{"id":1541,"date":"2023-02-20T15:54:20","date_gmt":"2023-02-20T15:54:20","guid":{"rendered":"https:\/\/cycuri.com\/?p=1541"},"modified":"2023-02-20T23:44:28","modified_gmt":"2023-02-20T23:44:28","slug":"les-meilleurs-outils-et-ressources-d-analyse-de-logiciels-malveillants","status":"publish","type":"post","link":"https:\/\/cycuri.com\/les-meilleurs-outils-et-ressources-d-analyse-de-logiciels-malveillants\/","title":{"rendered":"Les meilleurs outils et ressources d&rsquo; analyse de logiciels malveillants"},"content":{"rendered":"<div style=\"margin-top: 0px; margin-bottom: 0px;\" class=\"sharethis-inline-share-buttons\" ><\/div>\n<p>Les outils d&rsquo;analyse des logiciels malveillants sont essentiels pour les professionnels de la s\u00e9curit\u00e9 qui ont toujours besoin d&rsquo;apprendre de nombreux outils, techniques et concepts pour analyser les menaces sophistiqu\u00e9es et les cyberattaques actuelles.<\/p>\n\n\n\n<p>L&rsquo;analyse de code malveillant et de logiciels malveillants sophistiqu\u00e9s sans outils d&rsquo;analyse de logiciels malveillants est presque impossible car il existe une vari\u00e9t\u00e9 de techniques et de fonctions qui seront utilis\u00e9es dans la structure du logiciel malveillant.<\/p>\n\n\n\n<p>Nous avons r\u00e9pertori\u00e9 ici les centaines d&rsquo;outils et de ressources d&rsquo;analyse de logiciels malveillants pour aider les professionnels de la s\u00e9curit\u00e9 et les analystes de logiciels malveillants \u00e0 comprendre le logiciel malveillant et \u00e0 d\u00e9composer ses intentions malveillantes.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-malware-analysis-courses\"><strong>Cours d&rsquo;analyse des logiciels malveillants<\/strong><\/h2>\n\n\n\n<p>Ici, nous avons r\u00e9pertori\u00e9 la meilleure liste de cours pour l&rsquo;analyse des logiciels malveillants, l&rsquo;ing\u00e9nierie inverse, le d\u00e9veloppement d&rsquo;exploits et plus encore.<\/p>\n\n\n\n<ul>\n<li><strong><a href=\"https:\/\/ethicalhackersacademy.com\/products\/certified-malware-analyst\" target=\"_blank\" rel=\"noreferrer noopener\">Certified Malware Analyst&nbsp;<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/ethicalhackersacademy.com\/collections\/threat-analysis\/products\/advance-malware-analyst-bundle\" target=\"_blank\" rel=\"noreferrer noopener\">Learn Malware Analysis \u2013 Advanced Malware Analyst Bundle<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/ethicalhackersacademy.com\/collections\/threat-analysis\/products\/malware-analysis-training\" target=\"_blank\" rel=\"noreferrer noopener\">Advanced Malware Analysis \u2013 Practical Training with Exploit Kits<\/a><\/strong><\/li>\n\n\n\n<li><a href=\"https:\/\/ethicalhackersacademy.com\/products\/exploit-development-course\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Certified Exploit Writer \u2013 Became a Master in Exploit Writing &amp; Reverse Engineering<\/strong><\/a><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/ethicalhackersacademy.com\/collections\/threat-analysis\/products\/certified-cyber-threat-intelligence-analyst\" target=\"_blank\" rel=\"noreferrer noopener\">Certified Cyber Threat Intelligence Analyst<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/ethicalhackersacademy.com\/collections\/threat-analysis\/products\/certified-advanced-persistent-threat-analyst\" target=\"_blank\" rel=\"noreferrer noopener\">Certified Advanced Persistent Threat Analyst<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/tuts4you.com\/download.php?list.17\" target=\"_blank\" rel=\"noreferrer noopener\">Lenas Reversing for Newbies<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"http:\/\/opensecuritytraining.info\/Training.html\" target=\"_blank\" rel=\"noreferrer