Best products from r/Malware
We found 25 comments on r/Malware discussing the most recommended products. We ran sentiment analysis on each of these comments to determine how redditors feel about different products. We found 17 products and ranked them based on the amount of positive reactions they received. Here are the top 20.
1. Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software
- No Starch Press
Features:
2. Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
- Wiley Publishing
Features:
3. The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory
Wiley
5. Hacking: The Art of Exploitation, 2nd Edition
- Easy to read text
- It can be a gift option
- This product will be an excellent pick for you
Features:
7. Learning Malware Analysis: Explore the concepts, tools, and techniques to analyze and investigate Windows malware
9. Python for Informatics: Exploring Information
- Clear Contemporary Design Premium Quality floating Acrylic Shelves are an amazing addition to any décor.
- Create a beautiful wall space with these clear shelves to store and display collectibles, photos, art work, books or toys.
- Use them anywhere either at home, office, living room, kitchen, playroom, crafts Room, bathroom, bedrooms, kids’ rooms or nursery.
- Convenient and Easy to install: Comes protected by plastic film, Remove it and they are ready to hang with very clear Instructions and Screws.
- Package includes : 2 Shelves. Shelf Dimensions: 24" Length X 4.3" Depth X 3.1" Height
Features:
10. Assembly Language for Intel-Based Computers (5th Edition)
Used Book in Good Condition
11. SharkTap Gigabit Network Sniffer
The SharkTap is a special purpose ethernet switch that allows you to 'tap into' an ethernet connection. It is intended to be used with the free Wireshark network analyzer or equivalent.Conventional switches route packets only to the intended destination port, reducing traffic, but preventing a third...
12. Building Virtual Machine Labs: A Hands-On Guide
- Exceptional 8Cr13MoV tanto blade with titanium carbo-nitride coating and two-toned stonewashed and stain finish offers outstanding edge holding ability, strength, hardness and corrosion resistance
- Stainless steel handle provides deep finger contours, ergonomic, secure grip; includes frame lock and lockbar insert
- 4-position pocketclip for all users, tip-up or tip-down carry
- Ideal, essential EDC—slicing, survival tool, cutting boxes, self-defense, tactical use, food preparation or the perfect gift
- High quality, general all-purpose knife great for EDC or use when cooking, camping, fishing, hunting, working, utility or outdoor activities
Features:
13. Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon
Broadway Books
14. Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation
- John Wiley Sons
Features:
15. The IDA Pro Book, 2nd Edition: The Unofficial Guide to the World's Most Popular Disassembler
- Used Book in Good Condition
Features:
16. Assembly Language for x86 Processors (7th Edition)
- Our 110-round refill pack is compatible with various Nerf Rival guns, including the Apollo, Artemis, Hades, Kronos, and more.
- Compatible with the Nerf Gun Rival series, this alternative to the Nerf Rival ammo has a velocity of up to 100 fps and a range of up to 80 ft.
- Load up your foam blaster with our colorful Headshot ammo refills, available in red, orange, green, blue, sky blue, and hot pink - your choice!
- Equipped with a convenient carry bag and carabiner clip, this 7/8" foam ball pack can be taken to any backyard blaster adventure.
- If you’re looking to have a ball with family or friends, give these HeadShot ammo refill packs as gifts for rounds and rounds of fun!
Features:
17. StarTech.com 1:2 Standalone USB Duplicator and Eraser - Memory Stick Cloner - USB 2.0 Flash Drive Copier / Thumb Eraser (USBDUP12),Black
DUPLICATE OR ERASE TWO USB DRIVES: The standalone USB duplicator lets you duplicate or wipe two USB drives simultaneously, without having to connect to a host computer.NO NEED TO WAIT: The USB cloner supports both asynchronous and synchronous duplication. Asynchronous duplication lets you remove and...
Some thoughts:
I've had people recommend the following books:
Other resources:
If you are debugging you can manipulate the execution path. For example, the IsDebuggerPresent function call returns a nonzero value when the program is running in the context of a debugger. In intel x86 asm, return values are generally stored in EAX. Next there will be a comparison between EAX and zero. If they don't match, the malware will typically terminate.
When using a debugger you can set EAX to 0 before the comparison takes place. This way even though you are debugging, the malware will not know it is running in the context of a debugger.
There are also ways where you can patch the executable to change sections of code. This way you won't have to manually change the register values each time. Instead everytime IsDebuggerPresent is called, it will take the execution path you want everytime.
