Welcome to the comprehensive roadmap for mastering reverse engineering and malware analysis. This roadmap is designed to guide individuals from beginner to expert level in the field of reverse engineering and malware analysis.
- Reverse Engineering For Everyone!
- Malware Analysis Virtual Machine – by OALabs
- Creating a Simple Free Malware Analysis Environment – by MalwareTech
- Reversing with Lena151 – learn OllyDbg (old, but still very useful)
- REVERSING WITH IDA PRO FROM SCRATCH
- Introduction to Windbg and debugging windows
- MalwareBreakdown
- Malware Traffic Analysis
- VX Underground
- Malshare
- VirusShare
- Abuse.ch
- TheZoo
- VirusBay
- Beginner Malware Reversing Challenges (by Malware Tech)
- solve the Malwarebytes CrackMe: a step-by-step tutorial
- MalwareTech Windows Reversing Challenge #1 Write-Ups
- MalwareTech Windows Reversing Challenge #2 Write-Ups
- MalwareTech Windows Reversing Challenge #3 Write-Ups
- Crackmes.one – various crackmes to help you exercise reversing
- "Nightmare" – a reverse engineering course created around CTF tasks
- FlareOn Challenge writeups
- Video 1 and Video 2 for x86 assembly introduction
- Free course on assembly for other platforms
- Intel official manual on assembly language
- An In-Depth Look Into The Win32 Portable Executable File Format
- An In-Depth Look into the Win32 Portable Executable File Format
- Peering Inside the PE: A Tour of the Win32 Portable Executable File Format
- PE101 and PE102 by Ange Albertini
- Introduction to the Portable Executable (PE) File Format
- Win32 Portable Executable File Format
- Inside Windows PE
- Windows Internals 7th Edition
- Dynamic Linking and Windows PE
- Understanding Windows PE Files
- Binary Analysis Cookbooks
- Windows PE Parsing with Python
- Modern x64 Assembly
- Intro to x86 Assembly Language
- x86_64 Linux Assembly
- Intro x86 (32 bit)
- Practical x64 Assembly and C++ Tutorials
- Introductory Intel x86: Architecture, Assembly, Applications, & Alliteration
- LINUX SYSTEM CALL TABLE FOR X86 64
- Learning assembly for linux-x64
- x86-assembly-cheat
- x86 Assembly Guide
- Assembly’s Perspective
- A Crash Course in x86 Assembly for Reverse Engineers
- Understanding C by learning assembly
- x86 Assembly Crash Course → YouTube
- x86 and amd64 instruction reference
- Learn x86_64 Assembly
- x86-64 Assembly Programming with Ubuntu
- Assembly for beginners
- Assembly Language Succinctly
- Everything you want to know about x86 microcode, but might have been afraid to ask
- Beginner Write your first Assembly Language program – Hello World!! [explained]
- Quick Guide to Assembly in 161 - Berkeley
- godbolt.org - Code
↔️ Assembly - Introduction to ARM
- INTRODUCTION TO ARM ASSEMBLY BASICS
- Art of Assembly Language, The - Hyde, Randall
- Assembly Language Step-by-Step: Programming with Linux - Duntemann, Jeff
- C/C++, Python, and Assembly
- MalwareTech's article on programming for malware analysis
- Recommended learning resources:
- Windows System Programming book
After all this learning, you can now start with these essential books on Reverse Engineering & Exploitation:
- Reversing: Secrets of Reverse Engineering - Eilam, Eldad
- Practical Reverse Engineering: x86, x64, ARM, Windows Kernel - Dang, Bruce & Gazet, Alexandre & Bachaalany, Elias
- some ways...
- manual unpacking
- Workshop: VM-based Obfuscation Analysis
- Discussion on reverse engineering virtualization
- VMProtect 2 – Detailed Analysis of the Virtual Machine Architecture
- VMProtect 2 – Part Two, Complete Static Analysis
- SpeakEasy: a writeup solving a challenge from UIUCTF 2021
- Tickling VMProtect with LLVM
- Cracking programs with custom virtualization-based protectors
- A walk-through various techniques (by Endgame)
- Ready-made demos of various code injection techniques (source code)
- Review of various injection techniques (BlackHat 2019) Video - PDF
- Author's PE injection demos (source code)
- "Inline Hooking for programmers" (by MalwareTech) - Part 1 and Part 2
- Windows API Hooking (article in Red Teaming Experiments)
- Simple userland rootkit - a case study
Before we dive into kernel-mode malware and rootkit techniques, it's important to understand the fundamentals of driver development and kernel programming. Below are some great starting points that will guide you through these concepts and provide a solid foundation.
