Update sub-section on Malware Analysis article

This commit is contained in:
pe3zx 2019-04-13 23:29:47 +07:00 committed by GitHub
parent eaf94d89d1
commit c7569daa4d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -445,13 +445,6 @@ _return-to-libc techniques_
- [Tips for Reverse-Engineering Malicious Code](https://zeltser.com/reverse-engineering-malicious-code-tips/) - [Tips for Reverse-Engineering Malicious Code](https://zeltser.com/reverse-engineering-malicious-code-tips/)
- [Understanding Process Hollowing](https://andreafortuna.org/understanding-process-hollowing-b94ce77c3276) - [Understanding Process Hollowing](https://andreafortuna.org/understanding-process-hollowing-b94ce77c3276)
- [Use of DNS Tunneling for C&C Communications](https://securelist.com/use-of-dns-tunneling-for-cc-communications/78203/) - [Use of DNS Tunneling for C&C Communications](https://securelist.com/use-of-dns-tunneling-for-cc-communications/78203/)
#### Malware Analysis: Android
- [Android SMS Stealer](https://maxkersten.nl/binary-analysis-course/malware-analysis/android-sms-stealer/)
#### Malware Analysis: Variant: ATM & POS
- [Attacks on point-of-sales systems](https://www.symantec.com/content/dam/symantec/docs/white-papers/attacks-on-point-of-sale-systems-en.pdf) - [Attacks on point-of-sales systems](https://www.symantec.com/content/dam/symantec/docs/white-papers/attacks-on-point-of-sale-systems-en.pdf)
- [Another Brick in the FrameworkPoS](https://www.trustwave.com/Resources/SpiderLabs-Blog/Another-Brick-in-the-FrameworkPoS/) - [Another Brick in the FrameworkPoS](https://www.trustwave.com/Resources/SpiderLabs-Blog/Another-Brick-in-the-FrameworkPoS/)
- [Backoff: New Point of Sale Malware](https://www.us-cert.gov/sites/default/files/publications/BackoffPointOfSaleMalware_0.pdf) - [Backoff: New Point of Sale Malware](https://www.us-cert.gov/sites/default/files/publications/BackoffPointOfSaleMalware_0.pdf)
@ -462,68 +455,6 @@ _return-to-libc techniques_
- [PoS RAM Scraper Malware - Past, Present, and Future](https://www.wired.com/wp-content/uploads/2014/09/wp-pos-ram-scraper-malware.pdf) - [PoS RAM Scraper Malware - Past, Present, and Future](https://www.wired.com/wp-content/uploads/2014/09/wp-pos-ram-scraper-malware.pdf)
- [RawPOS Technical Brief](http://sjc1-te-ftp.trendmicro.com/images/tex/pdf/RawPOS%20Technical%20Brief.pdf) - [RawPOS Technical Brief](http://sjc1-te-ftp.trendmicro.com/images/tex/pdf/RawPOS%20Technical%20Brief.pdf)
#### Malware Analysis: Variant: BadRabbit
- [BadRabbit Ransomware Burrows Into Russia, Ukraine](https://securingtomorrow.mcafee.com/mcafee-labs/badrabbit-ransomware-burrows-russia-ukraine/)
- [BadRabbit: a closer look at the new version of Petya/NotPetya](https://blog.malwarebytes.com/threat-analysis/2017/10/badrabbit-closer-look-new-version-petyanotpetya/)
- [Bad Rabbit: Not-Petya is back with improved ransomware](https://www.welivesecurity.com/2017/10/24/bad-rabbit-not-petya-back/)
- [Bad Rabbit A New Ransomware Outbreak Targeting Ukraine and Russia.](https://blog.checkpoint.com/2017/10/24/bad-rabbit-new-ransomware-outbreak-targeting-ukraine-russia/)
- [Bad Rabbit ransomware](https://securelist.com/bad-rabbit-ransomware/82851/)
- [Bad Rabbit Ransomware Spreads via Network, Hits Ukraine and Russia](http://blog.trendmicro.com/trendlabs-security-intelligence/bad-rabbit-ransomware-spreads-via-network-hits-ukraine-russia/)
- [NotPetya Returns as Bad Rabbit](http://www.intezer.com/notpetya-returns-bad-rabbit/)
- [Threat Spotlight: Follow the Bad Rabbit](http://blog.talosintelligence.com/2017/10/bad-rabbit.html)
#### Malware Analysis: Variant: Bankbot
- [A Look Into The New Strain of BankBot](https://blog.fortinet.com/2017/09/19/a-look-into-the-new-strain-of-bankbot)
#### Malware Analysis: Variant: CCleaner Backdoor
- [Protecting the Software Supply Chain: Deep Insights into the CCleaner Backdoor](https://www.crowdstrike.com/blog/protecting-software-supply-chain-deep-insights-ccleaner-backdoor/)
- [In-Depth Analysis of the CCleaner Backdoor Stage 2 Dropper and Its Payload](https://www.crowdstrike.com/blog/in-depth-analysis-of-the-ccleaner-backdoor-stage-2-dropper-and-its-payload/)
#### Malware Analysis: Variant: Emotet
- [d00rt/emotet_research](https://github.com/d00rt/emotet_research)
- [Emotet lives another day using Fake O2 invoice notifications](https://www.trustwave.com/Resources/SpiderLabs-Blog/Emotet-lives-another-day-using-Fake-O2-invoice-notifications/)
#### Malware Analysis: Variant: Hajime
- [Is Hajime botnet dead?](http://blog.netlab.360.com/hajime-status-report-en/)
#### Malware Analysis: Variant: Locky
- [Locky Part 1: Lukitus Spam Campaigns and Their Love for Game of Thrones](https://www.trustwave.com/Resources/SpiderLabs-Blog/Locky-Part-1--Lukitus-Spam-Campaigns-and-Their-Love-for-Game-of-Thrones/)
- [Locky Part 2: As the Seasons Change so is Locky](https://www.trustwave.com/Resources/SpiderLabs-Blog/Locky-Part-2--As-the-Seasons-Change-so-is-Locky/)
#### Malware Analysis: Variant: Kangaroo
- [Threat Analysis: Dont Forget About Kangaroo Ransomware](https://www.carbonblack.com/2017/10/02/threat-analysis-dont-forget-about-kangaroo-ransomware/)
#### Malware Analysis: Variant: MAN1
- [Threat Spotlight - MAN1 Malware: Temple of Doom](https://www.cylance.com/en_us/blog/threat-spotlight-man1-malware-group-resurfaces.html)
- [Threat Spotlight: MAN1 Malware - The Last Crusade?](https://www.cylance.com/en_us/blog/threat-spotlight-man1-malware-the-last-crusade.html)
#### Malware Analysis: Variant: (Created by) NSIS
- [Quick analysis of malware created with NSIS](https://isc.sans.edu/forums/diary/Quick+analysis+of+malware+created+with+NSIS/23703/)
#### Malware Analysis: Variant: Poison Ivy
- [Deep Analysis of New Poison Ivy Variant](http://blog.fortinet.com/2017/08/23/deep-analysis-of-new-poison-ivy-variant)
- [Deep Analysis of New Poison Ivy/PlugX Variant - Part II](https://blog.fortinet.com/2017/09/15/deep-analysis-of-new-poison-ivy-plugx-variant-part-ii)
#### Malware Analysis: Variant: Rig Ek
- [if you want to get #RigEK's enc key, please use this script](https://twitter.com/nao_sec/status/944038611590115328)
#### Malware Analysis: Variant: Trickbot
- [Reverse engineering malware: TrickBot (part 1 - packer)](https://qmemcpy.github.io/post/reverse-engineering-malware-trickbot-part-1-packer)
- [Reverse engineering malware: TrickBot (part 2 - loader)](https://qmemcpy.github.io/post/reverse-engineering-malware-trickbot-part-2-loader)
- [Reverse engineering malware: TrickBot (part 3 - core)](https://qmemcpy.io/post/reverse-engineering-malware-trickbot-part-3-core)
### Mobile Security ### Mobile Security
- [Four Ways to Bypass iOS SSL Verification and Certificate Pinning](https://blog.netspi.com/four-ways-to-bypass-ios-ssl-verification-and-certificate-pinning/) - [Four Ways to Bypass iOS SSL Verification and Certificate Pinning](https://blog.netspi.com/four-ways-to-bypass-ios-ssl-verification-and-certificate-pinning/)