAsm) - A "Robust ActionScript Bytecode Disassembler." @@ -428,7 +428,7 @@ the [browser malware](#browser-malware) section.* * [pestudio](https://winitor.com/) - Perform static analysis of Windows executables. * [plasma](https://github.com/joelpx/plasma) - Interactive disassembler for -x86/ARM/MIPS. + x86/ARM/MIPS. * [Process Monitor](https://technet.microsoft.com/en-us/sysinternals/bb896645.aspx) - Advanced monitoring tool for Windows programs. * [Pyew](https://github.com/joxeankoret/pyew) - Python tool for malware @@ -460,9 +460,9 @@ x86/ARM/MIPS. * [Fiddler](http://www.telerik.com/fiddler) - Intercepting web proxy designed for "web debugging." * [Hale](https://github.com/pjlantz/Hale) - Botnet C&C monitor. -* [Haka](http://www.haka-security.org/) - Haka is an open source security -oriented language which allows to describe protocols and apply security -policies on (live) captured traffic. +* [Haka](http://www.haka-security.org/) - An open source security oriented + language for describing protocols and applying security policies on (live) + captured traffic. * [INetSim](http://www.inetsim.org/) - Network service emulation, useful when building a malware lab. * [Laika BOSS](https://github.com/lmco/laikaboss) - Laika BOSS is a file-centric @@ -496,7 +496,7 @@ policies on (live) captured traffic. * [DAMM](https://github.com/504ensicsLabs/DAMM) - Differential Analysis of Malware in Memory, built on Volatility * [evolve](https://github.com/JamesHabben/evolve) - Web interface for the -Volatility Memory Forensics Framework. + Volatility Memory Forensics Framework. * [FindAES](http://jessekornblum.livejournal.com/269749.html) - Find AES encryption keys in memory. * [Muninn](https://github.com/ytisf/muninn) - A script to automate portions @@ -510,7 +510,7 @@ Volatility Memory Forensics Framework. * [Volatility](https://github.com/volatilityfoundation/volatility) - Advanced memory forensics framework. * [VolUtility](https://github.com/kevthehermit/VolUtility) - Web Interface for -Volatility Memory Analysis framework. + Volatility Memory Analysis framework. * [WinDbg](https://msdn.microsoft.com/en-us/windows/hardware/hh852365) - Live memory inspection and kernel debugging for Windows systems. @@ -588,7 +588,7 @@ Volatility Memory Analysis framework. * [APT Notes](https://github.com/kbandla/APTnotes) - A collection of papers and notes related to Advanced Persistent Threats. * [File Formats posters](https://github.com/corkami/pics) - Nice visualization -of commonly used file format (including PE & ELF). + of commonly used file format (including PE & ELF). * [Honeynet Project](http://honeynet.org/) - Honeypot tools, papers, and other resources. * [Kernel Mode](http://www.kernelmode.info/forum/) - An active community devoted to @@ -597,12 +597,13 @@ of commonly used file format (including PE & ELF). blog and resources by Lenny Zeltser. * [Malware Analysis Search](https://cse.google.com/cse/home?cx=011750002002865445766%3Apc60zx1rliu) - Custom Google search engine from [Corey Harrell](journeyintoir.blogspot.com/). -* [Malware Analysis Tutorials](http://fumalwareanalysis.blogspot.nl/p/malware-analysis-tutorials-reverse.html) - The Malware - Analysis Tutorials by Dr. Xiang Fu are a great resource for learning practical malware analysis. +* [Malware Analysis Tutorials](http://fumalwareanalysis.blogspot.nl/p/malware-analysis-tutorials-reverse.html) - The Malware Analysis Tutorials by Dr. Xiang Fu, a great resource for learning + practical malware analysis. * [Malware Samples and Traffic](http://malware-traffic-analysis.net/) - This blog focuses on network traffic related to malware infections. -* [Practical Malware Analysis Starter Kit](https://bluesoul.me/practical-malware-analysis-starter-kit/) - This package contains most of the - software referenced in the Practical Malware Analysis book. +* [Practical Malware Analysis Starter Kit](https://bluesoul.me/practical-malware-analysis-starter-kit/) - + This package contains most of the software referenced in the Practical Malware + Analysis book. * [RPISEC Malware Analysis](https://github.com/RPISEC/Malware) - These are the course materials used in the Malware Analysis course at at Rensselaer Polytechnic Institute during Fall 2015.