Para los que os mováis por el mundo del análisis del malware, el blog sobre seguridad de Dr. Fu es una gran fuente de información sobre esta materia. En el mismo podemos encontrar una serie de entradas muy didácticas sobre el análisis del malware. Hasta ahora tiene publicados 16 tutoriales:
- VM Based Analysis Platform
- Ring3 Debugging
- int2d anti-debugging (Part I)
- Int2dh Anti-Debugging (Part II)
- Int2dh Anti-Debugging (Part III)
- Analyzing Self-Extraction and Decoding Functions
- Exploring Kernel Data Structure
- PE Header and Export Table
- Encoded Export Table
- Tricks for Confusing Static Analysis Tools
- Starling Technique and Hijacking Kernel System Calls using Hardware Breakpoints
- Debug the Debugger - Fix Module Information and UDD File
- Tracing DLL Entry Point
- Retrieve Self-Decoding Key
- Injecting Thread into a Running Process
- Malware Analysis Tutorial 16: Return Oriented Programming (Return to LIBC) Attack
- Infecting Driver Files (Part I: Randomly Select a System Module)
- Infecting Driver Files (Part II: Simple Infection)
- Anatomy of Infected Driver
- Kernel Debugging - Intercepting Driver Loading
- Hijack Disk Driver
- IRP Handler and Infected Disk Driver
- Tracing Kernel Data Using Data Breakpoints
- Tracing Malicious TDI Network Behaviors of Max++
- Deferred Procedure Call (DPC) and TCP Connection
- Rootkit Configuration
- Stealthy Loading of Malicious DLL
- Break Max++ Rootkit Hidden Drive Protection
- Stealthy Library Loading II (Using Self-Modifying APC)
- Self-Overwriting COM Loading for Remote Loading DLL
- Exposing Hidden Control Flow
- Exploration of Botnet Client
- Evaluation of Automated Malware Analysis System I (Anubis)
- Evaluation of Automated Malware Analysis Tools CWSandBox, PeID, and Other Unpacking Tools