# Reverse Engineer References ## Hex Editors * [010 Editor](http://www.sweetscape.com/010editor/) * [HexWalk](https://github.com/gcarmix/HexWalk) * [ImHex](https://github.com/WerWolv/ImHex) * [Hexed.it](https://hexed.it/) - Great online Hexeditor * [HxD](https://mh-nexus.de/en/hxd/) ## Disassemblers * [Ghidra](https://ghidra-sre.org/) * [Binary Ninja](https://binary.ninja/) * [Capstone](http://www.capstone-engine.org/) * [fREedom](https://github.com/cseagle/fREedom) * [Hopper](http://hopperapp.com/) * [IDA Pro](https://www.hex-rays.com/products/ida/index.shtml) * [JEB](https://www.pnfsoftware.com/jeb2/) * [objdump](http://linux.die.net/man/1/objdump) * [Radare](http://www.radare.org/r/) ## Dynamic Analysis * [Autoruns](https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns) * [Process Monitor](https://docs.microsoft.com/en-us/sysinternals/downloads/procmon) * [Process Explorer](https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer) * [Process Hacker](https://processhacker.sourceforge.io/) * [Noriben - Portable, Simple, Malware Analysis Sandbox](https://github.com/Rurik/Noriben) * [API Monitor](http://www.rohitab.com/apimonitor) * [INetSim: Internet Services Simulation Suite](http://www.inetsim.org/) * [FakeNet](https://practicalmalwareanalysis.com/fakenet/) * [Volatility Framework](https://github.com/volatilityfoundation/volatility) * [Stardust](https://my.comae.io/login) * [LiME: Linux Memory Extractor](https://github.com/504ensicsLabs/LiME) ## Sandbox and Stuff * [Cuckoo](https://cuckoosandbox.org/) ## Deobfuscation * [Balbuzard](https://bitbucket.org/decalage/balbuzard/wiki/Home) * [de4dot](https://github.com/0xd4d/de4dot) * [ex_pe_xor](ex_pe_xor) * [iheartxor](http://hooked-on-mnemonics.blogspot.com/p/iheartxor.html) * [FLOSS](https://github.com/fireeye/flare-floss) * [NoMoreXOR](https://github.com/hiddenillusion/NoMoreXOR) * [PackerAttacker](https://github.com/BromiumLabs/PackerAttacker) * [unpacker](https://github.com/malwaremusings/unpacker/) * [unxor](https://github.com/tomchop/unxor/) * [VirtualDeobfuscator](https://github.com/jnraber/VirtualDeobfuscator) * [XORBruteForcer](http://eternal-todo.com/var/scripts/xorbruteforcer) * [XORSearch & XORStrings](https://blog.didierstevens.com/programs/xorsearch/) * [xortool](https://github.com/hellman/xortool) ## Getting into Reversing * [A repo to help break into the world of RE](https://github.com/ZakiRucker/Reverse-Engineering) - a plethora of references of tools, practice sites, and other reverse engineering information ## Reverse Engineering Tutorials * [Assembly Programming Tutorial](https://www.tutorialspoint.com/assembly_programming/index.htm) * [ARM Assembly Basics](https://azeria-labs.com/writing-arm-assembly-part-1/) * [Binary Auditing Course](http://www.binary-auditing.com/) * [Corelan Training](https://www.corelan-training.com/) * [Dr. Fu's Malware Analysis](http://fumalwareanalysis.blogspot.sg/p/malware-analysis-tutorials-reverse.html) * [Legend of Random](https://legend.octopuslabs.io/sample-page.html) * [Lenas Reversing for Newbies](https://tuts4you.com/) * [Modern Binary Exploitation](http://security.cs.rpi.edu/courses/binexp-spring2015/) * [Offensive and Defensive Android Reversing](https://github.com/rednaga/training/raw/master/DEFCON23/O%26D%20-%20Android%20Reverse%20Engineering.pdf) * [Offensive Security](https://www.offensive-security.com/information-security-training/) * [Open Security Training](http://opensecuritytraining.info/Training.html) * [REcon Training](https://recon.cx/2015/training.html) * [Reverse Engineering Malware 101](https://securedorg.github.io/RE101/) * [RPISEC Malware Course](https://github.com/RPISEC/Malware) * [TiGa's Video Tutorials](http://www.woodmann.com/TiGa/) * [Malware Traffic Analysis](http://www.malware-traffic-analysis.net) ## Other Tools ### Reverse Engineering Tools * [Interactive Disassembler (IDA Pro)](https://www.hex-rays.com/products/ida/) - Proprietary multi-processor disassembler and debugger for Windows, GNU/Linux, or macOS; also has a free version, [IDA Free](https://www.hex-rays.com/products/ida/support/download_freeware.shtml). * [WDK/WinDbg](https://msdn.microsoft.com/en-us/windows/hardware/hh852365.aspx) - Windows Driver Kit and WinDbg. * [OllyDbg](http://www.ollydbg.de/) - x86 debugger for Windows binaries that emphasizes binary code analysis. * [Radare2](http://rada.re/r/index.html) - Open source, crossplatform reverse engineering framework. * [x64dbg](http://x64dbg.com/) - Open source x64/x32 debugger for windows. * [Immunity Debugger](http://debugger.immunityinc.com/) - Powerful way to write exploits and analyze malware. * [Evan's Debugger](http://www.codef00.com/projects#debugger) - OllyDbg-like debugger for GNU/Linux. * [Medusa](https://github.com/wisk/medusa) - Open source, cross-platform interactive disassembler. * [plasma](https://github.com/joelpx/plasma) - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code. * [peda](https://github.com/longld/peda) - Python Exploit Development Assistance for GDB. * [dnSpy](https://github.com/0xd4d/dnSpy) - Tool to reverse engineer .NET assemblies. * [binwalk](https://github.com/devttys0/binwalk) - Fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images. * [PyREBox](https://github.com/Cisco-Talos/pyrebox) - Python scriptable Reverse Engineering sandbox by Cisco-Talos. * [Voltron](https://github.com/snare/voltron) - Extensible debugger UI toolkit written in Python. * [Capstone](http://www.capstone-engine.org/) - Lightweight multi-platform, multi-architecture disassembly framework. * [rVMI](https://github.com/fireeye/rVMI) - Debugger on steroids; inspect userspace processes, kernel drivers, and preboot environments in a single tool. * [Frida](https://www.frida.re/) - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers. ## Reverse Engineering CTF-like Exercises - https://microcorruption.com/ - Given a debugger and a device, find an input that unlocks it. Solve the level with that input. - http://reversing.kr/challenge.php - This site tests your ability to Cracking & Reverse Code Engineering. - https://www.malwaretech.com/beginner-malware-reversing-challenges - The purpose of these challenges is to familiarize beginners with common malware techniques. - https://crackmes.one/ - This is a simple place where you can download crackmes to improve your reverse engineering skills. - https://challenges.re/ - Well, "challenges" is a loud word, these are rather just exercises for RE. - https://reverse.put.as/crackmes/ - A collection of crackmes for OS X. Send them to me if you have new ones to add! - https://join.eset.com/en/challenges - If you want to join the team that every day faces global cyber-threats, uncover a hidden puzzle in the crackme program and prove us your potential. - http://flare-on.com/ - FireEye's challenge RE. - https://ropemporium.com/ - Learn return-oriented programming through a series of challenges designed to teach ROP techniques in isolation, with minimal reverse-engineering and bug-hunting.