新浪博客:http://weibo.com/745610408
惡意代碼分析相關工具
1.Windows系統和應用程序監視工具ProcessExplorer .
2.Windows 系統監視工具 ProcessMonitor
3.內存使用情況的統計工具 Vmmap
4.啓動項目管理器Autoruns
5.註冊表數據監視軟件RegMon
6.網絡抓包工具WireShark,SmartSniff
7.安全監控分析應用軟件Gmer
8.系統輔助工具 SysinternalsSuite
9.用戶訪問權限查看工具 AccessChk
10.調試工具OllyDbg, ImmunityDebugger
11.十六進制編碼處理工具Hxd,Winhex
12.文件夾和文件對比工具BeyondCompare
13.十六進制(二進制)文件對比工具HexCmp
14.提取字符串的工具Bintext
15.靜態調試工具 IDA
16.哈希值檢測小工具HashTab
掃描惡意代碼及分析工具
www.virustotal.com
http://virscan.org/
https://malwr.com/
http://www.threattracksecurity.com/
http://www.threatexpert.com/submit.aspx
http://virusscan.jotti.org/en
http://anubis.iseclab.org/
http://wepawet.iseclab.org/
http://eureka.cyber-ta.org/
https://analysis.f-secure.com/portal/login.html
http://www.xandora.net/upload/
Office文件相關惡意樣本分析資料
http://blog.zeltser.com/post/23229415724/malicious-code-inside-office-documents
http://zeltser.com/reverse-malware/analyzing-malicious-documents.html
http://msdn.microsoft.com/en-us/library/cc313118.aspx
http://digital-forensics.sans.org/blog/2012/05/29/extract-flash-from-malicious-office-documents
PDF文件分析網站
http://www.malwaretracker.com/pdf.php
http://sandsprite.com/blogs/index.php?uid=7&pid=57
http://blog.didierstevens.com/programs/pdf-tools/
http://blog.zeltser.com/post/5360563894/tools-for-malicious-pdf-analysis
AdobeFlash/SWF 文件分析
http://labs.adobe.com/technologies/swfinvestigator/
http://h30499.www3.hp.com/t5/Following-the-Wh1t3-Rabbit/SWFScan-FREE-Flash-decompiler/ba-p/5440167#.U0ZLNnCVNyY
http://h30499.www3.hp.com/t5/Following-the-Wh1t3-Rabbit/SWFScan-FREE-Flash-decompiler/ba-p/5440167
http://betanews.com/2012/01/18/decompile-flash-files-with-hp-swfscan/
Android逆向相關
http://code.google.com/p/droidbox/
https://github.com/wuntee/androidAuditTools
http://developer.android.com/sdk/index.html
http://www.webopedia.com/TERM/A/Android_SDK.html
http://code.google.com/p/smali/
http://varaneckas.com/jad/
https://www.hex-rays.com/products/ida/6.1/
http://mobilesandbox.org/
http://code.google.com/p/androguard/
DroidBox 動態分析應用的方案
fiddler 手機抓包工具
Drozer 安全測試框架
Tamer 實時監控的虛擬環境
jd-gui 分析jar文件工具
simplify 安卓代碼混淆和還原dex文件工具
APKfuscator dex文件混淆工具
安卓漏洞及分析報告提供博客
http://blog.commandlinekungfu.com/http://contagiodump.blogspot.com/
http://malwaremustdie.blogspot.jp/
http://www.hexacorn.com/blog/
http://www.malanalysis.com/blog/
漏洞挖掘相關工具
#General/Basic Exploitation
############################
http://www.pentest-standard.org/index.php/Main_Page
https://www.offensive-security.com/metasploit-unleashed/
http://null-byte.wonderhowto.com/how-to/metasploit-basics/
https://www.owasp.org/index.php/Main_Page
https://github.com/nixawk/pentest-wiki
https://github.com/beefproject/beef
https://portswigger.net/burp/
https://www.metasploit.com/
http://exploitpack.com/
https://github.com/commixproject/commix
https://github.com/reverse-shell/routersploit
#Distros
############################
https://www.kali.org/
https://www.blackarch.org/
https://www.parrotsec.org/
#Vulnscanner/Sniffer/Tools/Web Exploitation
############################
http://www.askapache.com/security/computer-security-toolbox-2/#common_security_programs
https://pastebin.com/kP04r4PM
http://www.irongeek.com/i.php?page=backtrack-r1-man-pages/netdiscover
