Add Immunity Degugger, OllyDbg

[Bang1338]

Debugger

• Immunity Debugger is a powerful new way to write exploits, analyze malware, and reverse engineer binary files. It builds on a solid user interface with function graphing, the industry's first heap analysis tool built specifically for heap creation, and a large and well supported Python API for easy extensibility.
  https://www.immunityinc.com/products/debugger/

• OllyDbg is a 32-bit assembler level analysing debugger for Microsoft® Windows®. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable.
  https://www.ollydbg.de/

Network

- Wireshark is the world's foremost network protocol analyzer. It lets you see what's happening on your network at a microscopic level. It is the de facto (and often de jure) standard across many industries and educational institutions.

- nmap is a free and open source utility for network discovery and security auditing. https://nmap.org/

PE analyser

• PEiD: https://www.aldeid.com/wiki/PEiD PEiD is old, Exeinfo PE is the replacement.

Disassembler (missing)

- IDA Freeware: https://hex-rays.com/ida-free/

[merces]

Hi @Bang1338. Thanks for suggesting these tools. Here are the reasons why I don't think it is worth adding them though:

• When analyzing malware, you usually capture the VM traffic from the host machine using either Wireshark or any other software. So, no need to have Wireshark in the malware VM IMHO.
• nmap is not really useful for software reverse engineering, is it?
• PEiD is old and by now probably completely superseded by DIE/Exeinfo PE.
• Hex-Rays does not allow anyone else to redistribute IDA.

Thanks!

[ExeinfoASL]

PEiD is old try Exeinfo PE

:-)

[merces]

PEiD is old try Exeinfo PE

Indeed, Exeinfo PE is there. :)

[ExeinfoASL]

main : https://github.com/ExeinfoASL/ASL

[merces]

main : https://github.com/ExeinfoASL/ASL

I meant it is already part of the kit. The wiki entry links to http://www.exeinfo.xn.pl/

[Bang1338]

PEiD is old try Exeinfo PE

:-)

I agreed.

[Bang1338]

Hi @Bang1338. Thanks for suggesting these tools. Here are the reasons why I don't think it is worth adding them though:

• When analyzing malware, you usually capture the VM traffic from the host machine using either Wireshark or any other software. So, no need to have Wireshark in the malware VM IMHO.
• nmap is not really useful for software reverse engineering, is it?
• PEiD is old and by now probably completely superseded by DIE/Exeinfo PE.
• Hex-Rays does not allow anyone else to redistribute IDA.

Thanks!

Oh, now i realized :)

• When analyzing malware, you usually capture the VM traffic from the host machine using either Wireshark or any other software. So, no need to have Wireshark in the malware VM IMHO.
  Bang1338: Just like any.run?

• nmap is not really useful for software reverse engineering, is it?
  Bang1338: Yeah I agreed, but somehow it's useful for scanning license server and hack it? Good idea?

• PEiD is old and by now probably completely superseded by DIE/Exeinfo PE.
  Bang1338: Like I said before, I agreed with that.

• Hex-Rays does not allow anyone else to redistribute IDA.
  Bang1338: I agreed. Hex-Rays is very greedy btw

[merces]

When analyzing malware, you usually capture the VM traffic from the host machine using either Wireshark or any other software. So, no need to have Wireshark in the malware VM IMHO.
Bang1338: Just like any.run?

I meant you can capture the VM traffic using your host OS. It's safer and faster. 😊 But Wireshark/tshark could still be useful for localhost traffic capture for example.

nmap is not really useful for software reverse engineering, is it?
Bang1338: Yeah I agreed, but somehow it's useful for scanning license server and hack it? Good idea?

Indeed. Will be in the next release. Thanks!

[Bang1338]

nice!