# Malware and Reverse Engineering Resources

### <mark style="color:red;">\*Disclaimer: These resources are for your educational pursuits in learning Malware Analysis and Reverse Engineering. It is highly discouraged to use these resources for anything other than educational pursuits and the author is not liable for what you do in your own time.... so be good.\*</mark>

### Malware Analysis Certifications

1. (GREM) Giac Reverse Engineering and Malware by SANS <https://www.giac.org/certifications/reverse-engineering-malware-grem/>
2. (PJMR) Practical Junior Malware Researcher by TCM Security <https://certifications.tcm-sec.com/pjmr/>

### Malware Analysis and Reverse Engineering Training

1. FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques <https://www.sans.org/cyber-security-courses/reverse-engineering-malware-malware-analysis-tools-techniques/>
2. FOR710: Reverse-Engineering Malware: Advanced Code Analysis <https://www.sans.org/cyber-security-courses/reverse-engineering-malware-advanced-code-analysis/>
3. Cracking Lessons (CSL/CSP/MDV1/MDV2) <https://www.crackinglessons.com>
4. Practical Malware Analysis and Triage <https://academy.tcm-sec.com/p/practical-malware-analysis-triage>
5. Ultimate Malware Analysis by Zero2Automated <https://lnkd.in/dN7v2zNj>
6. OALabs RE101/201/504 <https://www.patreon.com/oalabs> <https://github.com/OALabs/Lab-Notes> <https://github.com/OALabs/research> <https://research.openanalysis.net/>
7. Malware Analysis Fundamentals by Let's Defend <https://lnkd.in/dSDUeyP7>
8. CS6038/CS5138 Malware Analysis <https://class.malware.re/>
9. Malware Analysis CSCI 4976 by RPISEC <https://github.com/RPISEC/Malware>
10. Reverse Engineering 101/102 by Malware Unicorn <https://malwareunicorn.org/workshops/re101.html#0> <https://malwareunicorn.org/workshops/re102.html#0>&#x20;
11. Mandiant:
    1. [Essentials of Malware Analysis](https://www.mandiant.com/academy/courses/eoma)
    2. [Malware Analysis Fundamentals](https://www.mandiant.com/academy/courses/maf)
    3. [Malware Analysis Crash Course](https://www.mandiant.com/academy/courses/macc)
    4. [Malicious Documents Analysis](https://www.mandiant.com/academy/courses/mda)
    5. [Advanced Red Teaming Techniques: Malware Authoring and Repurposing](https://www.mandiant.com/academy/courses/adv-rt-mal-auth)
    6. [Malware Analysis Master Course](https://www.mandiant.com/academy/courses/mamc)
12. <https://vimeo.com/30076325>
13. <https://vimeo.com/30594548>
14. <https://youtu.be/Pg8bmV9vcKg>
15. <https://malwareunicorn.org/workshops/re101.html#0>
16. <https://malwareunicorn.org/workshops/re102.html#0>
17. <https://github.com/cspinstructor/github-crackmes>
18. <https://signal-labs.com/self-paced-trainings/> $$
19. <https://www.reverse-engineer.net/> $$$$
20. [https://www.maldevacademy.com/](https://www.maldevacademy.com)

### Books:

1. Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software <https://lnkd.in/dmyhKDBV> <https://www.amazon.com/Practical-Malware-Analysis-Hands-Dissecting/dp/1593272901>
2. Malware Analysis Detection Engineering \
   <https://www.amazon.com/Malware-Analysis-Detection-Engineering-Comprehensive/dp/1484261925>
3. Malware Analyst’s Cookbook \
   <https://www.amazon.com/Malware-Analysts-Cookbook-DVD-Techniques/dp/0470613033>
4. Reversing: Secrets of Reverse Engineering \
   <https://www.amazon.com/Reversing-Secrets-Engineering-Eldad-Eilam/dp/0764574817>
5. (Threat Intel Book) Operationalizing Threat Intelligence <https://www.amazon.com/Operationalizing-Threat-Intelligence-operationalizing-intelligence/dp/1801814686>

### Blogs:

1. <https://n1ght-w0lf.github.io/>
2. <https://farghlymal.github.io/>
3. <https://dr4k0nia.github.io/>
4. <https://t.co/b2pPNUs5tc>
5. <https://t.co/0MmaO0sits>
6. <https://t.co/FWLPHDgLAJ>
7. <https://forensicitguy.github.io/>
8. <https://squiblydoo.blog/blog/>
9. <https://blog.bushidotoken.net/>
10. <https://t.co/Foaierv2hu>
11. <https://t.co/f6I7ZPWGM7>
12. <https://protectedmo.de/brute.html>
13. <https://t.co/Z6AlMCeCzS>
14. <https://t.co/i4OjTGjLcL>
15. <https://russianpanda.com/2023/06/28/Meduza-Stealer-or-The-Return-of-The-Infamous-Aurora-Stealer/>
16. <https://exploitreversing.com/> - really good malware blogs
17. <http://fumalwareanalysis.blogspot.com/p/malware-analysis-tutorials-reverse.html?m=1>
18. <https://cyb3rkitties.github.io/posts/malware-analysis-reverse-engineering-beginner-study-plan/>
19. <https://squiblydoo.blog/2023/06/05/understanding-pe-bloat-with-malcat/>
20. <https://legend.octopuslabs.io/sample-page.html>
21. <https://gitlab.com/39iosdev/ccd-iqt/idf/C-Programming>
22. <https://vxug.fakedoma.in/>
23. <https://github.com/guyinatuxedo/nightmare>
24. <https://zeltser.com/malicious-software/> —Author of GREM (Great blog)

RE Microsoft Defender

<https://github.com/0xAlexei/WindowsDefenderTools>

[RECON-BRX-2018-Reverse-Engineering-Windows-Defender-s-JavaScript-Engine.pdf](https://s3-us-west-2.amazonaws.com/secure.notion-static.com/ee7f9ceb-2041-4ca2-be67-be1141fe19f5/RECON-BRX-2018-Reverse-Engineering-Windows-Defender-s-JavaScript-Engine.pdf)

[us-18-Bulazel-Windows-Offender-Reverse-Engineering-Windows-Defenders-Antivirus-Emulator.pdf](https://s3-us-west-2.amazonaws.com/secure.notion-static.com/76d2e6bc-3086-4f20-8d90-7f024a1fed34/us-18-Bulazel-Windows-Offender-Reverse-Engineering-Windows-Defenders-Antivirus-Emulator.pdf)

### Malware/RE Practice Ranges

1. RE malware source code and samples (VXUnderground)
   1. <https://github.com/vxunderground/MalwareSourceCode>
   2. <https://github.com/vxunderground/VX-API>
2. Malware Zoo with a large collection of malware in a single python database
3. <https://github.com/ytisf/theZoo>
4. <https://malwiki.org/index.php>
5. Flare-On CTF collections
6. <https://flare-on.com/>
7.
8. <https://cyberdefenders.org/>

### Tools

1. <https://malcat.fr/>
2. Flare-VM\
   <https://github.com/mandiant/flare-vm>
3. Binary Ninja
   1. <https://binary.ninja/>

### Security Research Groups Within Companies:

Tyto athene

Cisco Talos

Palo Alto Unit42

Mandiant

CrowdStrike

Carbon Black

Google project zero


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://www.cybersleuthchronicles.com/landing/resources/malware-and-reverse-engineering-resources.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.