noopener\">Open Security Training<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"http:\/\/fumalwareanalysis.blogspot.sg\/p\/malware-analysis-tutorials-reverse.html\" target=\"_blank\" rel=\"noreferrer noopener\">Dr. Fu\u2019s Ma<\/a><a href=\"http:\/\/fumalwareanalysis.blogspot.sg\/p\/malware-analysis-tutorials-reverse.html\" target=\"_blank\" rel=\"noreferrer noopener\">l<\/a><a href=\"http:\/\/fumalwareanalysis.blogspot.sg\/p\/malware-analysis-tutorials-reverse.html\" target=\"_blank\" rel=\"noreferrer noopener\">ware Analysis<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"http:\/\/www.binary-auditing.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">Binary Auditing Course<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"http:\/\/www.woodmann.com\/TiGa\/\" target=\"_blank\" rel=\"noreferrer noopener\">TiGa\u2019s Video Tutorials<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/tuts4you.com\/download.php?list.97\" target=\"_blank\" rel=\"noreferrer noopener\">Legend of Random<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"http:\/\/security.cs.rpi.edu\/courses\/binexp-spring2015\/\" target=\"_blank\" rel=\"noreferrer noopener\">Modern Binary Exploitation<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/github.com\/RPISEC\/Malware\" target=\"_blank\" rel=\"noreferrer noopener\">RPISEC Malware Course<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/www.sans.org\/course\/reverse-engineering-malware-malware-analysis-tools-techniques\/Type\/asc\/all\" target=\"_blank\" rel=\"noreferrer noopener\">SANS FOR 610 GREM<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/recon.cx\/2015\/training.html\" target=\"_blank\" rel=\"noreferrer noopener\">REcon Training<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/www.blackhat.com\/us-16\/training\/\" target=\"_blank\" rel=\"noreferrer noopener\">Blackhat Training<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/www.offensive-security.com\/information-security-training\/\" target=\"_blank\" rel=\"noreferrer noopener\">Offensive Security<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/www.corelan-training.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">Corelan Training<\/a><\/strong><\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/rednaga\/training\/raw\/master\/DEFCON23\/O%26D%20-%20Android%20Reverse%20Engineering.pdf\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Offensive and Defensive Android Reversing<\/strong><\/a><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-hex-editors\"><strong>\u00c9diteurs hexad\u00e9cimaux<\/strong><\/h2>\n\n\n\n<p>Un \u00e9diteur hexad\u00e9cimal (ou \u00e9diteur de fichier binaire ou byteeditor) est un type de programme informatique qui permet la manipulation des donn\u00e9es binaires fondamentales qui constituent un fichier informatique. Le nom \u00ab hexad\u00e9cimal \u00bb vient de \u00ab hexad\u00e9cimal \u00bb : un format num\u00e9rique standard pour repr\u00e9senter des donn\u00e9es binaires.<\/p>\n\n\n\n<ul>\n<li><strong><a href=\"https:\/\/mh-nexus.de\/en\/hxd\/\" target=\"_blank\" rel=\"noreferrer noopener\">HxD<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"http:\/\/www.sweetscape.com\/010editor\/\" target=\"_blank\" rel=\"noreferrer noopener\">010 Editor<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"http:\/\/www.hexworkshop.