{"slug": "rshipp--awesome-malware-analysis", "title": "Malware Analysis", "description": "Defund the Police.", "github_url": "https://github.com/rshipp/awesome-malware-analysis", "stars": "11K", "tag": "Security", "entry_count": 417, "subcategory_count": 6, "subcategories": [{"name": "General", "parent": "", "entries": [{"name": "Malware Collection", "url": "#malware-collection", "description": ""}, {"name": "Open Source Threat Intelligence", "url": "#open-source-threat-intelligence", "description": ""}, {"name": "Detection and Classification", "url": "#detection-and-classification", "description": ""}, {"name": "Online Scanners and Sandboxes", "url": "#online-scanners-and-sandboxes", "description": ""}, {"name": "Domain Analysis", "url": "#domain-analysis", "description": ""}, {"name": "Browser Malware", "url": "#browser-malware", "description": ""}, {"name": "Documents and Shellcode", "url": "#documents-and-shellcode", "description": ""}, {"name": "File Carving", "url": "#file-carving", "description": ""}, {"name": "Deobfuscation", "url": "#deobfuscation", "description": ""}, {"name": "Debugging and Reverse Engineering", "url": "#debugging-and-reverse-engineering", "description": ""}, {"name": "Network", "url": "#network", "description": ""}, {"name": "Memory Forensics", "url": "#memory-forensics", "description": ""}, {"name": "Windows Artifacts", "url": "#windows-artifacts", "description": ""}, {"name": "Storage and Workflow", "url": "#storage-and-workflow", "description": ""}, {"name": "Miscellaneous", "url": "#miscellaneous", "description": ""}, {"name": "Resources", "url": "#resources", "description": ""}, {"name": "Related Awesome Lists", "url": "#related-awesome-lists", "description": ""}, {"name": "Contributing", "url": "#contributing", "description": ""}, {"name": "Thanks", "url": "#thanks", "description": ""}]}, {"name": "Anonymizers", "parent": "Malware Collection", "entries": [{"name": "Anonymouse.org", "url": "http://anonymouse.org/", "description": "A free, web based anonymizer."}, {"name": "OpenVPN", "url": "https://openvpn.net/", "description": "VPN software and hosting solutions."}, {"name": "Privoxy", "url": "http://www.privoxy.org/", "description": "An open source proxy server with some"}, {"name": "Tor", "url": "https://www.torproject.org/", "description": "The Onion Router, for browsing the web"}]}, {"name": "Honeypots", "parent": "Malware Collection", "entries": [{"name": "Conpot", "url": "https://github.com/mushorg/conpot", "description": "ICS/SCADA honeypot.", "stars": "1.2k"}, {"name": "Cowrie", "url": "https://github.com/micheloosterhof/cowrie", "description": "SSH honeypot, based", "stars": "5k"}, {"name": "DemoHunter", "url": "https://github.com/RevengeComing/DemonHunter", "description": "Low interaction Distributed Honeypots.", "stars": "58"}, {"name": "Dionaea", "url": "https://github.com/DinoTools/dionaea", "description": "Honeypot designed to trap malware.", "stars": "688"}, {"name": "Glastopf", "url": "https://github.com/mushorg/glastopf", "description": "Web application honeypot.", "stars": "541"}, {"name": "Honeyd", "url": "http://www.honeyd.org/", "description": "Create a virtual honeynet."}, {"name": "HoneyDrive", "url": "https://bruteforce.gr/honeydrive/", "description": "Honeypot bundle Linux distro."}, {"name": "Honeytrap", "url": "https://github.com/honeytrap/honeytrap", "description": "Opensource system for running, monitoring and managing honeypots.", "stars": "1.2k"}, {"name": "MHN", "url": "https://github.com/pwnlandia/mhn", "description": "MHN is a centralized server for management and data collection of honeypots. MHN allows you to deploy sensors quickly and to collect data immediately, viewable from a neat web interface.", "stars": "2.4k"}, {"name": "Mnemosyne", "url": "https://github.com/johnnykv/mnemosyne", "description": "A normalizer for", "stars": "44"}, {"name": "Thug", "url": "https://github.com/buffer/thug", "description": "Low interaction honeyclient, for", "stars": "967"}]}, {"name": "Malware Corpora", "parent": "Malware Collection", "entries": [{"name": "Clean MX", "url": "http://support.clean-mx.com/clean-mx/viruses.php", "description": "Realtime"}, {"name": "Contagio", "url": "http://contagiodump.blogspot.com/", "description": "A collection of recent"}, {"name": "Exploit Database", "url": "https://www.exploit-db.com/", "description": "Exploit and shellcode"}, {"name": "Infosec - CERT-PA", "url": "https://infosec.cert-pa.it/analyze/submission.html", "description": "Malware samples collection and analysis."}, {"name": "InQuest Labs", "url": "https://labs.inquest.net", "description": "Evergrowing searchable corpus of malicious Microsoft documents."}, {"name": "Javascript Mallware Collection", "url": "https://github.com/HynekPetrak/javascript-malware-collection", "description": "Collection of almost 40.000 javascript malware samples", "stars": "653"}, {"name": "Malpedia", "url": "https://malpedia.caad.fkie.fraunhofer.de/", "description": "A resource providing"}, {"name": "Malshare", "url": "https://malshare.com", "description": "Large repository of malware actively"}, {"name": "Ragpicker", "url": "https://github.com/robbyFux/Ragpicker", "description": "Plugin based malware", "stars": "91"}, {"name": "theZoo", "url": "https://github.com/ytisf/theZoo", "description": "Live malware samples for", "stars": "11k"}, {"name": "Tracker h3x", "url": "http://tracker.h3x.eu/", "description": "Agregator for malware corpus tracker"}, {"name": "vduddu malware repo", "url": "https://github.com/vduddu/Malware", "description": "Collection of"}, {"name": "VirusBay", "url": "https://beta.virusbay.io/", "description": "Community-Based malware repository and social network."}, {"name": "ViruSign", "url": "http://www.virussign.com/", "description": "Malware database that detected by"}, {"name": "VirusShare", "url": "https://virusshare.com/", "description": "Malware repository, registration"}, {"name": "VX Vault", "url": "http://vxvault.net", "description": "Active collection of malware samples."}, {"name": "Zeltser's Sources", "url": "https://zeltser.com/malware-sample-sources/", "description": "A list"}, {"name": "Zeus Source Code", "url": "https://github.com/Visgean/Zeus", "description": "Source for the Zeus", "stars": "1.4k"}, {"name": "VX Underground", "url": "http://vx-underground.org/", "description": "Massive and growing collection of free malware samples."