DFIR — Herramientas de análisis de malware de Windows

Para probar tus creaciones 😈

Análisis Estático

CLI

• https://github.com/c3rb3ru5d3d53c/binlex
• https://github.com/winterrdog/fast_entropy_calc
• https://github.com/zed-0xff/pedump
• https://github.com/mandiant/capa
• https://github.com/mandiant/flare-floss
• https://github.com/upx/upx
• https://github.com/ReFirmLabs/binwalk
• https://github.com/merces/pev

GUI

• https://github.com/WerWolv/ImHex
• https://github.com/NationalSecurityAgency/ghidra
• https://github.com/hasherezade/pe-bear
• https://github.com/horsicq/Detect-It-Easy
• https://github.com/horsicq/XPEViewer
• https://github.com/horsicq/Nauz-File-Detector
• https://github.com/icsharpcode/AvaloniaILSpy
• https://malcat.fr/index.html
• http://www.angusj.com/resourcehacker/
• https://www.winitor.com/download
• https://mh-nexus.de/en/hxd/
• https://www.jetbrains.com/decompiler/

Libs

• https://github.com/erocarrera/pefile
• https://github.com/saferwall/pe

Análisis dinámico

• https://github.com/winsiderss/systeminformer
• https://github.com/Microsoft/AttackSurfaceAnalyzer
• https://www.wireshark.org/
• https://portswigger.net/burp/releases
• https://www.netlimiter.com/
• https://www.proxifier.com/
• https://hex-rays.com/ida-free/
• https://www.ollydbg.de/
• https://ntcore.com/?page_id=388
• https://www.dependencywalker.com/
• https://x64dbg.com/
• http://www.rohitab.com/apimonitor
• https://sourceforge.net/projects/regshot/
• https://github.com/rabbitstack/fibratus

Sysinternals

• https://learn.microsoft.com/en-us/sysinternals/downloads/procmon
• https://learn.microsoft.com/en-us/sysinternals/downloads/process-explorer
• https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon
• https://learn.microsoft.com/en-us/sysinternals/downloads/autoruns

Distros

• https://remnux.org/
• https://github.com/mandiant/flare-vm