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">Hex Workshop<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"http:\/\/ridiculousfish.com\/hexfiend\/\" target=\"_blank\" rel=\"noreferrer noopener\">HexFiend<\/a><\/strong><\/li>\n\n\n\n<li><a href=\"http:\/\/www.hiew.ru\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Hiew<\/strong><\/a><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>D\u00e9sassembleurs&nbsp;<\/strong><\/h2>\n\n\n\n<p>Un&nbsp; <strong>d\u00e9sassembleur<\/strong> &nbsp;est un programme informatique qui traduit le langage machine en langage assembleur, l&rsquo;op\u00e9ration inverse de celle d&rsquo;un assembleur.<\/p>\n\n\n\n<p>Un d\u00e9sassembleur diff\u00e8re d&rsquo;un d\u00e9compilateur, qui cible un langage de haut niveau plut\u00f4t qu&rsquo;un langage d&rsquo;assemblage. Le d\u00e9sassemblage, la sortie d&rsquo;un d\u00e9sassembleur, est souvent format\u00e9 pour \u00eatre lisible par l&rsquo;homme plut\u00f4t que pour \u00eatre adapt\u00e9 \u00e0 l&rsquo;entr\u00e9e d&rsquo;un assembleur, ce qui en fait principalement un outil de r\u00e9tro-ing\u00e9nierie.<\/p>\n\n\n\n<ul>\n<li><strong><a href=\"https:\/\/www.hex-rays.com\/products\/ida\/index.shtml\" target=\"_blank\" rel=\"noreferrer noopener\">IDA Pro<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/binary.ninja\/\" target=\"_blank\" rel=\"noreferrer noopener\">Binary Ninja<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"http:\/\/www.radare.org\/r\/\" target=\"_blank\" rel=\"noreferrer noopener\">Radare<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"http:\/\/hopperapp.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">Hopper<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"http:\/\/www.capstone-engine.org\/\" target=\"_blank\" rel=\"noreferrer noopener\">Capstone<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"http:\/\/linux.die.net\/man\/1\/objdump\" target=\"_blank\" rel=\"noreferrer noopener\">objdump<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/github.com\/cseagle\/fREedom\" target=\"_blank\" rel=\"noreferrer noopener\">fREedom<\/a><\/strong><\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/plasma-disassembler\/plasma\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>plasma<\/strong><\/a><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-detection-and-classification\"><strong>D\u00e9tection et classification<\/strong><\/h2>\n\n\n\n<ul>\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/hiddenillusion\/AnalyzePE\" target=\"_blank\" rel=\"noreferrer noopener\">AnalyzePE<\/a> &nbsp;&#8211;<\/strong> Wrapper pour une vari\u00e9t\u00e9 d&rsquo;outils de cr\u00e9ation de rapports sur les fichiers Windows PE.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/bitbucket.org\/cse-assemblyline\/assemblyline\" target=\"_blank\" rel=\"noreferrer noopener\">Assemblyline<\/a><\/strong> &nbsp;&#8211; Un cadre d&rsquo;analyse de fichiers distribu\u00e9 \u00e9volutif.<\/li>\n\n\n\n<li><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/airbnb\/binaryalert\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>BinaryAlert<\/strong><\/a> &nbsp;\u2013 Un pipeline AWS open source et sans serveur qui analyse et alerte sur les fichiers t\u00e9l\u00e9charg\u00e9s en fonction d&rsquo;un ensemble de r\u00e8gles YARA.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/www.clamav.net\/\" target=\"_blank\" rel=\"noreferrer noopener\">ClamAV<\/a>&nbsp;<\/strong> \u2013 Moteur antivirus open source.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/horsicq\/Detect-It-Easy\" target=\"_blank\" rel=\"noreferrer noopener\">Detect-It-Easy<\/a><\/strong> &nbsp;\u2013 Un programme pour d\u00e9terminer les types de fichiers.<\/li>\n\n\n\n<li><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/www.sno.phy.queensu.ca\/~phil\/exiftool\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>ExifTool<\/strong>&nbsp;<\/a> &#8211; Lire, \u00e9crire et modifier les m\u00e9tadonn\u00e9es des fichiers.