}]}, {"name": "Tools", "parent": "Open Source Threat Intelligence", "entries": [{"name": "AbuseHelper", "url": "https://github.com/abusesa/abusehelper", "description": "An open-source", "stars": "113"}, {"name": "AlienVault Open Threat Exchange", "url": "https://otx.alienvault.com/", "description": "Share and"}, {"name": "Combine", "url": "https://github.com/mlsecproject/combine", "description": "Tool to gather Threat", "stars": "650"}, {"name": "Fileintel", "url": "https://github.com/keithjjones/fileintel", "description": "Pull intelligence per file hash.", "stars": "115"}, {"name": "Hostintel", "url": "https://github.com/keithjjones/hostintel", "description": "Pull intelligence per host.", "stars": "258"}, {"name": "IntelMQ", "url": "https://www.enisa.europa.eu/topics/csirt-cert-services/community-projects/incident-handling-automation", "description": ""}, {"name": "IOC Editor", "url": "https://www.fireeye.com/services/freeware/ioc-editor.html", "description": ""}, {"name": "iocextract", "url": "https://github.com/InQuest/python-iocextract", "description": "Advanced Indicator", "stars": "495"}, {"name": "ioc\\_writer", "url": "https://github.com/mandiant/ioc_writer", "description": "Python library for", "stars": "199"}, {"name": "MalPipe", "url": "https://github.com/silascutler/MalPipe", "description": "Malware/IOC ingestion and", "stars": "102"}, {"name": "Massive Octo Spice", "url": "https://github.com/csirtgadgets/massive-octo-spice", "description": "", "stars": "228"}, {"name": "MISP", "url": "https://github.com/MISP/MISP", "description": "Malware Information Sharing", "stars": "5.1k"}, {"name": "Pulsedive", "url": "https://pulsedive.com", "description": "Free, community-driven threat intelligence platform collecting IOCs from open-source feeds."}, {"name": "PyIOCe", "url": "https://github.com/pidydx/PyIOCe", "description": "A Python OpenIOC editor.", "stars": "16"}, {"name": "RiskIQ", "url": "https://community.riskiq.com/", "description": "Research, connect, tag and"}, {"name": "threataggregator", "url": "https://github.com/jpsenior/threataggregator", "description": "", "stars": "78"}, {"name": "ThreatConnect", "url": "https://threatconnect.com/free/", "description": "TC Open allows you to see and"}, {"name": "ThreatCrowd", "url": "https://www.threatcrowd.org/", "description": "A search engine for threats,"}, {"name": "ThreatIngestor", "url": "https://github.com/InQuest/ThreatIngestor/", "description": "Build", "stars": "801"}, {"name": "ThreatTracker", "url": "https://github.com/michael-yip/ThreatTracker", "description": "A Python", "stars": "64"}, {"name": "TIQ-test", "url": "https://github.com/mlsecproject/tiq-test", "description": "Data visualization", "stars": "166"}]}, {"name": "Other Resources", "parent": "Open Source Threat Intelligence", "entries": [{"name": "Autoshun", "url": "https://www.autoshun.org/", "description": ""}, {"name": "Bambenek Consulting Feeds", "url": "http://osint.bambenekconsulting.com/feeds/", "description": ""}, {"name": "Fidelis Barncat", "url": "https://www.fidelissecurity.com/resources/fidelis-barncat", "description": ""}, {"name": "CI Army", "url": "http://cinsscore.com/", "description": ""}, {"name": "Critical Stack- Free Intel Market", "url": "https://intel.criticalstack.com", "description": "Free"}, {"name": "Cybercrime tracker", "url": "http://cybercrime-tracker.net/", "description": "Multiple botnet active tracker."}, {"name": "FireEye IOCs", "url": "https://github.com/fireeye/iocs", "description": "Indicators of Compromise", "stars": "461"}, {"name": "FireHOL IP Lists", "url": "https://iplists.firehol.org/", "description": "Analytics for 350+ IP lists"}, {"name": "HoneyDB", "url": "https://riskdiscovery.com/honeydb", "description": "Community driven honeypot sensor data collection and aggregation."}, {"name": "hpfeeds", "url": "https://github.com/rep/hpfeeds", "description": "Honeypot feed protocol.", "stars": "208"}, {"name": "Infosec - CERT-PA lists", "url": "https://infosec.cert-pa.it/analyze/statistics.html", "description": ""}, {"name": "InQuest REPdb", "url": "https://labs.inquest.net/repdb", "description": "Continuous aggregation of IOCs from a variety of open reputation sources."}, {"name": "InQuest IOCdb", "url": "https://labs.inquest.net/iocdb", "description": "Continuous aggregation of IOCs from a variety of blogs, Github repos, and Twitter."}, {"name": "Internet Storm Center (DShield)", "url": "https://isc.sans.edu/", "description": "Diary and"}, {"name": "malc0de", "url": "http://malc0de.com/database/", "description": "Searchable incident database."}, {"name": "Malware Domain List", "url": "http://www.malwaredomainlist.com/", "description": "Search and share"}, {"name": "MetaDefender Threat Intelligence Feed", "url": "https://www.opswat.com/developers/threat-intelligence-feed", "description": ""}, {"name": "OpenIOC", "url": "https://www.fireeye.com/services/freeware.html", "description": "Framework for sharing threat intelligence."}, {"name": "Proofpoint Threat Intelligence", "url": "https://www.proofpoint.com/us/products/et-intelligence", "description": ""}, {"name": "Ransomware overview", "url": "https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml", "description": ""}, {"name": "STIX - Structured Threat Information eXpression", "url": "http://stixproject.github.io", "description": ""}, {"name": "SystemLookup", "url": "https://www.systemlookup.com/", "description": "SystemLookup hosts a collection of lists that provide information on"}, {"name": "ThreatMiner", "url": "https://www.threatminer.org/", "description": "Data mining portal for threat"}, {"name": "threatRECON", "url": "https://threatrecon.co/", "description": "Search for indicators, up to 1000"}, {"name": "ThreatShare", "url": "https://threatshare.io/", "description": "C2 panel tracker"}, {"name": "Yara rules", "url": "https://github.com/Yara-Rules/rules", "description": "Yara rules repository.", "stars": "4k"}, {"name": "YETI", "url": "https://github.com/yeti-platform/yeti", "description": "Yeti is a platform meant to organize observables, indicators of compromise, TTPs, and knowledge on threats in a single, unified repository.", "stars": "1.7k"}, {"name": "ZeuS Tracker", "url": "https://zeustracker.abuse.ch/blocklist.php", "description": "ZeuS"}, {"name": "AnalyzePE", "url": "https://github.com/hiddenillusion/AnalyzePE", "description": "Wrapper for a", "stars": "201"}, {"name": "Assemblyline", "url": "https://cybercentrecanada.github.io/assemblyline4_docs/", "description": "A scalable file triage and malware analysis system integrating the cyber security community's best tools.."