http://www.tenable.com/products/nessus-vulnerability-scanner
https://www.rapid7.com/products/nexpose/
https://cirt.net/nikto2
https://nmap.org/
https://github.com/netsniff-ng/netsniff-ng
https://www.wireshark.org/
https://github.com/fwaeytens/dnsenum/
https://github.com/makefu/dnsmap/
http://www.tcpdump.org/
http://sqlmap.org/
https://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project
https://wpscan.org/
http://networksecuritytoolkit.org/nst/index.html
https://github.com/droope/droopescan
https://github.com/andresriancho/w3af
https://www.netsparker.com/
#Password Cracker
############################
http://www.openwall.com/john/
http://hashcat.net/hashcat/
#Online Tools
############################
http://crackstation.net
http://www.tcpiputils.com/
https://shodan.io
#Exploits (Exploit/Vulnerability Databases)
############################
https://exploit-db.com/
http://kernel-exploits.com
https://github.com/PenturaLabs/Linux_Exploit_Suggester
https://nvd.nist.gov/
https://www.us-cert.gov/
https://blog.osvdb.org/
http://www.securityfocus.com/
http://seclists.org/fulldisclosure/
https://technet.microsoft.com/en-us/security/bulletins
https://technet.microsoft.com/en-us/security/advisories
https://packetstormsecurity.com/
http://www.securiteam.com/
http://cxsecurity.com/
https://www.vulnerability-lab.com/
#Payloads/Reverse Shells
############################
https://www.veil-framework.com/framework/veil-evasion/
http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
https://highon.coffee/blog/reverse-shell-cheat-sheet/
#CTF
############################
https://www.vulnhub.com/
#Info/Blogs/Techniques/etc
############################
http://wiki.bash-hackers.org/scripting/style
https://www.corelan.be/index.php/articles/
https://www.veracode.com/security/xss
http://www.thegeekstuff.com/2012/02/xss-attack-examples/
https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
https://thehackernews.com/
http://securityidiots.com/Web-Pentest/SQL-Injection/Basic-Union-Based-SQL-Injection.html
https://www.idontplaydarts.com/2011/02/using-php-filter-for-local-file-inclusion/
https://hakin9.org/voip-hacking-techniques/
#Lists
############################
https://code.google.com/archive/p/hacktooldepot/downloads
http://tools.kali.org/tools-listing
http://sectools.org/
https://github.com/fffaraz/awesome-cpp
https://github.com/fffaraz/awesome-cpp
https://github.com/alebcay/awesome-shell
https://github.com/dreikanter/ruby-bookmarks
https://github.com/sorrycc/awesome-javascript
https://github.com/sindresorhus/awesome-nodejs
https://github.com/dloss/python-pentest-tools
https://github.com/ashishb/android-security-awesome
https://github.com/bayandin/awesome-awesomeness
https://github.com/paragonie/awesome-appsec
https://github.com/apsdehal/awesome-ctf
https://github.com/carpedm20/awesome-hacking
https://github.com/paralax/awesome-honeypots
https://github.com/clowwindy/Awesome-Networking
https://github.com/onlurking/awesome-infosec
https://github.com/rshipp/awesome-malware-analysis
https://github.com/caesar0301/awesome-pcaptools
https://github.com/sbilly/awesome-security
https://github.com/sindresorhus/awesome
https://github.com/danielmiessler/SecLists
https://github.com/PaulSec/awesome-sec-talks