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/EmersonElectricCo\/fsf\" target=\"_blank\" rel=\"noreferrer noopener\">Cadre d&rsquo;analyse de fichiers<\/a><\/strong> &nbsp;\u2013 Solution d&rsquo;analyse de fichiers modulaire et r\u00e9cursive.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/jessek\/hashdeep\" target=\"_blank\" rel=\"noreferrer noopener\">hashdeep<\/a> &nbsp;&#8211;<\/strong> Calcule les hachages de r\u00e9sum\u00e9 avec une vari\u00e9t\u00e9 d&rsquo;algorithmes.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/Neo23x0\/Loki\" target=\"_blank\" rel=\"noreferrer noopener\">Loki<\/a>&nbsp;<\/strong> &#8211; Scanner bas\u00e9 sur l&rsquo;h\u00f4te pour les IOC.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/Dynetics\/Malfunction\" target=\"_blank\" rel=\"noreferrer noopener\">Dysfonctionnement<\/a><\/strong> &nbsp;&#8211; Cataloguez et comparez les logiciels malveillants au niveau de la fonction.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/KoreLogicSecurity\/mastiff\" target=\"_blank\" rel=\"noreferrer noopener\">MASTIFF<\/a>&nbsp;<\/strong> \u2013 Cadre d&rsquo;analyse statique.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/mitre\/multiscanner\" target=\"_blank\" rel=\"noreferrer noopener\">MultiScanner<\/a>&nbsp;<\/strong> &#8211; Cadre de num\u00e9risation \/ analyse de fichiers modulaire<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/rjhansen\/nsrllookup\" target=\"_blank\" rel=\"noreferrer noopener\">nsrllookup<\/a><\/strong> &nbsp;&#8211; Un outil pour rechercher des hachages dans la base de donn\u00e9es de la biblioth\u00e8que nationale de r\u00e9f\u00e9rence des logiciels du NIST.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/handlers.sans.org\/jclausing\/packerid.py\" target=\"_blank\" rel=\"noreferrer noopener\">packerid<\/a>&nbsp;<\/strong> &#8211; Une alternative Python multiplateforme \u00e0 PEiD.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/pev.sourceforge.net\/\" target=\"_blank\" rel=\"noreferrer noopener\">PEV<\/a> &nbsp;&#8211;<\/strong> Une bo\u00eete \u00e0 outils multiplateforme pour travailler avec des fichiers PE, fournissant des outils riches en fonctionnalit\u00e9s pour une analyse appropri\u00e9e des fichiers binaires suspects.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/rkhunter.sourceforge.net\/\" target=\"_blank\" rel=\"noreferrer noopener\">Rootkit Hunter<\/a><\/strong> &nbsp;&#8211; D\u00e9tecte les rootkits Linux.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/ssdeep-project.github.io\/ssdeep\/\" target=\"_blank\" rel=\"noreferrer noopener\">ssdeep<\/a>&nbsp;<\/strong> \u2013 Calcule les hachages flous.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/gist.github.com\/gleblanc1783\/3c8e6b379fa9d646d401b96ab5c7877f\" target=\"_blank\" rel=\"noreferrer noopener\">totalhash.py<\/a><\/strong> &nbsp;&#8211; Script Python pour une recherche facile dans la base de donn\u00e9es TotalHash.cymru.com.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/mark0.net\/soft-trid-e.html\" target=\"_blank\" rel=\"noreferrer noopener\">TrID<\/a> &nbsp;\u2013<\/strong> Identifiant du fichier.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/plusvic.github.io\/yara\/\" target=\"_blank\" rel=\"noreferrer noopener\">YARA<\/a>&nbsp;<\/strong> &#8211; Outil de correspondance de mod\u00e8les pour les analystes.