}, {"name": "BinaryAlert", "url": "https://github.com/airbnb/binaryalert", "description": "An open source, serverless", "stars": "1.4k"}, {"name": "capa", "url": "https://github.com/fireeye/capa", "description": "Detects capabilities in executable files.", "stars": "4k"}, {"name": "chkrootkit", "url": "http://www.chkrootkit.org/", "description": "Local Linux rootkit detection."}, {"name": "ClamAV", "url": "http://www.clamav.net/", "description": "Open source antivirus engine."}, {"name": "Detect It Easy(DiE)", "url": "https://github.com/horsicq/Detect-It-Easy", "description": "A program for", "stars": "6.9k"}, {"name": "Exeinfo PE", "url": "http://exeinfo.pe.hu/", "description": "Packer, compressor detector, unpack"}, {"name": "ExifTool", "url": "https://sno.phy.queensu.ca/~phil/exiftool/", "description": "Read, write and"}, {"name": "File Scanning Framework", "url": "https://github.com/EmersonElectricCo/fsf", "description": "", "stars": "283"}, {"name": "fn2yara", "url": "https://github.com/cmu-sei/pharos", "description": "FN2Yara is a tool to generate", "stars": "1.5k"}, {"name": "Generic File Parser", "url": "https://github.com/uppusaikiran/generic-parser", "description": "A Single Library Parser to extract meta information,static analysis and detect macros within the files.", "stars": "0"}, {"name": "hashdeep", "url": "https://github.com/jessek/hashdeep", "description": "Compute digest hashes with", "stars": "694"}, {"name": "HashCheck", "url": "https://github.com/gurnec/HashCheck", "description": "Windows shell extension", "stars": "1.7k"}, {"name": "Loki", "url": "https://github.com/Neo23x0/Loki", "description": "Host based scanner for IOCs.", "stars": "3.3k"}, {"name": "Malfunction", "url": "https://github.com/Dynetics/Malfunction", "description": "Catalog and", "stars": "191"}, {"name": "Manalyze", "url": "https://github.com/JusticeRage/Manalyze", "description": "Static analyzer for PE", "stars": "997"}, {"name": "MASTIFF", "url": "https://github.com/KoreLogicSecurity/mastiff", "description": "Static analysis", "stars": "173"}, {"name": "MultiScanner", "url": "https://github.com/mitre/multiscanner", "description": "Modular file", "stars": "615"}, {"name": "Nauz File Detector(NFD)", "url": "https://github.com/horsicq/Nauz-File-Detector", "description": "Linker/Compiler/Tool detector  for Windows, Linux and MacOS.", "stars": "497"}, {"name": "nsrllookup", "url": "https://github.com/rjhansen/nsrllookup", "description": "A tool for looking", "stars": "110"}, {"name": "packerid", "url": "https://github.com/sooshie/packerid", "description": "A cross-platform", "stars": "41"}, {"name": "PE-bear", "url": "https://hshrzd.wordpress.com/pe-bear/", "description": "Reversing tool for PE"}, {"name": "PEframe", "url": "https://github.com/guelfoweb/peframe", "description": "PEframe is an open source tool to perform static analysis on Portable Executable malware and malicious MS Office documents.", "stars": "599"}, {"name": "PEV", "url": "http://pev.sourceforge.net/", "description": "A multiplatform toolkit to work with PE"}, {"name": "PortEx", "url": "https://github.com/katjahahn/PortEx", "description": "Java library to analyse PE files with a special focus on malware analysis and PE malformation robustness.", "stars": "494"}, {"name": "Quark-Engine", "url": "https://github.com/quark-engine/quark-engine", "description": "An Obfuscation-Neglect Android Malware Scoring System", "stars": "1.3k"}, {"name": "Rootkit Hunter", "url": "http://rkhunter.sourceforge.net/", "description": "Detect Linux rootkits."}, {"name": "ssdeep", "url": "https://ssdeep-project.github.io/ssdeep/", "description": "Compute fuzzy hashes."}, {"name": "totalhash.py", "url": "https://gist.github.com/gleblanc1783/3c8e6b379fa9d646d401b96ab5c7877f", "description": ""}, {"name": "TrID", "url": "http://mark0.net/soft-trid-e.html", "description": "File identifier."}, {"name": "YARA", "url": "https://plusvic.github.io/yara/", "description": "Pattern matching tool for"}, {"name": "Yara rules generator", "url": "https://github.com/Neo23x0/yarGen", "description": "Generate", "stars": "1.5k"}, {"name": "Yara Finder", "url": "https://github.com/uppusaikiran/yara-finder", "description": "A simple tool to yara match the file against various yara rules to find the indicators of suspicion.", "stars": "0"}, {"name": "anlyz.io", "url": "https://sandbox.anlyz.io/", "description": "Online sandbox."}, {"name": "any.run", "url": "https://app.any.run/", "description": "Online interactive sandbox."}, {"name": "AndroTotal", "url": "https://andrototal.org/", "description": "Free online analysis of APKs"}, {"name": "BoomBox", "url": "https://github.com/nbeede/BoomBox", "description": "Automatic deployment of Cuckoo", "stars": "231"}, {"name": "Cryptam", "url": "http://www.cryptam.com/", "description": "Analyze suspicious office documents."}, {"name": "Cuckoo Sandbox", "url": "https://cuckoosandbox.org/", "description": "Open source, self hosted"}, {"name": "cuckoo-modified", "url": "https://github.com/brad-accuvant/cuckoo-modified", "description": "Modified", "stars": "268"}, {"name": "cuckoo-modified-api", "url": "https://github.com/keithjjones/cuckoo-modified-api", "description": "A", "stars": "19"}, {"name": "DeepViz", "url": "https://www.deepviz.com/", "description": "Multi-format file analyzer with"}, {"name": "detux", "url": "https://github.com/detuxsandbox/detux/", "description": "A sandbox developed to do", "stars": "257"}, {"name": "DRAKVUF", "url": "https://github.com/tklengyel/drakvuf", "description": "Dynamic malware analysis", "stars": "1k"}, {"name": "filescan.io", "url": "https://www.filescan.io/", "description": "Static malware analysis, VBA/Powershell/VBS/JS Emulation"}, {"name": "firmware.re", "url": "http://firmware.re/", "description": "Unpacks, scans and analyzes almost any"}, {"name": "HaboMalHunter", "url": "https://github.com/Tencent/HaboMalHunter", "description": "An Automated Malware", "stars": "725"}, {"name": "Hybrid Analysis", "url": "https://www.hybrid-analysis.com/", "description": "Online malware"}, {"name": "Intezer", "url": "https://analyze.intezer.com", "description": "Detect, analyze, and categorize malware by"}, {"name": "IRMA", "url": "http://irma.quarkslab.com/", "description": "An asynchronous and customizable"}, {"name": "Joe Sandbox", "url": "https://www.joesecurity.org", "description": "Deep malware analysis with Joe Sandbox."}, {"name": "Jotti", "url": "https://virusscan.jotti.org/en", "description": "Free online multi-AV scanner."}, {"name": "Limon", "url": "https://github.com/monnappa22/Limon", "description": "Sandbox for Analyzing Linux Malware.", "stars": "384"}, {"name": "Malheur", "url": "https://github.com/rieck/malheur", "description": "Automatic sandboxed analysis", "stars": "365"}, {"name": "malice.io", "url": "https://github.com/maliceio/malice", "description": "Massively scalable malware analysis framework.", "stars": "1.6k"}, {"name": "malsub", "url": "https://github.com/diogo-fernan/malsub", "description": "A Python RESTful API framework for", "stars": "363"}, {"name": "Malware config", "url": "https://malwareconfig.com/", "description": "Extract, decode and display online"}, {"name": "MalwareAnalyser.io", "url": "https://malwareanalyser.io/", "description": "Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning."}, {"name": "Malwr", "url": "https://malwr.com/", "description": "Free analysis with an online Cuckoo Sandbox"}, {"name": "MetaDefender Cloud", "url": "https://metadefender.opswat.com/", "description": "Scan a file, hash, IP, URL or"}, {"name": "NetworkTotal", "url": "https://www.networktotal.com/index.html", "description": "A service that analyzes"}, {"name": "Noriben", "url": "https://github.com/Rurik/Noriben", "description": "Uses Sysinternals Procmon to", "stars": "1.1k"}, {"name": "PacketTotal", "url": "https://packettotal.com/", "description": "PacketTotal is an online engine for analyzing .pcap files, and visualizing the network traffic within."}, {"name": "PDF Examiner", "url": "http://www.pdfexaminer.com/", "description": "Analyse suspicious PDF files."}, {"name": "ProcDot", "url": "http://www.procdot.com", "description": "A graphical malware analysis tool kit."}, {"name": "Recomposer", "url": "https://github.com/secretsquirrel/recomposer", "description": "A helper", "stars": "130"}, {"name": "sandboxapi", "url": "https://github.com/InQuest/python-sandboxapi", "description": "Python library for", "stars": "132"}, {"name": "SEE", "url": "https://github.com/F-Secure/see", "description": "Sandboxed Execution Environment (SEE)", "stars": "809"}, {"name": "SEKOIA Dropper Analysis", "url": "https://malware.sekoia.fr/", "description": "Online dropper analysis (Js, VBScript, Microsoft Office, PDF)."}, {"name": "VirusTotal", "url": "https://www.virustotal.com/", "description": "Free online analysis of malware"}, {"name": "Visualize\\_Logs", "url": "https://github.com/keithjjones/visualize_logs", "description": "Open source", "stars": "136"}, {"name": "Zeltser's List", "url": "https://zeltser.com/automated-malware-analysis/", "description": "Free"}, {"name": "AbuseIPDB", "url": "https://www.abuseipdb.com/", "description": "AbuseIPDB is a project dedicated"}, {"name": "badips.com", "url": "https://www.badips.com/", "description": "Community based IP blacklist service."}, {"name": "boomerang", "url": "https://github.com/EmersonElectricCo/boomerang", "description": "A tool designed", "stars": "34"}, {"name": "Cymon", "url": "https://cymon.io/", "description": "Threat intelligence tracker, with IP/domain/hash"}, {"name": "Desenmascara.me", "url": "http://desenmascara.me", "description": "One click tool to retrieve as"}, {"name": "Dig", "url": "https://networking.ringofsaturn.com/", "description": "Free online dig and other"}, {"name": "dnstwist", "url": "https://github.com/elceef/dnstwist", "description": "Domain name permutation", "stars": "4.7k"}, {"name": "IPinfo", "url": "https://github.com/hiddenillusion/IPinfo", "description": "Gather information", "stars": "95"}, {"name": "Machinae", "url": "https://github.com/hurricanelabs/machinae", "description": "OSINT tool for", "stars": "499"}, {"name": "mailchecker", "url": "https://github.com/FGRibreau/mailchecker", "description": "Cross-language", "stars": "1.6k"}, {"name": "MaltegoVT", "url": "https://github.com/michael-yip/MaltegoVT", "description": "Maltego transform", "stars": "77"}, {"name": "Multi rbl", "url": "http://multirbl.valli.org/", "description": "Multiple DNS blacklist and forward"}, {"name": "NormShield Services", "url": "https://services.normshield.com/", "description": "Free API Services"}, {"name": "PhishStats", "url": "https://phishstats.info/", "description": "Phishing Statistics with search for"}, {"name": "Spyse", "url": "https://spyse.com/", "description": "subdomains, whois, realted domains, DNS, hosts AS, SSL/TLS info,"}, {"name": "SecurityTrails", "url": "https://securitytrails.com/", "description": "Historical and current WHOIS,"}, {"name": "SpamCop", "url": "https://www.spamcop.net/bl.shtml", "description": "IP based spam block list."}, {"name": "SpamHaus", "url": "https://www.spamhaus.org/lookup/", "description": "Block list based on"}, {"name": "Sucuri SiteCheck", "url": "https://sitecheck.sucuri.net/", "description": "Free Website Malware"}, {"name": "Talos Intelligence", "url": "https://talosintelligence.com/", "description": "Search for IP, domain"}, {"name": "TekDefense Automater", "url": "http://www.tekdefense.com/automater/", "description": "OSINT tool"}, {"name": "URLhaus", "url": "https://urlhaus.abuse.ch/", "description": "A project from abuse.ch with the goal"}, {"name": "URLQuery", "url": "http://urlquery.net/", "description": "Free URL Scanner."}, {"name": "urlscan.io", "url": "https://urlscan.io/", "description": "Free URL Scanner & domain information."}, {"name": "Whois", "url": "https://whois.domaintools.com/", "description": "DomainTools free online whois"}, {"name": "Zeltser's List", "url": "https://zeltser.com/lookup-malicious-websites/", "description": "Free"}, {"name": "ZScalar Zulu", "url": "https://zulu.zscaler.com/#", "description": "Zulu URL Risk Analyzer."}, {"name": "Bytecode Viewer", "url": "https://github.com/Konloch/bytecode-viewer", "description": "Combines", "stars": "14k"}, {"name": "Firebug", "url": "https://getfirebug.com/", "description": "Firefox extension for web development."}, {"name": "Java Decompiler", "url": "http://jd.benow.ca/", "description": "Decompile and inspect Java apps."}, {"name": "Java IDX Parser", "url": "https://github.com/Rurik/Java_IDX_Parser/", "description": "Parses Java", "stars": "39"}, {"name": "JSDetox", "url": "http://www.relentless-coding.com/projects/jsdetox/", "description": "JavaScript"}, {"name": "jsunpack-n", "url": "https://github.com/urule99/jsunpack-n", "description": "A javascript", "stars": "158"}, {"name": "Krakatau", "url": "https://github.com/Storyyeller/Krakatau", "description": "Java decompiler,", "stars": "2k"}, {"name": "Malzilla", "url": "http://malzilla.sourceforge.net/", "description": "Analyze malicious web pages."