cyber-security-resources/reverse_engineering/README.md

# Reverse Engineer References

## Hex Editors

* [010 Editor](http://www.sweetscape.com/010editor/)
* [Hex Workshop](http://www.hexworkshop.com/)
* [HexFiend](http://ridiculousfish.com/hexfiend/)
* [Hiew](http://www.hiew.ru/)
* [HxD](https://mh-nexus.de/en/hxd/)

## Disassemblers

* [Ghidra](https://ghidra-sre.org/)
* [Binary Ninja](https://binary.ninja/)
* [Capstone](http://www.capstone-engine.org/)
* [fREedom](https://github.com/cseagle/fREedom)
* [Hopper](http://hopperapp.com/)
* [IDA Pro](https://www.hex-rays.com/products/ida/index.shtml)
* [JEB](https://www.pnfsoftware.com/jeb2/)
* [objdump](http://linux.die.net/man/1/objdump)
* [Radare](http://www.radare.org/r/)

## Dynamic Analysis

* [Autoruns](https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns)
* [Process Monitor](https://docs.microsoft.com/en-us/sysinternals/downloads/procmon)
* [Process Explorer](https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer)
* [Process Hacker](https://processhacker.sourceforge.io/)
* [Noriben - Portable, Simple, Malware Analysis Sandbox](https://github.com/Rurik/Noriben)
* [API Monitor](http://www.rohitab.com/apimonitor)
* [INetSim: Internet Services Simulation Suite](http://www.inetsim.org/)
* [FakeNet](https://practicalmalwareanalysis.com/fakenet/)
* [Volatility Framework](https://github.com/volatilityfoundation/volatility)
* [Stardust](https://my.comae.io/login)
* [LiME: Linux Memory Extractor](https://github.com/504ensicsLabs/LiME)

## Sandbox and Stuff
* [Cuckoo](https://cuckoosandbox.org/)

## Deobfuscation

* [Balbuzard](https://bitbucket.org/decalage/balbuzard/wiki/Home)
* [de4dot](https://github.com/0xd4d/de4dot)
* [ex_pe_xor](ex_pe_xor)
* [iheartxor](http://hooked-on-mnemonics.blogspot.com/p/iheartxor.html)
* [FLOSS](https://github.com/fireeye/flare-floss)
* [NoMoreXOR](https://github.com/hiddenillusion/NoMoreXOR)
* [PackerAttacker](https://github.com/BromiumLabs/PackerAttacker)
* [unpacker](https://github.com/malwaremusings/unpacker/)
* [unxor](https://github.com/tomchop/unxor/)
* [VirtualDeobfuscator](https://github.com/jnraber/VirtualDeobfuscator)
* [XORBruteForcer](http://eternal-todo.com/var/scripts/xorbruteforcer)
* [XORSearch & XORStrings](https://blog.didierstevens.com/programs/xorsearch/)
* [xortool](https://github.com/hellman/xortool)


## Awesome Reversing
* https://github.com/fdivrp/awesome-reversing - a plethora of references of tools, practice sites, and other reverse engineering information

## Reverse Engineering Tutorials

* [Assembly Programming Tutorial](https://www.tutorialspoint.com/assembly_programming/index.htm)
* [ARM Assembly Basics](https://azeria-labs.com/writing-arm-assembly-part-1/)
* [Binary Auditing Course](http://www.binary-auditing.com/)
* [Corelan Training](https://www.corelan-training.com/)
* [Dr. Fu's Malware Analysis](http://fumalwareanalysis.blogspot.sg/p/malware-analysis-tutorials-reverse.html)
* [Legend of Random](https://tuts4you.com/download.php?list.97)
* [Lenas Reversing for Newbies](https://tuts4you.com/download.php?list.17)
* [Modern Binary Exploitation](http://security.cs.rpi.edu/courses/binexp-spring2015/)
* [Offensive and Defensive Android Reversing](https://github.com/rednaga/training/raw/master/DEFCON23/O%26D%20-%20Android%20Reverse%20Engineering.pdf)
* [Offensive Security](https://www.offensive-security.com/information-security-training/)
* [Open Security Training](http://opensecuritytraining.info/Training.html)
* [REcon Training](https://recon.cx/2015/training.html)
* [Reverse Engineering Malware 101](https://securedorg.github.io/RE101/)
* [RPISEC Malware Course](https://github.com/RPISEC/Malware)
* [TiGa's Video Tutorials](http://www.woodmann.com/TiGa/)
* [Malware Traffic Analysis](http://www.malware-traffic-analysis.net)