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/Neo23x0\/yarGen\" target=\"_blank\" rel=\"noreferrer noopener\">G\u00e9n\u00e9rateur de r\u00e8gles Yara<\/a>&nbsp;<\/strong> &#8211; G\u00e9n\u00e9rez des r\u00e8gles Yara bas\u00e9es sur un ensemble d&rsquo;\u00e9chantillons de logiciels malveillants. Contient \u00e9galement une bonne base de donn\u00e9es de cha\u00eenes pour \u00e9viter les faux positifs<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-dynamic-binary-instrumentation\"><strong>Instrumentation binaire dynamique<\/strong><\/h2>\n\n\n\n<p><em>Outils d&rsquo;instrumentation binaire dynamique<\/em><\/p>\n\n\n\n<ul>\n<li><strong><a href=\"https:\/\/software.intel.com\/en-us\/articles\/pin-a-dynamic-binary-instrumentation-tool\" target=\"_blank\" rel=\"noreferrer noopener\">Pin<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"http:\/\/www.dynamorio.org\/\" target=\"_blank\" rel=\"noreferrer noopener\">DynamoRio<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/www.frida.re\/\" target=\"_blank\" rel=\"noreferrer noopener\">frida<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"http:\/\/www.dyninst.org\/\" target=\"_blank\" rel=\"noreferrer noopener\">dyninst<\/a><\/strong><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-mac-decrypt\"><strong>Mac D\u00e9crypter<\/strong><\/h2>\n\n\n\n<p><em>Outils de d\u00e9cryptage Mac<\/em><\/p>\n\n\n\n<ul>\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/cerbero-blog.com\/?p%3D1311\" target=\"_blank\" rel=\"noreferrer noopener\">Cerbero Profiler<\/a> \u2013<\/strong> Tout s\u00e9lectionner -&gt; Copier dans un nouveau fichier<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/AlanQuatermain\/appencryptor\" target=\"_blank\" rel=\"noreferrer noopener\">AppEncryptor<\/a> \u2013<\/strong> Outil de d\u00e9cryptage<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/stevenygard.com\/projects\/class-dump\/\" target=\"_blank\" rel=\"noreferrer noopener\">Class-Dump<\/a> &#8211;<\/strong> utiliser l&rsquo;option de protection<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/gdbinit\/readmem\" target=\"_blank\" rel=\"noreferrer noopener\">readmem<\/a> &#8211;<\/strong> Outil de vidage de processus d&rsquo;OS X Reverser<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-emulator\"><strong>\u00c9mulateur<\/strong><\/h2>\n\n\n\n<p><em>Outils d&rsquo;\u00e9mulateur<\/em><\/p>\n\n\n\n<ul>\n<li><strong><a href=\"http:\/\/www.qemu-project.org\/\" target=\"_blank\" rel=\"noreferrer noopener\">Qemu<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/github.com\/unicorn-engine\/unicorn\" target=\"_blank\" rel=\"noreferrer noopener\">unicorn<\/a><\/strong><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-document-analysis\"><strong>Analyse de documents<\/strong><\/h2>\n\n\n\n<p>Outils d&rsquo;analyse de logiciels malveillants bas\u00e9s sur des documents.<\/p>\n\n\n\n<ul>\n<li><strong><a href=\"http:\/\/www.decalage.info\/python\/oletools\" target=\"_blank\" rel=\"noreferrer noopener\">Ole Tools<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"http:\/\/blog.didierstevens.com\/programs\/pdf-tools\/\" target=\"_blank\" rel=\"noreferrer noopener\">Didier\u2019s PDF Tools<\/a><\/strong><\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/cogent\/origami-pdf\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Origami<\/strong><\/a><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Analyse dynamique<\/strong><\/h2>\n\n\n\n<p>Ce cours d&rsquo;introduction \u00e0 l&rsquo;analyse dynamique des logiciels malveillants est d\u00e9di\u00e9 aux personnes qui commencent \u00e0 travailler sur l&rsquo;analyse des logiciels malveillants ou qui souhaitent savoir quels types d&rsquo;artefacts laiss\u00e9s par les logiciels malveillants peuvent \u00eatre d\u00e9tect\u00e9s via divers outils.<\/p>\n\n\n\n<p>La classe sera une classe pratique o\u00f9 les \u00e9tudiants peuvent utiliser divers outils pour rechercher \u00e0 quel point les logiciels malveillants sont\u00a0: persistants, communicants et cach\u00e9s.