My Awesome List

As a person who is always willing to learn new stuff, one thing that characterizes me is the obsession to save content for the future. The problem of saving content in different social networks is that you end up forgetting about it, and you do not put it in practice. The goal of this post, that will be continuing evolving, is to organise those resources in a useful list.

If you have something cool, and you do not find it here, do not hesitate to contact me via Twitter @pabdjf and I will include it.

Last edit: April 21, 2024

Blog posts

• CTI Resources: This one has more pointers inside it, be aware of falling in a rabbit hole ;)
• FAQs on Getting Started in Cyber Threat Intelligence
• A Cyber Threat Intelligence Self-Study Plan: Part 1
• A Cyber Threat Intelligence Self-Study Plan: Part 2
• Attacking Active Directory
• Malware Matryoshka
• MITRE ATT&CK™ Analysis
• Exploit Reversing: A blog about malware analysis, reverse engineering, programming and Windows internals. The link redirects to the home page but once you land there you will find a fantastic series of articles related to malware analysis.
• Fundamentals of reverse engineering
• Introduction to Malware Analysis and Reverse Engineering - University of Cincinnati
• Malware Dynamic Analysis - Open Security Training
• Introduction To Reverse Engineering Software - Open Security Training
• Reverse Engineering Malware - Open Security Training
• Cheat Sheet for Analyzing Malicious Software
• Analyzing Malicious Documents Cheat Sheet
• Reverse Engineering for Beginners
• A curated list of awesome reversing resources
• So You Want To Be A Malware Analyst
• Practical Malware Analysis Course
• How to start RE/malware analysis?
• Resources For Learning Malware Analysis
• New Obfuscation Techniques in Emotet Maldocs
• Emotet Technical Analysis - Part 1 Reveal the Evil Code
• How to train your Ghidra
• Introduction to Reverse Engineering with Ghidra: A Four Session Course
• What’re you telling me, Ghidra?: An introduction to Ghidra’s primary components
• Improving My Ghidra GUI + Ghidra Skills
• Code Analysis With Ghidra: An Introduction
• Ghidra script to handle stack strings
• Virtual Machines Detection Enhanced
• Setting up Cuckoo Sandbox Step-by-Step Guide
• Malicious Packer pkr_ce1a
• Recognizing patterns in memory
• Didier Stevens’ Blog
• List of blogs for you to include in your RSS feed

Tweets

• Ghidra Tips For Beginner/Intermediate analysts interested in RE
• De-obfuscation tip
• De-obfuscation tip 2
• How to set IDA Pro + WinDbg
• Seven IDAPro plugins our malware reverse engineers appreciate and use on a daily basis
• Want to learn about Active Directory security? Start with these blogs
• Tips for hunting infosec jobs
• CTI tips
• How to detect fileless Linux malware
• Malware Analysis: Anti-VM Detection Technique
• Dumping credentials
• Bugbounty tips for beginners
• Volatility Plugins MindMap

YouTube videos

• Radare2 Tutorial series of videos from BinaryAdventure
• Malware Analysis - Unpack and Decompile PyInstaller Malware
• Malware Analysis Bootcamp by HackerSploit
• Malware Analysis Playlist by Dr Josh Stroschein
• Ghidra Setup Tips
• Getting Started With Ghidra For Malware Analysis
• Ghidra playlist
• 0x6d696368 YouTube channel - Ghidra oriented
• Practical Malware Analysis Essentials for Incident Responders - RSA Conference
• Analyzing Windows Malware on Linux: Getting Started Tips and Examples
• Introduction to Malware Analysis - SANS Institute
• Evasion Tactics in Malware from the Inside Out
• Five Awesome Tools to perform Behavioural Analysis of Malware
• HITB2018AMS CommSec D1 - A Deep Dive Into Malicious Documents - Josh Stroschein
• Analyzing Malicious Office Documents Presented By Didier Stevens Workshop
• Shortcuts for Understanding Malicious Scripts
• Finding and Decoding Malicious Powershell Scripts - SANS DFIR Summit 2018
• MalwareAnalysisForHedgehogs
• Didier Stevens’ YouTube channel
• Introduction to Reverse Engineering
• Hack the Reader: Writing Effective Threat Reports
• Top 10 Writing Mistakes in Cybersecurity and How You Can Avoid Them
• Threat Intelligence and the Limits of Malware Analysis
• Guide To Pentesting by DemmSec
• SPANISH: Introduction to Hacking & Pentesting
• Pentesting for n00bs

Tools

• upx-recovery-tool
• GitHub Dork
• Malduck
• capa: The FLARE team’s open-source tool to identify capabilities in executable files
• Ghidrathon: The FLARE team’s open-source extension to add Python 3 scripting to Ghidra
• CERT Kaiju Binary Analysis Framework for GHIDRA
• Successful YARA Rules with the lowest AV detection rates
• Pafish: anti-analysis testing tool
• Rating Sheet for the Right Information: Threat Reports
• gdbghidra - a visual bridge between a GDB session and GHIDRA
• PolarProxy: a transparent SSL/TLS proxy created for incident responders and malware researchers
• oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents
• RE tools

Books

• The Art of Cyberwarfare
• Malware Data Science: Attack Detection and Attribution
• Mastering Malware Analysis
• The Cuckoo’s Egg
• Intelligence-Driven Incident Response
• Rise of the Machines
• Active Measures
• Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers
• The Hacker and the State
• To Catch a Spy
• Chinese Communist Espionage
• Russians Among Us
• Countdown to Zero Day