最近在做的事情、写的博客

原创

1.花两个月时间，考个安全证书，按理说应该备考OSCP。但是目前只想搞点新鲜玩意，如CISSP，后面再考虑OSCP、OSED。 学习记录
2.加入了ChaMd5安全团队样本分析组，写了篇样本分析报告。 Kaiji恶意样本分析
3.恶意软件研究之Linux持久化检测
4.在 Windows 环境中寻找提权行为

转载

CobaltStrike 流量分析与入侵检测
红蓝对抗之Windows内网渗透

最近常用&喜欢的一些GitHub项目或者博客

Malware Analysis Series

逆向工程、样本分析优秀案例
Exploit Reversing – A blog about malware analysis, reverse engineering, programming and Windows internals.
可以检测多种注入方式的扫描器
Neo23x0/Loki: Loki - Simple IOC and YARA Scanner
hasherezade/hollows_hunter: Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).

应急响应优秀报告案例 The DFIR Report

Malware traffic analysis

Malware-Traffic-Analysis.net
awesome-suricata
GitHub - brimdata/brim: Desktop application to efficiently search and analyze super-structured data. Powered by Zed.
GitHub - activecm/rita: Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.
The Wireshark Wiki

Malware Analysis Tools

GitHub - Commando-VM by MANDIANT
GitHub - Security-Onion-Solutions/securityonion
GitHub - VirusTotal/yara: The pattern matching swiss knife
GitHub - SigmaHQ/sigma
GitHub - WerWolv/ImHex
Hex Rays – State-of-the-art binary code analysis solutions
Ghidra
Winitor-pestudio
Windows Sysinternals

Log Analysis

GitHub - countercept/chainsaw
GitHub - SwiftOnSecurity/sysmon-config
GitHub - sbousseaden/EVTX-ATTACK-SAMPLES: Windows Events Samples

IDS/IPS/HIDS

Snort - Network Intrusion Detection & Prevention System
Suricata | Open Source IDS / IPS / NSM engine
Zeek
Osquery
OSSEC - World's Most Widely Used Host Intrusion Detection System - HIDS

Malware-File Analysis Online

VirusTotal
Interactive Online Malware Analysis Sandbox - ANY.RUN
threatbook

其他待补充，不定期更新