<\/p>\n\n\n\n<ul>\n<li><strong><a href=\"http:\/\/processhacker.sourceforge.net\/\" target=\"_blank\" rel=\"noreferrer noopener\">ProcessHacker<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/technet.microsoft.com\/en-us\/sysinternals\/processexplorer\" target=\"_blank\" rel=\"noreferrer noopener\">Process Explorer<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/technet.microsoft.com\/en-us\/sysinternals\/processmonitor\" target=\"_blank\" rel=\"noreferrer noopener\">Process Monitor<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/technet.microsoft.com\/en-us\/sysinternals\/bb963902\" target=\"_blank\" rel=\"noreferrer noopener\">Autoruns<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/github.com\/Rurik\/Noriben\" target=\"_blank\" rel=\"noreferrer noopener\">Noriben<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"http:\/\/www.rohitab.com\/apimonitor\" target=\"_blank\" rel=\"noreferrer noopener\">API Monitor<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/www.wireshark.org\/download.html\">Wireshark<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"http:\/\/practicalmalwareanalysis.com\/fakenet\/\" target=\"_blank\" rel=\"noreferrer noopener\">Fakenet<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/github.com\/volatilityfoundation\/volatility\" target=\"_blank\" rel=\"noreferrer noopener\">Volatility<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/github.com\/504ensicsLabs\/LiME\" target=\"_blank\" rel=\"noreferrer noopener\">LiME<\/a><\/strong><\/li>\n\n\n\n<li><a href=\"https:\/\/www.cuckoosandbox.org\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Cuckoo<\/strong><\/a><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/objective-see.com\/products.html\">O<\/a><a href=\"https:\/\/objective-see.com\/products.html\" target=\"_blank\" rel=\"noreferrer noopener\">b<\/a><a href=\"https:\/\/objective-see.com\/products.html\">jective-See Utilities<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/developer.apple.com\/xcode\/download\/\" target=\"_blank\" rel=\"noreferrer noopener\">XCode Instruments<\/a><\/strong> \u2013 XCode Instruments for Monitoring Files and Processes <a href=\"https:\/\/developer.apple.com\/library\/watchos\/documentation\/DeveloperTools\/Conceptual\/InstrumentsUserGuide\/index.html\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>User Guide<\/strong><\/a><\/li>\n\n\n\n<li><strong><a href=\"http:\/\/dtrace.org\/blogs\/brendan\/2011\/10\/10\/top-10-dtrace-scripts-for-mac-os-x\/\" target=\"_blank\" rel=\"noreferrer noopener\">dtrace<\/a> \u2013<\/strong> sudo dtruss = strace <strong><a href=\"http:\/\/mfukar.github.io\/2014\/03\/19\/dtrace.html\" target=\"_blank\" rel=\"noreferrer noopener\">dtrace recipes<\/a><\/strong><\/li>\n\n\n\n<li><a href=\"https:\/\/developer.apple.com\/library\/mac\/documentation\/Darwin\/Reference\/ManPages\/man1\/fs_usage.1.html\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>fs_usage<\/strong><\/a> \u2013 report system calls and page faults related to filesystem activity in real-time. File I\/O: fs_usage -w -f filesystem<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/developer.apple.com\/library\/mac\/documentation\/Darwin\/Reference\/ManPages\/man8\/dmesg.8.html\" target=\"_blank\" rel=\"noreferrer noopener\">dmesg<\/a> \u2013<\/strong> display the system message buffer<\/li>\n\n\n\n<li><a href=\"https:\/\/triton.quarkslab.com\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Triton<\/strong><\/a><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>D\u00e9sobscurcissement<\/strong><\/h2>\n\n\n\n<p><em>Reverse XOR et autres<strong><\/strong><\/em> outils et m\u00e9thodes <em><strong>d&rsquo;analyse de logiciels malveillants<\/strong><\/em><em> d&rsquo;obfuscation de code .