Sorry if this is confusing, I'm not sure the best way to explain this. This is more advanced analysis techniques / reverse engineering, so if you don't know assembly then it might be over your head.
There are some good resources out there to learn though. Practical Malware Analysis is the go-to book. I've heard good things about the Leena tutorials on tuts4you. There was also a blogger called The Legend of Random (might be down) who made some cracking tutorials. I personally think a good way to learn is to write a simple windows program (using a higher level language) and reverse the binary. This way you know what the source code is and see what it looks like in ASM. (Make sure to do these in VMs or another isolated environment).
+1 for mentioning malwareunicorns Reverse Engineering Malware 101 course. I'm pretty excited about starting that after I'm done with some Powershell stuff.
Books for: /u/Kreator333 and /u/curiousdoggo
C/C++:
Assembly/C:
Also OP while your learning the basics here do as many examples as you can. Don't just read it and assume you know everything. For C you can try coding a bunch of classical ciphers and for ASM, debug the assembly of simple programs in gdb. (check out godbolt) or try coding a echo client/server in Nasm.
https://handlers.sans.org/tliston/ThwartingVMDetection_Liston_Skoudis.pdf
This is it but you could also patch the instructions with nops instead of jumping with a little understanding of asm. Its good to learn.
This book is a gold mine:
Learning Malware Analysis: Explore the concepts, tools, and techniques to analyze and investigate Windows malware https://www.amazon.com/dp/B073D49Q6W/ref=cm_sw_r_cp_api_6fWVBb5VJV91Z
Hope it helps.
OP is a good guy and
shitposts incessantlyanswers a lot of questions on Twitter. I have every confidence the book is well worth the $35 price of admission. This is the direct link to the Amazon page as well, non-affiliate.I don't know any beginning X86 Assembly books but this is the closest thing I could find and strongly recommend you read this online or purchase it:
Assembly Language for Intel-Based Computers
Python:
Python for Informatics
Learning Python
I personally used these books in college
C/C++:
Please see SADISTICBLUE's comment above.
If you go wired instead of wireless you could use a network tap. You will see other traffic (ARP, etc.) but I don't think there's a way to solve this regardless of the solution, not from the hardware side. It is easy enough to filter out in Wireshark though.
https://www.amazon.com/midBit-Technologies-LLC-100-1000/dp/B0175EODCE/
Or much cheaper, but not bi-directional unless you reassemble the streams:
https://hakshop.com/products/throwing-star-lan-tap
Or some USB NICs and use computer.
Countdown to Zero Day by Kim Zetter is a good read (amazon)
Some resources which will indirectly help you for GREM
https://amzn.com/1593272901
https://amzn.com/1118787315
https://amzn.com/1593272898
I bought this one and like it a lot. It even comes with a disk with some neutered examples to analyze.
Practical Malware Analysis talks about how to set up a relatively secure analysis environment.
sure is. Go buy my book. https://www.amazon.com/Building-Virtual-Machine-Labs-Hands/dp/1546932631
This site contains a list of sites providing collections of malware samples : https://zeltser.com/malware-sample-sources/. If you haven't read any book about malware analysis yet I would recommend you to start with https://www.amazon.com/Practical-Malware-Analysis-Hands-Dissecting/dp/1593272901 since you could get yourself easily infected as a beginner
For challenges you might want to check out the book Practical Malware Analysis
As mentioned by /u/pepe_le_shoe you could always research real malware using a Honeypot to grab some. Or set up a bait email account.
You need more ram. 1GB is nowhere near enough for windows 7.
You also might want to read this and set up a lab. Or use vmware player and don't give the guest any network access. That said, I don't have a clue about malware analysis. ¯\_(ツ)_/¯
You don't really need to learn to write ASM. But if this is something you wan't to do then the book I used was Kip Irvines Assembly Language. https://www.amazon.com/Assembly-Language-x86-Processors-7th/dp/0133769402/ref=sr_1_1?ie=UTF8&qid=1518658846&sr=8-1&keywords=kip+irvine
The IDE I use is http://www.visualmasm.com/ and you have to install the MASM assembler http://www.masm32.com/
This is all assuming you're running a windows environment.
I use this box to format and secure erase USB (anything, not just flash drives, but memory cards via USB adapters) https://www.amazon.com/StarTech-com-Standalone-Duplicator-Eraser-Copier/dp/B00BOK3NQI
My thought is using this hardware thing is much less likely to get infected than doing it through any PC, works pretty fast, no problems yet.