## Other Tools
### Reverse Engineering Tools

* [Interactive Disassembler (IDA Pro)](https://www.hex-rays.com/products/ida/) - Proprietary multi-processor disassembler and debugger for Windows, GNU/Linux, or macOS; also has a free version, [IDA Free](https://www.hex-rays.com/products/ida/support/download_freeware.shtml).
* [WDK/WinDbg](https://msdn.microsoft.com/en-us/windows/hardware/hh852365.aspx) - Windows Driver Kit and WinDbg.
* [OllyDbg](http://www.ollydbg.de/) - x86 debugger for Windows binaries that emphasizes binary code analysis.
* [Radare2](http://rada.re/r/index.html) - Open source, crossplatform reverse engineering framework.
* [x64dbg](http://x64dbg.com/) - Open source x64/x32 debugger for windows.
* [Immunity Debugger](http://debugger.immunityinc.com/) - Powerful way to write exploits and analyze malware.
* [Evan's Debugger](http://www.codef00.com/projects#debugger) - OllyDbg-like debugger for GNU/Linux.
* [Medusa](https://github.com/wisk/medusa) - Open source, cross-platform interactive disassembler.
* [plasma](https://github.com/joelpx/plasma) - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.
* [peda](https://github.com/longld/peda) - Python Exploit Development Assistance for GDB.
* [dnSpy](https://github.com/0xd4d/dnSpy) - Tool to reverse engineer .NET assemblies.
* [binwalk](https://github.com/devttys0/binwalk) - Fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.
* [PyREBox](https://github.com/Cisco-Talos/pyrebox) - Python scriptable Reverse Engineering sandbox by Cisco-Talos.
* [Voltron](https://github.com/snare/voltron) - Extensible debugger UI toolkit written in Python.
* [Capstone](http://www.capstone-engine.org/) - Lightweight multi-platform, multi-architecture disassembly framework.
* [rVMI](https://github.com/fireeye/rVMI) - Debugger on steroids; inspect userspace processes, kernel drivers, and preboot environments in a single tool.
* [Frida](https://www.frida.re/) - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
adding reverse engineering and mobile security references 2017-12-25 23:57:11 -05:00			`# Reverse Engineer References`

			`## Hex Editors`

			`* [010 Editor](http://www.sweetscape.com/010editor/)`
			`* [Hex Workshop](http://www.hexworkshop.com/)`
			`* [HexFiend](http://ridiculousfish.com/hexfiend/)`
			`* [Hiew](http://www.hiew.ru/)`
			`* [HxD](https://mh-nexus.de/en/hxd/)`

			`## Disassemblers`

Update README.md 2019-05-30 15:18:23 -04:00			`* [Ghidra](https://ghidra-sre.org/)`
adding reverse engineering and mobile security references 2017-12-25 23:57:11 -05:00			`* [Binary Ninja](https://binary.ninja/)`
			`* [Capstone](http://www.capstone-engine.org/)`
			`* [fREedom](https://github.com/cseagle/fREedom)`
			`* [Hopper](http://hopperapp.com/)`
			`* [IDA Pro](https://www.hex-rays.com/products/ida/index.shtml)`
			`* [JEB](https://www.pnfsoftware.com/jeb2/)`
			`* [objdump](http://linux.die.net/man/1/objdump)`
			`* [Radare](http://www.radare.org/r/)`

adding Dynamic Analysis tools 2018-03-29 22:05:04 -04:00			`## Dynamic Analysis`

			`* [Autoruns](https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns)`
			`* [Process Monitor](https://docs.microsoft.com/en-us/sysinternals/downloads/procmon)`
			`* [Process Explorer](https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer)`
			`* [Process Hacker](https://processhacker.sourceforge.io/)`
			`* [Noriben - Portable, Simple, Malware Analysis Sandbox](https://github.com/Rurik/Noriben)`
			`* [API Monitor](http://www.rohitab.com/apimonitor)`
			`* [INetSim: Internet Services Simulation Suite](http://www.inetsim.org/)`
			`* [FakeNet](https://practicalmalwareanalysis.com/fakenet/)`
			`* [Volatility Framework](https://github.com/volatilityfoundation/volatility)`
			`* [Stardust](https://my.comae.io/login)`
			`* [LiME: Linux Memory Extractor](https://github.com/504ensicsLabs/LiME)`

adding cuckoo sandbox 2018-03-29 22:06:24 -04:00			`## Sandbox and Stuff`
			`* [Cuckoo](https://cuckoosandbox.org/)`

adding Deobfuscation toolz 2018-03-29 22:11:34 -04:00			`## Deobfuscation`

			`* [Balbuzard](https://bitbucket.org/decalage/balbuzard/wiki/Home)`
			`* [de4dot](https://github.com/0xd4d/de4dot)`
			`* [ex_pe_xor](ex_pe_xor)`
			`* [iheartxor](http://hooked-on-mnemonics.blogspot.com/p/iheartxor.html)`
			`* [FLOSS](https://github.com/fireeye/flare-floss)`
			`* [NoMoreXOR](https://github.com/hiddenillusion/NoMoreXOR)`
			`* [PackerAttacker](https://github.com/BromiumLabs/PackerAttacker)`
			`* [unpacker](https://github.com/malwaremusings/unpacker/)`
			`* [unxor](https://github.com/tomchop/unxor/)`
			`* [VirtualDeobfuscator](https://github.com/jnraber/VirtualDeobfuscator)`
			`* [XORBruteForcer](http://eternal-todo.com/var/scripts/xorbruteforcer)`
			`* [XORSearch & XORStrings](https://blog.didierstevens.com/programs/xorsearch/)`
			`* [xortool](https://github.com/hellman/xortool)`