}, {"name": "RABCDAsm", "url": "https://github.com/CyberShadow/RABCDAsm", "description": "A \"Robust", "stars": "427"}, {"name": "SWF Investigator", "url": "https://labs.adobe.com/technologies/swfinvestigator/", "description": ""}, {"name": "swftools", "url": "http://www.swftools.org/", "description": "Tools for working with Adobe Flash"}, {"name": "xxxswf", "url": "http://hooked-on-mnemonics.blogspot.com/2011/12/xxxswfpy.html", "description": "A"}, {"name": "AnalyzePDF", "url": "https://github.com/hiddenillusion/AnalyzePDF", "description": "A tool for", "stars": "171"}, {"name": "box-js", "url": "https://github.com/CapacitorSet/box-js", "description": "A tool for studying JavaScript", "stars": "606"}, {"name": "diStorm", "url": "http://www.ragestorm.net/distorm/", "description": "Disassembler for analyzing"}, {"name": "InQuest Deep File Inspection", "url": "https://labs.inquest.net/dfi", "description": "Upload common malware lures for Deep File Inspection and heuristical analysis."}, {"name": "JS Beautifier", "url": "http://jsbeautifier.org/", "description": "JavaScript unpacking and deobfuscation."}, {"name": "libemu", "url": "http://libemu.carnivore.it/", "description": "Library and tools for x86 shellcode"}, {"name": "malpdfobj", "url": "https://github.com/9b/malpdfobj", "description": "Deconstruct malicious PDFs", "stars": "51"}, {"name": "OfficeMalScanner", "url": "http://www.reconstructer.org/code.html", "description": "Scan for"}, {"name": "olevba", "url": "http://www.decalage.info/python/olevba", "description": "A script for parsing OLE"}, {"name": "Origami PDF", "url": "https://code.google.com/archive/p/origami-pdf", "description": "A tool for"}, {"name": "PDF Tools", "url": "https://blog.didierstevens.com/programs/pdf-tools/", "description": "pdfid,"}, {"name": "PDF X-Ray Lite", "url": "https://github.com/9b/pdfxray_lite", "description": "A PDF analysis tool,", "stars": "34"}, {"name": "peepdf", "url": "http://eternal-todo.com/tools/peepdf-pdf-analysis-tool", "description": "Python"}, {"name": "QuickSand", "url": "https://www.quicksand.io/", "description": "QuickSand is a compact C framework"}, {"name": "Spidermonkey", "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey", "description": ""}, {"name": "bulk\\_extractor", "url": "https://github.com/simsong/bulk_extractor", "description": "Fast file", "stars": "1k"}, {"name": "EVTXtract", "url": "https://github.com/williballenthin/EVTXtract", "description": "Carve Windows", "stars": "176"}, {"name": "Foremost", "url": "http://foremost.sourceforge.net/", "description": "File carving tool designed"}, {"name": "hachoir3", "url": "https://github.com/vstinner/hachoir3", "description": "Hachoir is a Python library", "stars": "593"}, {"name": "Scalpel", "url": "https://github.com/sleuthkit/scalpel", "description": "Another data carving", "stars": "612"}, {"name": "SFlock", "url": "https://github.com/jbremer/sflock", "description": "Nested archive", "stars": "81"}, {"name": "Balbuzard", "url": "https://bitbucket.org/decalage/balbuzard/wiki/Home", "description": "A malware"}, {"name": "de4dot", "url": "https://github.com/0xd4d/de4dot", "description": ".NET deobfuscator and", "stars": "6.8k"}, {"name": "ex\\_pe\\_xor", "url": "http://hooked-on-mnemonics.blogspot.com/2014/04/expexorpy.html", "description": ""}, {"name": "FLOSS", "url": "https://github.com/fireeye/flare-floss", "description": "The FireEye Labs Obfuscated", "stars": "3.1k"}, {"name": "NoMoreXOR", "url": "https://github.com/hiddenillusion/NoMoreXOR", "description": "Guess a 256 byte", "stars": "84"}, {"name": "PackerAttacker", "url": "https://github.com/BromiumLabs/PackerAttacker", "description": "A generic", "stars": "263"}, {"name": "PyInstaller Extractor", "url": "https://github.com/extremecoders-re/pyinstxtractor", "description": "", "stars": "2.6k"}, {"name": "uncompyle6", "url": "https://github.com/rocky/python-uncompyle6/", "description": "A cross-version", "stars": "3.6k"}, {"name": "un{i}packer", "url": "https://github.com/unipacker/unipacker", "description": "Automatic and", "stars": "623"}, {"name": "unpacker", "url": "https://github.com/malwaremusings/unpacker/", "description": "Automated malware", "stars": "117"}, {"name": "unxor", "url": "https://github.com/tomchop/unxor/", "description": "Guess XOR keys using", "stars": "138"}, {"name": "VirtualDeobfuscator", "url": "https://github.com/jnraber/VirtualDeobfuscator", "description": "", "stars": "128"}, {"name": "XORBruteForcer", "url": "http://eternal-todo.com/var/scripts/xorbruteforcer", "description": ""}, {"name": "XORSearch & XORStrings", "url": "https://blog.didierstevens.com/programs/xorsearch/", "description": ""}, {"name": "xortool", "url": "https://github.com/hellman/xortool", "description": "Guess XOR key length, as", "stars": "1.4k"}, {"name": "angr", "url": "https://github.com/angr/angr", "description": "Platform-agnostic binary analysis", "stars": "7.3k"}, {"name": "bamfdetect", "url": "https://github.com/bwall/bamfdetect", "description": "Identifies and extracts"}, {"name": "BAP", "url": "https://github.com/BinaryAnalysisPlatform/bap", "description": "Multiplatform and", "stars": "2k"}, {"name": "BARF", "url": "https://github.com/programa-stic/barf-project", "description": "Multiplatform, open", "stars": "1.4k"}, {"name": "binnavi", "url": "https://github.com/google/binnavi", "description": "Binary analysis IDE for", "stars": "2.9k"}, {"name": "Binary ninja", "url": "https://binary.ninja/", "description": "A reversing engineering platform"}, {"name": "Binwalk", "url": "https://github.com/devttys0/binwalk", "description": "Firmware analysis tool.", "stars": "10k"}, {"name": "BluePill", "url": "https://github.com/season-lab/bluepill", "description": "Framework for executing and debugging evasive malware and protected executables.", "stars": "118"}, {"name": "Capstone", "url": "https://github.com/aquynh/capstone", "description": "Disassembly framework for", "stars": "7.2k"}, {"name": "codebro", "url": "https://github.com/hugsy/codebro", "description": "Web based code browser using", "stars": "42"}, {"name": "Cutter", "url": "https://github.com/radareorg/cutter", "description": "GUI for Radare2."