Merge 092a0bd0cc into a3f07a0452

Merge pull request #217 from damoklov/main
Added Qiling Framework
2024-04-19 22:41:19 +08:00 · 2024-04-19 22:41:09 +08:00 · 2024-04-19 22:35:31 +08:00 · 2024-04-18 23:17:53 +08:00 · 2024-04-15 21:39:00 +08:00 · 2024-03-27 11:29:07 +08:00
2 changed files with 12 additions and 11 deletions
--- a/README.md
+++ b/README.md
@ -222,8 +222,7 @@ View Chinese translation: [恶意软件分析大合集.md](恶意软件分析大
 * [AnalyzePE](https://github.com/hiddenillusion/AnalyzePE) - Wrapper for a
  variety of tools for reporting on Windows PE files.
-* [Assemblyline](https://bitbucket.org/cse-assemblyline/assemblyline) - A scalable
+* [Assemblyline](https://cybercentrecanada.github.io/assemblyline4_docs/) - A scalable file triage and malware analysis system integrating the cyber security community's best tools..
  distributed file analysis framework.
 * [BinaryAlert](https://github.com/airbnb/binaryalert) - An open source, serverless
  AWS pipeline that scans and alerts on uploaded files based on a set of
  YARA rules.
@ -257,7 +256,7 @@ executables.
 * [Nauz File Detector(NFD)](https://github.com/horsicq/Nauz-File-Detector) - Linker/Compiler/Tool detector  for Windows, Linux and MacOS.
 * [nsrllookup](https://github.com/rjhansen/nsrllookup) - A tool for looking
  up hashes in NIST's National Software Reference Library database.
-* [packerid](http://handlers.sans.org/jclausing/packerid.py) - A cross-platform
+* [packerid](https://github.com/sooshie/packerid) - A cross-platform
  Python alternative to PEiD.
 * [PE-bear](https://hshrzd.wordpress.com/pe-bear/) - Reversing tool for PE
  files.
@ -288,8 +287,6 @@ executables.
 * [any.run](https://app.any.run/) - Online interactive sandbox.
 * [AndroTotal](https://andrototal.org/) - Free online analysis of APKs
  against multiple mobile antivirus apps.
 * [AVCaesar](https://avcaesar.malware.lu/) - Malware.lu online scanner and
  malware repository.
 * [BoomBox](https://github.com/nbeede/BoomBox) - Automatic deployment of Cuckoo
  Sandbox malware lab using Packer and Vagrant.
 * [Cryptam](http://www.cryptam.com/) - Analyze suspicious office documents.
@ -388,7 +385,7 @@ executables.
 * [0xSI_f33d] (https://feed.seguranca-informatica.pt) - Free service for detecting possbible phishing and malware domains, blacklisted IPs within the Portuguese cyberspace.
 * [PhishStats](https://phishstats.info/) - Phishing Statistics with search for
  IP, domain and website title
-* [Spyse](https://spyse.com/) - subdomains, whois, realted domains, DNS, hosts AS, SSL/TLS info,  
+* [Spyse](https://spyse.com/) - subdomains, whois, realted domains, DNS, hosts AS, SSL/TLS info,
 * [SecurityTrails](https://securitytrails.com/) - Historical and current WHOIS,
  historical and current DNS records, similar domains, certificate information
  and other domain and IP related API and tools.
@ -624,6 +621,8 @@ the [browser malware](#browser-malware) section.*
  analysis.
 * [PyREBox](https://github.com/Cisco-Talos/pyrebox) - Python scriptable reverse
  engineering sandbox by the Talos team at Cisco.
 * [Qiling Framework](https://www.qiling.io/) - Cross platform emulation and sanboxing
  framework with instruments for binary analysis.
 * [QKD](https://github.com/ispras/qemu/releases/) - QEMU with embedded WinDbg
  server for stealth debugging.
 * [Radare2](http://www.radare.org/r/) - Reverse engineering framework, with
@ -643,7 +642,7 @@ the [browser malware](#browser-malware) section.*
  plugin for Sublime 3 to aid with malware analyis.
 * [strace](https://sourceforge.net/projects/strace/) - Dynamic analysis for
  Linux executables.
-* [StringSifter](https://github.com/fireeye/stringsifter) - A machine learning tool 
+* [StringSifter](https://github.com/fireeye/stringsifter) - A machine learning tool
  that automatically ranks strings based on their relevance for malware analysis.
 * [Triton](https://triton.quarkslab.com/) - A dynamic binary analysis (DBA) framework.
 * [Udis86](https://github.com/vmt/udis86) - Disassembler library and tool
@ -730,6 +729,8 @@ the [browser malware](#browser-malware) section.*
  code integrity and write support.
