![]() ![]() I haven't used Ghidra enough but the decompile view is quite helpful for analysis *when it makes sense* and that won't necessarily always be the case with tricky techniques used in malware so you can't depend on it. IDA supports Python scripting and Ghidra supports Python/Java as well. ![]() You don't have a debugger with Ghidra so you'd have to pair it with Olly/Immunity/WinDBG to do some dynamic/static analysis. Finally, there is also Binary Ninja, Hopper for iOS and another platform, ADB or something, for Android devices. Books: Shellcoders Handbook, Reversing Art of Reverse Engineering, Art of Memory Forensics, Practical Malware Analysis (def for the advanced crowd.) My advice is to make sure you are confident with coding, operating systems, and runtime analysis of malware before diving into code as it is more tedious than normal reverse engineering tasks when you deal with packing and encryption. IDA PRO IDA is a Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger that offers so. I used IDA Pro for malware analysis / malware reverse engineering. Hopper disassembler vs ghidra vs ida pro mac os x# I preferred IDA Pro, but had more experience with it so that's a potential reason why. IDA Pro is educationally licensed as well, you just have to click the annoying "register your software" pop up every so often to assert that you aren't using it for commercial purposes. I recommend a virtual machine running Windows XP, as more malware that you'll be able to get samples from will execute fully in an XP environment than a Win 7 environment. Get your VM(s) all set up with the network access spoofed and all your tools set to filter out normal traffic. Set a snap-shot so you can very easily reset and not have to worry about re-filtering, or opening any programs in between runs. I also suggest you install tiny c compiler and write a few miniscule programs in C and then debug/reverse engineer those, so you can see the patterns that a basic Hello World makes, and an iterative loop, and even an infinite loop, and other common programming tools, like if/then/else, etc. Hopper disassembler vs ghidra vs ida pro install# THEN move on to malware, so you'll be able to ignore the normal stuff and get to the good stuff. Sysinternals suite - strings.exe and such for static analysis, seeing if it's packed. ![]() RegEdit pulled up and pre-filtered for constantly running noise, for seeing what registry keys are pulled and modified during the malware run. Will you be working through Practical Malware Analysis? It's like the Bible for starting this kind of thing. Hopper disassembler vs ghidra vs ida pro install#.Hopper disassembler vs ghidra vs ida pro mac os x#.Hopper disassembler vs ghidra vs ida pro how to#. ![]()
0 Comments
Leave a Reply. |