Skip to content

Instantly share code, notes, and snippets.

@blackfist

blackfist/malware.md

Last active June 4, 2018 14:02
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 2 You must be signed in to fork a gist
  • Save blackfist/8177213 to your computer and use it in GitHub Desktop.
Save blackfist/8177213 to your computer and use it in GitHub Desktop.
Download ZIP
Recommended reading for malware analysis
Raw
malware.md
  1. http://computer-forensics.sans.org/blog/2010/11/12/get-started-with-malware-analysis
  2. http://zeltser.com/malware-analysis-toolkit/
  3. http://zeltser.com/vmware-malware-analysis/
  4. http://computer-forensics.sans.org/blog/2010/10/11/3-phases-malware-analysis-behavioral-code-memory-forensics/
  5. BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection https://www.usenix.org/legacy/event/sec08/tech/full_papers/gu/gu.pdf
  6. Mining the Network Behavior of Bots http://isg.rhul.ac.uk/sullivan/pubs/tr/2009-12.pdf
  7. Behavioral Clustering of HTTP-Based Malware and Signature Generation Using Malicious Network Traces https://www.usenix.org/legacy/event/nsdi10/tech/full_papers/perdisci.pdf
  8. From Throw-Away Traffic to Bots: Detecting the Rise of DGA-Based Malware https://www.usenix.org/system/files/conference/usenixsecurity12/sec12-final127.pdf
  9. Obfuscation of executable code to improve resistance to static disassembly http://www.cs.arizona.edu/~debray/Publications/disasm-resist.pdf
  10. Automatic generation of string signatures for malware detection http://www-personal.umich.edu/~huxin/papers/xin_Hancock_raid.pdf
  11. N-version disassembly: differential testing of x86 disassemblers http://roberto.greyhats.it/pubs/issta10-nversion.pdf
  12. A virtual machine introspection based architecture for intrusion detection http://suif.stanford.edu/papers/vmi-ndss03.pdf
  13. Taint-enhanced policy enforcement: a practical approach to defeat a wide range of attacks https://www.usenix.org/legacy/event/sec06/tech/full_papers/xu/xu.pdf
  14. Anomalous system call detection http://www.cs.ucsb.edu/~vigna/publications/2006_mutz_valeur_kruegel_vigna_TISSEC06.pdf
  15. Omniunpack: Fast, generic, and safe unpacking of malware http://www.acsa-admin.org/2007/papers/151.pdf
  16. Exploring multiple execution paths for malware analysis https://iseclab.org/papers/explore.pdf
  17. A survey on automated dynamic malware-analysis techniques and tools http://iseclab.org/papers/malware_survey.pdf
  18. Impeding malware analysis using conditional code obfuscation http://www.iseclab.org/people/andrew/download/NDSS08.pdf
  19. A fistful of red-pills: how to automatically generate procedures to detect cpu emulators https://www.usenix.org/legacy/event/woot09/tech/full_papers/paleari.pdf
  20. Accessminer: using system-centric models for malware protection http://www.iseclab.org/papers/ccs28a-lanzi.pdf
  21. Measuring Pay-per-Install: The Commoditization of Malware Distribution http://www.usenix.org/event/sec11/tech/full_papers/Caballero.pdf
  22. Manufacturing Compromise: The Emergence of Exploit-as-a-Service http://cseweb.ucsd.edu/~voelker/pubs/eaas-ccs12.pdf
  23. Driving in the Cloud: An Analysis of Drive-by Download Operations and Abuse Reporting http://software.imdea.org/~juanca/papers/cloud_dimva13.pdf
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment