-
Notifications
You must be signed in to change notification settings - Fork 0
Curriculum
This selection of resources is intended to function as a kind of "curriculum" for self-education on malware analysis, reverse engineering, and digital forensics. It is designed for learners to proceed through semi-chronologically, but so that the learner can bounce around according to their interests and current focus. As such, the Sections are ordered from more of a "beginner" or introductory level, moving down towards more "advanced" levels. Each Section contains a Collection, which fall under Section headings. They may be thought of as a kind of non-hierarchical "course."
This collection introduces the learner to the basic concepts, history, and implementation of malware, on technical, sociopolitical, and philosophical levels.
Basic History
-
A Brief Timeline of Malware - Wikipedia's timeline illustrating the progression of malicious software, taking John von Neumann's Theory of Self-Reproducing Automata (1949) as a starting point and leading up to today.
-
A Timeline of Important Viruses and Worms - Virus.wikidot.com's timeline of influential malware.
-
Archive.org - The Malware Museum - The Malware Museum is a collection of malware programs, usually viruses, that were distributed in the 1980s and 1990s on home computers.
-
Mapcon's Timeline of Computer Viruses - Timeline of Computer Viruses by Sean Spencer
-
PCMag's A Brief Timeline of Malware - From a few infected computers to wreaking global network havoc, here's a look at malware through the years.
Basic Theory
- Theory of Self-Reproducing Automata by John von Neumann
This collection is intended to breach the topic of Assembly language, which is very important for malware analysis and reverse engineering. Obviously, learning an entire language like Assembly can be an entire educational endeavor on its own. My personal recommendation is to use this as a way to introduce yourself to the way the code looks, how it is structured, and its basic functions.
- FriedSpace.com's Assembly language tutorial - Comprehensive interactive tutorial to learn Assembly language. Assembly language is essentially the native language of your computer. Technically the processor of your machine understands machine code (consisting of ones and zeroes). But in order to write such a machine code program, you first write it in assembly language and then use an assembler to convert it to machine code.
This collection is intended to breach the topic of the C language, with a specific emphasis on C++. Obviously, learning an entire language like C++ can be an entire educational endeavor on its own. My personal recommendation is to use this as a way to introduce yourself to the way the code looks, how it is structured, and its basic functions.
-
Cprogramming.com - This tutorial series is designed for everyone: even if you've never programmed before or if you have extensive experience programming in other languages and want to expand into C++! It is for everyone who wants the feeling of accomplishment from a working program.
-
TutorialsPoint C++ - C++ is a middle-level programming language developed by Bjarne Stroustrup starting in 1979 at Bell Labs. C++ runs on a variety of platforms, such as Windows, Mac OS, and the various versions of UNIX. This tutorial adopts a simple and practical approach to describe the concepts of C++.
This collection introduces the learner to the basic ideas and practices involved in memory forensics.
-
- The Art of Memory Forensics: Chapters Test - Test yourself on what you learned from this book. Answer Sheet
-
Volatility - In 2007, the first version of The Volatility Framework was released publicly at Black Hat DC. The software was based on years of published academic research into advanced memory analysis and forensics. Up until that point, digital investigations had focused primarily on finding contraband within hard drive images. Volatility introduced people to the power of analyzing the runtime state of a system using the data found in volatile storage (RAM). It also provided a cross-platform, modular, and extensible platform to encourage further work into this exciting area of research.
- Introduction to Volatility by Candan Bölükbaş - Watch Candan Bölükbaş introduce, explain, and demonstrate Volatility.
This collection introduces the learner to the construction, maintenance, and secure setup of Virtual Machines, with a focused interest on how to construct safe lab environments for malware analysis.
- Architecting Virtual Machine Labs by Tony Robinson
TK-TODO
TK-TODO