-
Driver Development Part 1: Introduction to Drivers
CodeProject: Introduction to Drivers -
Driver Development Part 2: Introduction to Implementing IOCTLs
CodeProject: Introduction to Implementing IOCTLs -
Driver Development Part 3: Introduction to Driver Contexts
CodeProject: Introduction to Driver Contexts -
Driver Development Part 5: Introduction to the Transport Device Interface
CodeProject: Introduction to Transport Device Interface -
Driver Development Part 6: Introduction to Display Drivers
CodeProject: Introduction to Display Drivers
-
Memory Management in Kernel Mode
The best starting point for these aspects is tutorials written by Four-F: -
Handling IRPs (I/O Request Packets)
A must-read for driver writers:
- Windows Kernel Programming (First Edition) (Available in the REbooks folder)
- Windows Kernel Programming, 2nd Edition (Available in the REbooks folder)
- Windows NT Device Driver Development (Available in the REbooks folder)
- Windows Internals, Part 1, 7th Edition - 2017
- Windows Internals, 7th Edition, Part 2 - 2021 (Available in the REbooks folder just extrat the zip)
-
OSR Online: The first and most important resource about Windows Driver Development
OSR Online -
Other Useful Blogs and Resources
- J00ru Blog - Reverse Engineering & Kernel Research
- Rootkit Analysis Tutorial PDF (available in the current repo under the REbooks folder)
Once you’ve gone through these foundational resources, you’ll have a better understanding of driver development, IRPs, memory management, and more. Now we can proceed to advanced topics like kernel-mode malware, rootkit analysis, and related techniques.
- Starting with Windows Kernel Exploitation - setting up the lab
- Brief introduction to driver analysis methods by Matt Hand
- Rootkit analysis tutorial
- Mytechnotalent's Reverse Engineering Repository
- Octopus Labs
- Open Security Training
- Practical Malware Analysis learning materials
- Malware Analysis course (University of Cincinnati)
- Red/purple teaming: a malware development course by 0xPat
- Building C2 implants in C++
- Hasherezade's malware training repository
- Practical Malware Analysis: A Hands-On Guide to Dissecting Malicious Software
- The Art of Computer Virus Research and Defense – Peter Szor
- "The "Ultimate"Anti-Debugging Reference" – by Peter Ferrie
- Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
- Hacker Disassembling Uncovered – by Kris Kaspersky
- The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System
- Rootkits and Bootkits – by Alex Matrosov, Eugene Rodionov, and Sergey Bratus
- Windows System Programming (4th edition) – by Johnson M. Hart
- Stay curious and eager to learn
- Practice, practice, practice
- Engage with the community
- Contribute and share your knowledge
- Stay up-to-date with the latest trends and techniques
- Develop strong programming skills in languages like C/C++, Python, and Assembly
- Embrace failure as a learning opportunity
- Maintain a safe and controlled environment for your analysis
- Respect intellectual property and adhere to ethical guidelines
- Contribute to the community through research, blog posts, or open source projects
- Stay active and engaged in the field by attending conferences and participating in CTFs
- Build a solid online presence by sharing your work and insights on platforms like GitHub and Twitter
- Network with industry professionals and join relevant communities and forums
- Continuously update your skills and knowledge through self-study and formal training programs
This comprehensive roadmap provides a step-by-step guide for mastering reverse engineering and malware analysis. By following the suggested resources and engaging in practical exercises, you can build a strong foundation, develop advanced skills, and position yourself for a successful career in this field. Remember to stay motivated, curious, and always eager to learn. Good luck on your reverse engineering and malware analysis journey!
- MalwareTech
- Hasherezade's Blog
- Malwarebytes Labs
- FireEye Threat Research Blog
- Talos Intelligence Blog
- Securelist by Kaspersky
- The Malware Analyst's Cookbook
- 0xec
- Malwarebytes Unpacked
- SANS Internet Storm Center
- MalwareMustDie
- ReversingLabs
- MalwareTips
- Reverse Engineering Stack Exchange
- KernelMode.info
- Wilders Security Forums
- Malware Analysis Forums on Reddit
- VirusTotal Community
- IDA Pro
- Ghidra
- x64dbg
- OllyDbg
- Immunity Debugger
- Wireshark
- Cuckoo Sandbox
- PEStudio
- Volatility
- Sysinternals Suite
- YARA
- Capstone
- Radare2
- Binary Ninja
I will be adding some random books to the REbooks folder soon. Stay tuned for more resources!
A big thank you to all the researchers, authors, and contributors who have shared their knowledge and resources in the field of reverse engineering and malware analysis. This roadmap wouldn't have been possible without their valuable contributions.
Contributions are welcome! If you have any suggestions, resources, or improvements to this roadmap, please feel free to open an issue or submit a pull request.
Are you ready to dive into the depths of cybersecurity, reverse engineering, and advanced threat analysis? Look no further than OrcaCyberWeapons, your gateway to the world of cutting-edge security research and exploration.
What We Offer:
- Advanced Cybersecurity Insights: Delve into the latest trends, techniques, and strategies employed by cyber adversaries, shedding light on the vast world of malware, exploits, APTs, and cybercrime across all platforms.
- Reverse Engineering Expertise: Uncover the inner workings of sophisticated malware, dissect exploit techniques, and explore the art of reverse engineering with our community of seasoned professionals and enthusiasts.
- Malware Development and Analysis: Gain valuable insights into the creation, analysis, and mitigation of malware, understanding its behavior, impact, and countermeasures.
- APT Techniques and Defense Strategies: Explore the realm of advanced persistent threats (APTs), dissect their tactics, and fortify your defenses against sophisticated cyber adversaries.
Whether you're a seasoned cybersecurity professional, an aspiring ethical hacker, or a curious enthusiast, OrcaCyberWeapons provides a platform for in-depth discussions, practical insights, and collaborative exploration of the ever-evolving cybersecurity landscape.
Join us on Telegram and embark on a journey of discovery, knowledge sharing, and continuous learning in the realm of cybersecurity and beyond.