learn-to-code#ABI
learn-to-code#Assembly
Reverse Engineering - Computerphile - YouTube
Quarkslab's blog - Reverse-Engineering
Binary Analysis/Malware Analysis/Reverse Engineering
Malpedia (Fraunhofer FKIE)
rshipp/awesome-malware-analysis: A curated list of awesome malware analysis tools and resources.
"Reverse Engineering for Beginners" free book source
Reverse Engineering 101 - Reverse Engineering - 0x00sec - The Home of the Hacker
Reverse engineering visual novels 101 – Hacker Noon
Reverse engineering visual novels 101, part 2 – Hacker Noon
Level Up Your Reverse Engineering Skills – Angular In Depth
Practical application of reverse-engineering guidelines and principles
Compiler Explorer check disassembled code for various languages
Binary Exploitation Deep Dive: Return to LIBC (with Matt) - YouTube pwninit, patchelf, gdb+gef, Ghidra
Google CTF - BEGINNER Reverse Engineering w/ ANGR - YouTube
Snip3 Crypter/RAT Loader - DcRat MALWARE ANALYSIS - YouTube
Intel® XED
intelxed/xed: x86 encoder decoder
io12/pwninit: pwninit - automate starting binary exploit challenges
angr
angr/angr: A powerful and user-friendly binary analysis platform!
CyberChef
gchq/CyberChef: The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis
Vaughan Hilts - Experimentation with Reverse Engineering - Trails in the Sky (FC / SC) Extracting Sprite Data w/ Unix Tools & Kaitai Struct
Introduction · Radare2 Book
Reverse Engineering A Modern IP Camera | Hackaday
Reverse Engineering Shimano Bike Electronics | Hackaday
KOVTER Malware Analysis - Fileless Persistence in Registry - YouTube
- loading another user's HKCU (
NTUSER.dat) - shellcode, speakeasy
Trail of Bits
lifting-bits/remill: Library for lifting machine code to LLVM bitcode
lifting-bits/anvill: anvill forges beautiful LLVM bitcode out of raw machine code uses Remill
lifting-bits/mcsema: Framework for lifting x86, amd64, aarch64, sparc32, and sparc64 program binaries to LLVM bitcode 🗃️archived, uses Remill
lifting-bits/vmill 🗃️archived, uses Remill
lifting-bits/rellic: Rellic produces goto-free C output from LLVM bitcode
Magnifier: An Experiment with Interactive Decompilation | Trail of Bits Blog
trailofbits/magnifier 🗃️archived, uses Rellic
IDA
EVERYONE in Cyber Security Should Understand Reversing (its EASY) - YouTube ❗!important, C calling convention
EVERYONE in Cyber Security Should Understand Reversing (its EASY) - YouTube ❗!important, C calling convention
Ghidra
Ghidra
NationalSecurityAgency/ghidra: Ghidra is a software reverse engineering (SRE) framework
lifting-bits/sleigh: Unofficial CMake build for Ghidra SLEIGH
Auditing system calls for command injection vulnerabilities using Ghidra's PCode - YouTube Python integration
How Ghidra changed my life - Chris Eagle - YouTube
Getting Started Reversing C++ Objects with Ghidra - YouTube
HackadayU: Reverse Engineering with Ghidra Class 1 - YouTube
Ghidra - Journey from Classified NSA Tool to Open Source - YouTube
Reversing WannaCry - YouTube
Hopper Disassembler
Shellcode
Shellcode - Wikiwand
What is shellcode and how is it used? | TechTarget
Emulation of Malicious Shellcode With Speakeasy | Mandiant
mandiant/speakeasy: Windows kernel and user mode emulation.
Cutter
ELF
Executable and Linkable Format - Wikiwand
Executable and Linkable Format - Wikiwand
Global Offset Table - Wikiwand
In-depth: ELF - The Extensible & Linkable Format - YouTube
No really, how does Linux run executables? - YouTube
elf: format of Executable and Linking Format (ELF) files | File Formats | Man Pages | ManKier
vdso: overview of the virtual ELF dynamic shared object | Miscellanea | Man Pages | ManKier
ld.so: dynamic linker/loader | System Administration | Man Pages | ManKier
ELF - A Common Lisp library for manipulating ELF files
eschulte/elf: Actively maintained at https://github.com/grammatech/elf
Understanding the ELF specimen | Packt Hub
readelf <binary>
objdump -d -Mintel <binary>PE format
Portable Executable - Wikiwand
trailofbits/pe-parse: Principled, lightweight C/C++ PE parser
pe-parse/pepy at master · trailofbits/pe-parse
C Sharp
I show you how to Crack a .NET Application (3 clicks) - DEV Community
dnSpy/dnSpy: .NET debugger and assembly editor
Kani Web decompiler
icsharpcode/ILSpy: .NET Decompiler with support for PDB generation, ReadyToRun, Metadata (&more) - cross-platform!
Debugging a .NET assembly without the source code with Visual Studio - Meziantou's blog
ildasm.exe disasmbler
Java
Java Decompiler
Java Decompiler
Parsing Java Bytecode with Python - YouTube 2:25:53
Android
skylot/jadx: Dex to Java decompiler
ChickenHook/Anubis-pandemidestek: Anubis malware variant for turkish market - full analysis - SHA256: 231d970ea3195b3ba3e11e390b6def78a1c8eb5f0a8b7dccc0b4ec4aee9292ec
Reverse Engineering of the Anubis Malware - ”pandemistek” – intended for the Turkish market – AndroidReverse
Reverse Engineering of the Anubis Malware — Part 1 | by Elliot Alderson | Medium
Infection and removal of Android Malware that uses Accessibility services - YouTube
Wasm
What’s in that .wasm? Introducing: wasm-decompile · V8
Dynamic Analysis
ANY.RUN - Interactive Online Malware Sandbox
Exploring the Latest Malware Samples - YouTube
- MITRE Attack labels
- Malware report
ReClass.NET
ReClassNET/ReClass.NET: More than a ReClass port to the .NET platform.
Reclass Tutorial - ReClass.NET - How To Reverse Structures - YouTube
gdb
nakst/gf: A GDB frontend for Linux.
cyrus-and/gdb-dashboard: Modular visual interface for GDB in Python
hugsy/gef: GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux
GEF - GDB Enhanced Features documentation
USB Protocol
USB Reverse Engineering: A Universal Guide | Hackaday
USB Reverse Engineering: Down the rabbit hole | /dev/alias – Hack. Dev. Transcend.
Reverse engineering a USB device with Rust | Harry Gill
mygnu/rcue: Corsair H150i PRO, usb userspace driver
27c3: USB and libusb (en) - YouTube
28c3: Reverse Engineering USB Devices - YouTube
Debugging Usually Slightly Broken (USB) Devices and Drivers - Krzysztof Opasiak, Samsung - YouTube