}, {"name": "DECAF (Dynamic Executable Code Analysis Framework)", "url": "https://github.com/sycurelab/DECAF", "description": "", "stars": "794"}, {"name": "dnSpy", "url": "https://github.com/0xd4d/dnSpy", "description": ".NET assembly editor, decompiler", "stars": "26k"}, {"name": "dotPeek", "url": "https://www.jetbrains.com/decompiler/", "description": "Free .NET Decompiler and"}, {"name": "Evan's Debugger (EDB)", "url": "http://codef00.com/projects#debugger", "description": "A"}, {"name": "Fibratus", "url": "https://github.com/rabbitstack/fibratus", "description": "Tool for exploration", "stars": "2.1k"}, {"name": "FPort", "url": "https://www.mcafee.com/us/downloads/free-tools/fport.aspx", "description": "Reports"}, {"name": "GDB", "url": "http://www.sourceware.org/gdb/", "description": "The GNU debugger."}, {"name": "GEF", "url": "https://github.com/hugsy/gef", "description": "GDB Enhanced Features, for exploiters", "stars": "6.7k"}, {"name": "Ghidra", "url": "https://github.com/NationalSecurityAgency/ghidra", "description": "A software reverse engineering (SRE) framework created and       maintained by the National Security Agency Research Directorate.", "stars": "49k"}, {"name": "hackers-grep", "url": "https://github.com/codypierce/hackers-grep", "description": "A utility to", "stars": "167"}, {"name": "Hopper", "url": "https://www.hopperapp.com/", "description": "The macOS and Linux Disassembler."}, {"name": "IDA Pro", "url": "https://www.hex-rays.com/products/ida/index.shtml", "description": "Windows"}, {"name": "IDR", "url": "https://github.com/crypto2011/IDR", "description": "Interactive Delphi Reconstructor", "stars": "916"}, {"name": "Immunity Debugger", "url": "http://debugger.immunityinc.com/", "description": "Debugger for"}, {"name": "ILSpy", "url": "http://ilspy.net/", "description": "ILSpy is the open-source .NET assembly browser and decompiler."}, {"name": "Kaitai Struct", "url": "http://kaitai.io/", "description": "DSL for file formats / network protocols /"}, {"name": "LIEF", "url": "https://lief.quarkslab.com/", "description": "LIEF provides a cross-platform library"}, {"name": "ltrace", "url": "http://ltrace.org/", "description": "Dynamic analysis for Linux executables."}, {"name": "mac-a-mal", "url": "https://github.com/phdphuc/mac-a-mal", "description": "An automated framework", "stars": "82"}, {"name": "objdump", "url": "https://en.wikipedia.org/wiki/Objdump", "description": "Part of GNU binutils,"}, {"name": "OllyDbg", "url": "http://www.ollydbg.de/", "description": "An assembly-level debugger for Windows"}, {"name": "OllyDumpEx", "url": "https://low-priority.appspot.com/ollydumpex/", "description": "Dump memory"}, {"name": "PANDA", "url": "https://github.com/moyix/panda", "description": "Platform for Architecture-Neutral", "stars": "102"}, {"name": "PEDA", "url": "https://github.com/longld/peda", "description": "Python Exploit Development", "stars": "5.8k"}, {"name": "pestudio", "url": "https://winitor.com/", "description": "Perform static analysis of Windows"}, {"name": "Pharos", "url": "https://github.com/cmu-sei/pharos", "description": "The Pharos binary analysis framework", "stars": "1.5k"}, {"name": "plasma", "url": "https://github.com/plasma-disassembler/plasma", "description": "Interactive", "stars": "3k"}, {"name": "PPEE (puppy)", "url": "https://www.mzrst.com/", "description": "A Professional PE file Explorer for"}, {"name": "Process Explorer", "url": "https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer", "description": ""}, {"name": "Process Hacker", "url": "http://processhacker.sourceforge.net/", "description": "Tool that monitors"}, {"name": "Process Monitor", "url": "https://docs.microsoft.com/en-us/sysinternals/downloads/procmon", "description": ""}, {"name": "PSTools", "url": "https://docs.microsoft.com/en-us/sysinternals/downloads/pstools", "description": "Windows"}, {"name": "Pyew", "url": "https://github.com/joxeankoret/pyew", "description": "Python tool for malware", "stars": "380"}, {"name": "PyREBox", "url": "https://github.com/Cisco-Talos/pyrebox", "description": "Python scriptable reverse", "stars": "1.6k"}, {"name": "Qiling Framework", "url": "https://www.qiling.io/", "description": "Cross platform emulation and sanboxing"}, {"name": "QKD", "url": "https://github.com/ispras/qemu/releases/", "description": "QEMU with embedded WinDbg", "stars": "50"}, {"name": "Radare2", "url": "http://www.radare.org/r/", "description": "Reverse engineering framework, with"}, {"name": "RegShot", "url": "https://sourceforge.net/projects/regshot/", "description": "Registry compare utility"}, {"name": "RetDec", "url": "https://retdec.com/", "description": "Retargetable machine-code decompiler with an"}, {"name": "ROPMEMU", "url": "https://github.com/Cisco-Talos/ROPMEMU", "description": "A framework to analyze, dissect", "stars": "281"}, {"name": "Scylla Imports Reconstructor", "url": "https://github.com/NtQuery/Scylla", "description": "Find and fix", "stars": "1k"}, {"name": "ScyllaHide", "url": "https://github.com/x64dbg/ScyllaHide", "description": "An Anti-Anti-Debug library", "stars": "3.3k"}, {"name": "SMRT", "url": "https://github.com/pidydx/SMRT", "description": "Sublime Malware Research Tool, a", "stars": "64"}, {"name": "strace", "url": "https://sourceforge.net/projects/strace/", "description": "Dynamic analysis for"}, {"name": "StringSifter", "url": "https://github.com/fireeye/stringsifter", "description": "A machine learning tool", "stars": "659"}, {"name": "Triton", "url": "https://triton.quarkslab.com/", "description": "A dynamic binary analysis (DBA) framework."}, {"name": "Udis86", "url": "https://github.com/vmt/udis86", "description": "Disassembler library and tool", "stars": "999"}, {"name": "Vivisect", "url": "https://github.com/vivisect/vivisect", "description": "Python tool for", "stars": "908"}, {"name": "WinDbg", "url": "https://developer.microsoft.com/en-us/windows/hardware/download-windbg", "description": "multipurpose debugger for the Microsoft Windows computer operating system, used to debug user mode applications, device drivers, and the kernel-mode memory dumps."}, {"name": "X64dbg", "url": "https://github.com/x64dbg/", "description": "An open-source x64/x32 debugger for windows."