adding Dynamic Analysis tools 2018-03-29 22:05:04 -04:00
adding reverse engineering and mobile security references 2017-12-25 23:57:11 -05:00			`## Awesome Reversing`
			`* https://github.com/fdivrp/awesome-reversing - a plethora of references of tools, practice sites, and other reverse engineering information`

			`## Reverse Engineering Tutorials`

Update README.md 2020-06-06 16:24:15 -04:00			`* [Assembly Programming Tutorial](https://www.tutorialspoint.com/assembly_programming/index.htm)`
adding reverse engineering and mobile security references 2017-12-25 23:57:11 -05:00			`* [ARM Assembly Basics](https://azeria-labs.com/writing-arm-assembly-part-1/)`
			`* [Binary Auditing Course](http://www.binary-auditing.com/)`
			`* [Corelan Training](https://www.corelan-training.com/)`
			`* [Dr. Fu's Malware Analysis](http://fumalwareanalysis.blogspot.sg/p/malware-analysis-tutorials-reverse.html)`
			`* [Legend of Random](https://tuts4you.com/download.php?list.97)`
			`* [Lenas Reversing for Newbies](https://tuts4you.com/download.php?list.17)`
			`* [Modern Binary Exploitation](http://security.cs.rpi.edu/courses/binexp-spring2015/)`
			`* [Offensive and Defensive Android Reversing](https://github.com/rednaga/training/raw/master/DEFCON23/O%26D%20-%20Android%20Reverse%20Engineering.pdf)`
			`* [Offensive Security](https://www.offensive-security.com/information-security-training/)`
			`* [Open Security Training](http://opensecuritytraining.info/Training.html)`
			`* [REcon Training](https://recon.cx/2015/training.html)`
			`* [Reverse Engineering Malware 101](https://securedorg.github.io/RE101/)`
			`* [RPISEC Malware Course](https://github.com/RPISEC/Malware)`
			`* [TiGa's Video Tutorials](http://www.woodmann.com/TiGa/)`
adding exploit development references 2017-12-26 00:11:34 -05:00			`* [Malware Traffic Analysis](http://www.malware-traffic-analysis.net)`

			`## Other Tools`
			`### Reverse Engineering Tools`

			`* [Interactive Disassembler (IDA Pro)](https://www.hex-rays.com/products/ida/) - Proprietary multi-processor disassembler and debugger for Windows, GNU/Linux, or macOS; also has a free version, [IDA Free](https://www.hex-rays.com/products/ida/support/download_freeware.shtml).`
			`* [WDK/WinDbg](https://msdn.microsoft.com/en-us/windows/hardware/hh852365.aspx) - Windows Driver Kit and WinDbg.`
			`* [OllyDbg](http://www.ollydbg.de/) - x86 debugger for Windows binaries that emphasizes binary code analysis.`
			`* [Radare2](http://rada.re/r/index.html) - Open source, crossplatform reverse engineering framework.`
			`* [x64dbg](http://x64dbg.com/) - Open source x64/x32 debugger for windows.`
			`* [Immunity Debugger](http://debugger.immunityinc.com/) - Powerful way to write exploits and analyze malware.`
			`* [Evan's Debugger](http://www.codef00.com/projects#debugger) - OllyDbg-like debugger for GNU/Linux.`
			`* [Medusa](https://github.com/wisk/medusa) - Open source, cross-platform interactive disassembler.`
			`* [plasma](https://github.com/joelpx/plasma) - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.`
			`* [peda](https://github.com/longld/peda) - Python Exploit Development Assistance for GDB.`
			`* [dnSpy](https://github.com/0xd4d/dnSpy) - Tool to reverse engineer .NET assemblies.`
			`* [binwalk](https://github.com/devttys0/binwalk) - Fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.`
			`* [PyREBox](https://github.com/Cisco-Talos/pyrebox) - Python scriptable Reverse Engineering sandbox by Cisco-Talos.`
			`* [Voltron](https://github.com/snare/voltron) - Extensible debugger UI toolkit written in Python.`
			`* [Capstone](http://www.capstone-engine.org/) - Lightweight multi-platform, multi-architecture disassembly framework.`
			`* [rVMI](https://github.com/fireeye/rVMI) - Debugger on steroids; inspect userspace processes, kernel drivers, and preboot environments in a single tool.`
			`* [Frida](https://www.frida.re/) - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.`