- Reversing: Secrets of Reverse Engineering: Beginning with a basic primer on reverse engineering-including computer internals, operating systems, and assembly language-and then discussing the various applications of reverse engineering, this book provides readers with practical, in-depth techniques for software reverse engineering.
- Reverse Engineering for Beginners: FREE book. Also known as RE4B. Written by Dennis Yurichev.
- Hacker Disassembling Uncovered: Going beyond the issues of analyzing and optimizing programs as well as creating the means of protecting information, this guide takes on the programming problem of how to go about disassembling a program with holes without its source code. FREE.
- Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation: LEARN THE SCIENCE AND CRAFT OF REVERSE ENGINEERING TO FIGHT HACKERS AND ROOTKITS.
- REVERSING WITH IDA PRO FROM SCRATCH: Author: Ricardo Narvaja. FREE.
- The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler.
- JustDecompile: Free .NET decompiler.
- de4dot: .NET deobfuscator and unpacker.
- dnSpy: dnSpy is a tool to reverse engineer .NET assemblies. It includes a decompiler, a debugger and an assembly editor (and more).
- Reflexil: The .NET Assembly Editor.
- Bytecode Viewer: A Java 8 Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)
- JPEXS: Opensource flash SWF decompiler and editor.
- x64dbg: An open-source x64/x32 debugger for windows.
- iaito: A Qt and C++ GUI for radare2 reverse engineering framework.
- Detect It Easy: DIE is a packer identifier.
- rePy2exe: A Reverse Engineering Tool for py2exe applications.
- RABCDAsm: Robust ABC (ActionScript Bytecode) [Dis-]Assembler
- IDR: a decompiler of executable files (EXE) and dynamic libraries (DLL), written in Delphi and executed in Windows32 environment.
- Dr. Memory: Memory Debugger for Windows, Linux, Mac, and Android. The Dr. Memory package includes an "strace for Windows" tool called drstrace.
- tracer by D.Yurichev: tracer (previously named as generic tracer) is command-line win32-debugger for performing simple debugging tasks.
- WinDowse: Advanced Windows Analyzer.Look into any window - it's as simple as 1-2 now!
- ProtectionID: Excellent for identification of the latest protections.
- AntiDBG: Various Windows anti-debugging techniques
- Anti-Debug Protection Techniques: Anti-Debug Protection Techniques: Implementation and Neutralization.
- keypatch: Keypatch consists of 3 tools inside. Patcher & Fill Range: these allow you to type in assembly to directly patch your binary. Search: this interactive tool let you search for assembly instructions in binary.
- ipyida: IPython console integration for IDA Pro.
- labeless: Labels/Comments synchronization between IDA PRO and dbg backend (OllyDbg1.10, OllyDbg 2.01, x64dbg) , Remote memory dumping tool (including x64-bit), Python scripting tool.
- IDAscope: IDAscope is an IDA Pro extension with the goal to ease the task of (malware) reverse engineering with a current focus on x86 Windows. It consists of multiple tabs, containing functionality to achieve different goals such as fast identification of semantically interesting locations in the analysis target, seamless access to MSDN documentation of Windows API, and finding of potential crypto/compression algorithms.
- IDA Sploiter: IDA Sploiter is a plugin for Hex-Ray's IDA Pro disassembler designed to enhance IDA's capabilities as an exploit development and vulnerability research tool.
- x64dbgida: Official x64dbg plugin for IDA Pro.
- Practical Malware Analysis: For those who want to stay ahead of the latest malware, Practical Malware Analysis will teach you the tools and techniques used by professional analysts.
- flare-floss: FireEye Labs Obfuscated String Solver - Automatically extract obfuscated strings from malware.
- OfficeMalScanner: OfficeMalScanner v0.5 is a Ms Office forensic tool to scan for malicious traces, like shellcode heuristics, PE-files or embedded OLE streams.
- ThreatExpert: Automated Threat Analysis.
- PeStudio: Malware Initial Assessment.
- CFF Explorer: A freeware suite of tools including a PE editor called CFF Explorer and a process viewer.
- oletools: python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.
- JSDetox: A Javascript malware analysis tool using static analysis / deobfuscation techniques and an execution engine featuring HTML DOM emulation.
Read more »
- theZoo: A repository of LIVE malwares for your own joy and pleasure.
- APTnotes: Various public documents, whitepapers and articles about APT campaigns.
- VirusShare.com: VirusShare.com is a repository of malware samples to provide security researchers, incident responders, forensic analysts, and the morbidly curious access to samples of live malicious code.
- Al-Khaser: Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
- vbindent: The easy way to format your VB code.