}, {"name": "Bro", "url": "https://www.bro.org", "description": "Protocol analyzer that operates at incredible"}, {"name": "BroYara", "url": "https://github.com/hempnall/broyara", "description": "Use Yara rules from Bro.", "stars": "31"}, {"name": "CapTipper", "url": "https://github.com/omriher/CapTipper", "description": "Malicious HTTP traffic", "stars": "707"}, {"name": "chopshop", "url": "https://github.com/MITRECND/chopshop", "description": "Protocol analysis and", "stars": "487"}, {"name": "CloudShark", "url": "https://www.cloudshark.org", "description": "Web-based tool for packet analysis"}, {"name": "FakeNet-NG", "url": "https://github.com/fireeye/flare-fakenet-ng", "description": "Next generation", "stars": "1.7k"}, {"name": "Fiddler", "url": "https://www.telerik.com/fiddler", "description": "Intercepting web proxy designed"}, {"name": "Hale", "url": "https://github.com/pjlantz/Hale", "description": "Botnet C\\&C monitor.", "stars": "184"}, {"name": "Haka", "url": "http://www.haka-security.org/", "description": "An open source security oriented"}, {"name": "HTTPReplay", "url": "https://github.com/jbremer/httpreplay", "description": "Library for parsing", "stars": "94"}, {"name": "INetSim", "url": "http://www.inetsim.org/", "description": "Network service emulation, useful when"}, {"name": "Laika BOSS", "url": "https://github.com/lmco/laikaboss", "description": "Laika BOSS is a file-centric", "stars": "723"}, {"name": "Malcolm", "url": "https://github.com/idaholab/Malcolm", "description": "Malcolm is a powerful, easily", "stars": "327"}, {"name": "Malcom", "url": "https://github.com/tomchop/malcom", "description": "Malware Communications", "stars": "1.1k"}, {"name": "Maltrail", "url": "https://github.com/stamparm/maltrail", "description": "A malicious traffic", "stars": "5.9k"}, {"name": "mitmproxy", "url": "https://mitmproxy.org/", "description": "Intercept network traffic on the fly."}, {"name": "Moloch", "url": "https://github.com/aol/moloch", "description": "IPv4 traffic capturing, indexing", "stars": "6.2k"}, {"name": "NetworkMiner", "url": "http://www.netresec.com/?page=NetworkMiner", "description": "Network"}, {"name": "ngrep", "url": "https://github.com/jpr5/ngrep", "description": "Search through network traffic", "stars": "864"}, {"name": "PcapViz", "url": "https://github.com/mateuszk87/PcapViz", "description": "Network topology and", "stars": "328"}, {"name": "Python ICAP Yara", "url": "https://github.com/RamadhanAmizudin/python-icap-yara", "description": "An", "stars": "56"}, {"name": "Squidmagic", "url": "https://github.com/ch3k1/squidmagic", "description": "squidmagic is a tool", "stars": "75"}, {"name": "Tcpdump", "url": "http://www.tcpdump.org/", "description": "Collect network traffic."}, {"name": "tcpick", "url": "http://tcpick.sourceforge.net/", "description": "Trach and reassemble TCP streams"}, {"name": "tcpxtract", "url": "http://tcpxtract.sourceforge.net/", "description": "Extract files from network"}, {"name": "Wireshark", "url": "https://www.wireshark.org/", "description": "The network traffic analysis"}, {"name": "BlackLight", "url": "https://www.blackbagtech.com/blacklight.html", "description": "Windows/MacOS"}, {"name": "DAMM", "url": "https://github.com/504ensicsLabs/DAMM", "description": "Differential Analysis of", "stars": "209"}, {"name": "evolve", "url": "https://github.com/JamesHabben/evolve", "description": "Web interface for the", "stars": "259"}, {"name": "FindAES", "url": "https://sourceforge.net/projects/findaes/", "description": "Find AES"}, {"name": "inVtero.net", "url": "https://github.com/ShaneK2/inVtero.net", "description": "High speed memory", "stars": "276"}, {"name": "Muninn", "url": "https://github.com/ytisf/muninn", "description": "A script to automate portions", "stars": "51"}, {"name": "Rekall", "url": "http://www.rekall-forensic.com/", "description": "Memory analysis framework,"}, {"name": "TotalRecall", "url": "https://github.com/sketchymoose/TotalRecall", "description": "Script based", "stars": "49"}, {"name": "VolDiff", "url": "https://github.com/aim4r/VolDiff", "description": "Run Volatility on memory", "stars": "192"}, {"name": "Volatility", "url": "https://github.com/volatilityfoundation/volatility", "description": "Advanced", "stars": "7k"}, {"name": "VolUtility", "url": "https://github.com/kevthehermit/VolUtility", "description": "Web Interface for", "stars": "375"}, {"name": "WDBGARK", "url": "https://github.com/swwwolf/wdbgark", "description": "", "stars": "610"}, {"name": "WinDbg", "url": "https://developer.microsoft.com/en-us/windows/hardware/windows-driver-kit", "description": ""}, {"name": "AChoir", "url": "https://github.com/OMENScan/AChoir", "description": "A live incident response", "stars": "177"}, {"name": "python-evt", "url": "https://github.com/williballenthin/python-evt", "description": "Python", "stars": "46"}, {"name": "python-registry", "url": "http://www.williballenthin.com/registry/", "description": "Python"}, {"name": "RegRipper", "url": "http://brettshavers.cc/index.php/brettsblog/tags/tag/regripper/", "description": ""}, {"name": "Aleph", "url": "https://github.com/merces/aleph", "description": "Open Source Malware Analysis", "stars": "154"}, {"name": "CRITs", "url": "https://crits.github.io/", "description": "Collaborative Research Into Threats, a"}, {"name": "FAME", "url": "https://certsocietegenerale.github.io/fame/", "description": "A malware analysis"}, {"name": "Malwarehouse", "url": "https://github.com/sroberts/malwarehouse", "description": "Store, tag, and", "stars": "131"}, {"name": "Polichombr", "url": "https://github.com/ANSSI-FR/polichombr", "description": "A malware analysis", "stars": "373"}, {"name": "stoQ", "url": "http://stoq.punchcyber.com", "description": "Distributed content analysis"}, {"name": "Viper", "url": "http://viper.li/", "description": "A binary management and analysis framework for"}, {"name": "al-khaser", "url": "https://github.com/LordNoteworthy/al-khaser", "description": "A PoC malware", "stars": "5.6k"}, {"name": "CryptoKnight", "url": "https://github.com/AbertayMachineLearningGroup/CryptoKnight", "description": "Automated cryptographic algorithm reverse engineering and classification framework.", "stars": "38"}, {"name": "DC3-MWCP", "url": "https://github.com/Defense-Cyber-Crime-Center/DC3-MWCP", "description": "", "stars": "290"}, {"name": "FLARE VM", "url": "https://github.com/fireeye/flare-vm", "description": "A fully customizable,", "stars": "6.1k"}, {"name": "MalSploitBase", "url": "https://github.com/misterch0c/malSploitBase", "description": "A database", "stars": "531"}, {"name": "Malware Museum", "url": "https://archive.org/details/malwaremuseum", "description": "Collection of"}, {"name": "Malware Organiser", "url": "https://github.com/uppusaikiran/malware-organiser", "description": "A simple tool to organise large malicious/benign files into a organised Structure.", "stars": "0"}, {"name": "Pafish", "url": "https://github.com/a0rtega/pafish", "description": "Paranoid Fish, a demonstration", "stars": "3.2k"}, {"name": "REMnux", "url": "https://remnux.org/", "description": "Linux distribution and docker images for"}, {"name": "Tsurugi Linux", "url": "https://tsurugi-linux.org/", "description": "Linux distribution designed to support your DFIR investigations, malware analysis and OSINT (Open Source INTelligence) activities."