 * [Muninn](https://github.com/ytisf/muninn) - A script to automate portions
  of analysis using Volatility, and create a readable report.
  [Orochi](https://github.com/LDO-CERT/orochi) - Orochi is an open source framework for 
  collaborative forensic memory dump analysis. 
 * [Rekall](http://www.rekall-forensic.com/) - Memory analysis framework,
  forked from Volatility in 2013.
 * [TotalRecall](https://github.com/sketchymoose/TotalRecall) - Script based
@ -849,8 +850,8 @@ the [browser malware](#browser-malware) section.*
  Presentation introducing the concepts of malware analysis, threat intelligence
  and reverse engineering. Experience or prior knowledge is not required. Labs
  link in description.
-* [Malware Persistence](https://github.com/Karneades/malware-persistence) - Collection 
+* [Malware Persistence](https://github.com/Karneades/malware-persistence) - Collection
-  of various information focused on malware persistence: detection (techniques), 
+  of various information focused on malware persistence: detection (techniques),
  response, pitfalls and the log collection (tools).
 * [Malware Samples and Traffic](http://malware-traffic-analysis.net/) - This
  blog focuses on network traffic related to malware infections.
--- a/恶意软件分析大合集.md
+++ b/恶意软件分析大合集.md
@ -153,7 +153,7 @@
 *反病毒和其他恶意软件识别工具*
 * [AnalyzePE](https://github.com/hiddenillusion/AnalyzePE) - Windows PE 文件的分析器
-* [Assemblyline](https://bitbucket.org/cse-assemblyline/assemblyline) - 大规模分布式文件分析框架
+* [Assemblyline](https://cybercentrecanada.github.io/assemblyline4_docs/) - 大规模分布式文件分析框架
 * [BinaryAlert](https://github.com/airbnb/binaryalert) - 开源、无服务 AWS 管道，用于对上传的文件使用 YARA 进行扫描和报警
 * [capa](https://github.com/fireeye/capa) - 检测可执行文件的攻击能力
 * [chkrootkit](http://www.chkrootkit.org/) - 本地 Linux rootkit 检测
@ -342,7 +342,7 @@
 * [Capstone](https://github.com/aquynh/capstone) - 二进制分析反汇编框架，支持多种架构和许多语言
 * [codebro](https://github.com/hugsy/codebro) - 使用 clang 提供基础代码分析的 Web 端代码浏览器
 * [Cutter](https://github.com/radareorg/cutter) - Radare2 的 GUI
-* [DECAF (Dynamic Executable Code Analysis Framework)](https://github.com/sycurelab/DECAF) 
+* [DECAF (Dynamic Executable Code Analysis Framework)](https://github.com/sycurelab/DECAF)
  - 基于 QEMU 的二进制分析平台，DroidScope 是 DECAF 的扩展
 * [dnSpy](https://github.com/0xd4d/dnSpy) - .NET 编辑器、编译器、调试器
 * [dotPeek](https://www.jetbrains.com/decompiler/) - 免费 .NET 反编译与汇编浏览器
Author	SHA1	Message	Date
Pedro Tavares	7438a135b4	Merge `092a0bd0cc` into `a3f07a0452`	2024-04-19 22:41:19 +08:00
Avenger	a3f07a0452	Merge pull request #217 from damoklov/main Added Qiling Framework	2024-04-19 22:41:09 +08:00
Avenger	d9be38e887	Merge pull request #214 from SpeksForks/main Updating dead link for packerid	2024-04-19 22:35:31 +08:00
Avenger	19554e7df1	Merge pull request #235 from vxsh4d0w/patch-1 Orochi is an open source framework for collaborative forensic memory dump analysis.	2024-04-18 23:17:53 +08:00
Avenger	73a5b0c76c	Merge pull request #246 from cccs-kevin/update/AL-link Updating the Assemblyline link and description	2024-04-15 21:39:00 +08:00
Avenger	448522ad9e	Merge pull request #219 from gothicx/patch-1 AVCaesar - Discontinued	2024-03-27 11:29:07 +08:00
cccs-kevin	8541aedf3f	Updating Assemblyline's description	2023-10-19 20:26:23 +00:00
cccs-kevin	4790b43f92	Updating the Assemblyline link	2023-10-19 20:25:00 +00:00
V	16e814114d	Added Orochi Added Orochi, an open source framework for collaborative forensic memory dump analysis.	2021-12-31 09:43:50 +00:00
Marco Rodrigues	0e6ad32aef	AVCaesar - Discontinued	2020-10-11 20:08:32 +02:00
damoklov	9dbc8c084f	Added Qiling Framework	2020-10-01 20:54:32 +03:00
Peter Thaleikis	1037a22b1a	Updating dead link for packerid	2020-09-30 16:40:38 +04:00