Here are links to the tools that I talked about. Thanks to everyone who came and thanks to Bluelock once again for hosting.
Reverse Engineering Malware Cheat Sheet
http://www.zeltser.com/reverse-malware/reverse-malware-cheat-sheet.html
Ollydbg
http://www.ollydbg.de/
Ollydump to find OEP and dump process from memory
http://www.openrce.org/downloads/details/108/OllyDump
Hide from IsDebuggerPresent in Ollydbg:
http://www.openrce.org/downloads/details/111/IsDebuggerPresent
upx
http://upx.sourceforge.net/
un_fsg
http://programmerstools.org/node/208
PEiD
http://www.peid.info/
PEiD plug-ins
http://www.peid.info/BobSoft/Plugins.html
Volatility
https://www.volatilesystems.com/default/volatility
Volatility plug-ins
http://www.forensicswiki.org/wiki/List_of_Volatility_Plugins
Mantech Memory Dump
http://sourceforge.net/project/showfiles.php?group_id=228865
HB Gary Fast Dump
http://www.hbgary.com/products-services/fastdump-pro/
Subscribe to:
Post Comments (Atom)
Thank you for presenting, I enjoyed the talk. A big thanks to our friends at bluelock for the hospitality.
ReplyDeleteThanks for the great presentation!!
ReplyDelete