}, {"name": "Santoku Linux", "url": "https://santoku-linux.com/", "description": "Linux distribution for mobile"}, {"name": "Learning Malware Analysis", "url": "https://www.packtpub.com/networking-and-servers/learning-malware-analysis", "description": "Learning Malware Analysis: Explore the concepts, tools, and techniques to analuze and investigate Windows malware"}, {"name": "Malware Analyst's Cookbook and DVD", "url": "https://amzn.com/dp/0470613033", "description": ""}, {"name": "Mastering Malware Analysis", "url": "https://www.packtpub.com/networking-and-servers/mastering-malware-analysis", "description": "Mastering Malware Analysis: The complete malware analyst's guide to combating malicious software, APT, cybercime, and IoT attacks"}, {"name": "Mastering Reverse Engineering", "url": "https://www.packtpub.com/networking-and-servers/mastering-reverse-engineering", "description": "Mastering Reverse Engineering: Re-engineer your ethical hacking skills"}, {"name": "Practical Malware Analysis", "url": "https://amzn.com/dp/1593272901", "description": "The Hands-On"}, {"name": "Practical Reverse Engineering", "url": "https://www.amzn.com/dp/1118787315/", "description": ""}, {"name": "Real Digital Forensics", "url": "https://www.amzn.com/dp/0321240693", "description": "Computer"}, {"name": "Rootkits and Bootkits", "url": "https://www.amazon.com/dp/1593277164", "description": "Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats"}, {"name": "The Art of Memory Forensics", "url": "https://amzn.com/dp/1118825098", "description": "Detecting"}, {"name": "The IDA Pro Book", "url": "https://amzn.com/dp/1593272898", "description": "The Unofficial Guide"}, {"name": "The Rootkit Arsenal", "url": "https://amzn.com/dp/144962636X", "description": "The Rootkit Arsenal:"}, {"name": "APT Notes", "url": "https://github.com/aptnotes/data", "description": "A collection of papers", "stars": "1.6k"}, {"name": "Ember", "url": "https://github.com/endgameinc/ember", "description": "Endgame Malware BEnchmark for Research,", "stars": "905"}, {"name": "File Formats posters", "url": "https://github.com/corkami/pics", "description": "Nice visualization", "stars": "10k"}, {"name": "Honeynet Project", "url": "http://honeynet.org/", "description": "Honeypot tools, papers, and"}, {"name": "Kernel Mode", "url": "http://www.kernelmode.info/forum/", "description": "An active community"}, {"name": "Malicious Software", "url": "https://zeltser.com/malicious-software/", "description": "Malware"}, {"name": "Malware Analysis Search", "url": "https://cse.google.com/cse/home?cx=011750002002865445766%3Apc60zx1rliu", "description": ""}, {"name": "Malware Analysis Tutorials", "url": "http://fumalwareanalysis.blogspot.nl/p/malware-analysis-tutorials-reverse.html", "description": ""}, {"name": "Malware Analysis, Threat Intelligence and Reverse Engineering", "url": "https://www.slideshare.net/bartblaze/malware-analysis-threat-intelligence-and-reverse-engineering", "description": ""}, {"name": "Malware Persistence", "url": "https://github.com/Karneades/malware-persistence", "description": "Collection", "stars": "160"}, {"name": "Malware Samples and Traffic", "url": "http://malware-traffic-analysis.net/", "description": "This"}, {"name": "Malware Search+++", "url": "https://addons.mozilla.org/fr/firefox/addon/malware-search-plusplusplus/", "description": ""}, {"name": "Practical Malware Analysis Starter Kit", "url": "https://bluesoul.me/practical-malware-analysis-starter-kit/", "description": ""}, {"name": "RPISEC Malware Analysis", "url": "https://github.com/RPISEC/Malware", "description": "These are the", "stars": "3.7k"}, {"name": "WindowsIR: Malware", "url": "http://windowsir.blogspot.com/p/malware.html", "description": "Harlan"}, {"name": "Windows Registry specification", "url": "https://github.com/msuhanov/regf/blob/master/Windows%20registry%20file%20format%20specification.md", "description": "", "stars": "312"}, {"name": "/r/csirt\\_tools", "url": "https://www.reddit.com/r/csirt_tools/", "description": "Subreddit for CSIRT"}, {"name": "/r/Malware", "url": "https://www.reddit.com/r/Malware", "description": "The malware subreddit."}, {"name": "/r/ReverseEngineering", "url": "https://www.reddit.com/r/ReverseEngineering", "description": ""}, {"name": "Android Security", "url": "https://github.com/ashishb/android-security-awesome", "description": "", "stars": "7.9k"}, {"name": "AppSec", "url": "https://github.com/paragonie/awesome-appsec", "description": "", "stars": "6.2k"}, {"name": "CTFs", "url": "https://github.com/apsdehal/awesome-ctf", "description": "", "stars": "9.4k"}, {"name": "Executable Packing", "url": "https://github.com/dhondta/awesome-executable-packing", "description": "", "stars": "1.1k"}, {"name": "Forensics", "url": "https://github.com/Cugu/awesome-forensics", "description": "", "stars": "3.7k"}, {"name": "\"Hacking\"", "url": "https://github.com/carpedm20/awesome-hacking", "description": "", "stars": "12k"}, {"name": "Honeypots", "url": "https://github.com/paralax/awesome-honeypots", "description": "", "stars": "8.3k"}, {"name": "Industrial Control System Security", "url": "https://github.com/hslatman/awesome-industrial-control-system-security", "description": "", "stars": "1.6k"}, {"name": "Incident-Response", "url": "https://github.com/meirwah/awesome-incident-response", "description": "", "stars": "7.3k"}, {"name": "Infosec", "url": "https://github.com/onlurking/awesome-infosec", "description": "", "stars": "5.1k"}, {"name": "PCAP Tools", "url": "https://github.com/caesar0301/awesome-pcaptools", "description": "", "stars": "3k"}, {"name": "Pentesting", "url": "https://github.com/enaqx/awesome-pentest", "description": "", "stars": "21k"}, {"name": "Security", "url": "https://github.com/sbilly/awesome-security", "description": "", "stars": "12k"}, {"name": "Threat Intelligence", "url": "https://github.com/hslatman/awesome-threat-intelligence", "description": "", "stars": "7.6k"}, {"name": "YARA", "url": "https://github.com/InQuest/awesome-yara", "description": "", "stars": "3.4k"}]}], "name": ""}