<\/em><\/p>\n\n\n\n<ul>\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/bitbucket.org\/decalage\/balbuzard\/wiki\/Home\" target=\"_blank\" rel=\"noreferrer noopener\">Balbuzard<\/a>&nbsp;<\/strong> &#8211; Un outil d&rsquo;analyse des logiciels malveillants pour inverser l&rsquo;obscurcissement (XOR, ROL, etc.) et plus encore.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/0xd4d\/de4dot\" target=\"_blank\" rel=\"noreferrer noopener\">de4dot<\/a>&nbsp;<\/strong> &#8211; D\u00e9sobfuscateur et d\u00e9compresseur .NET.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/hooked-on-mnemonics.blogspot.com\/2014\/04\/expexorpy.html\">ex_pe_xor<\/a> &nbsp;&amp;&nbsp; <a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/hooked-on-mnemonics.blogspot.com\/p\/iheartxor.html\" target=\"_blank\" rel=\"noreferrer noopener\">iheartxor<\/a>&nbsp;<\/strong> &#8211; Deux outils d&rsquo;Alexander Hanel pour travailler avec des fichiers encod\u00e9s XOR \u00e0 un octet.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/fireeye\/flare-floss\">FLOSS<\/a>&nbsp;<\/strong> \u2013 Le solveur de cha\u00eenes obfusqu\u00e9es de FireEye Labs utilise des techniques d&rsquo;analyse statique avanc\u00e9es pour d\u00e9sobscurcir automatiquement les cha\u00eenes des fichiers binaires malveillants.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/hiddenillusion\/NoMoreXOR\" target=\"_blank\" rel=\"noreferrer noopener\">NoMoreXOR<\/a> &nbsp;&#8211;<\/strong> Devinez une cl\u00e9 XOR de 256 octets en utilisant l&rsquo;analyse de fr\u00e9quence.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/BromiumLabs\/PackerAttacker\" target=\"_blank\" rel=\"noreferrer noopener\">PackerAttacker<\/a> &nbsp;&#8211;<\/strong> Un extracteur de code cach\u00e9 g\u00e9n\u00e9rique pour les logiciels malveillants Windows.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/malwaremusings\/unpacker\/\" target=\"_blank\" rel=\"noreferrer noopener\">unpacker<\/a>&nbsp;<\/strong> &#8211; Unpacker automatis\u00e9 de logiciels malveillants pour les logiciels malveillants Windows bas\u00e9 sur WinAppDbg.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/tomchop\/unxor\/\" target=\"_blank\" rel=\"noreferrer noopener\">unxor<\/a>&nbsp;<\/strong> &#8211; Devinez les cl\u00e9s XOR \u00e0 l&rsquo;aide d&rsquo;attaques en clair connues.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/jnraber\/VirtualDeobfuscator\" target=\"_blank\" rel=\"noreferrer noopener\">VirtualDeobfuscator<\/a>&nbsp;<\/strong> &#8211; Outil d&rsquo;ing\u00e9nierie inverse pour les wrappers de virtualisation.<\/li>\n\n\n\n<li><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/eternal-todo.com\/var\/scripts\/xorbruteforcer\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>XORBruteForcer<\/strong><\/a> &nbsp;&#8211; Un script Python pour forcer brutalement les cl\u00e9s XOR \u00e0 un octet.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/blog.didierstevens.com\/programs\/xorsearch\/\" target=\"_blank\" rel=\"noreferrer noopener\">XORSearch &amp; XORStrings<\/a><\/strong> &nbsp;&#8211; Quelques programmes de Didier Stevens pour trouver des donn\u00e9es XORed.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/hellman\/xortool\" target=\"_blank\" rel=\"noreferrer noopener\">xortool<\/a><\/strong> &nbsp;&#8211; Devinez la longueur de la cl\u00e9 XOR, ainsi que la cl\u00e9 elle-m\u00eame.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-debugging\"><strong>D\u00e9bogage<\/strong><\/h2>\n\n\n\n<p>Dans cette liste, nous avons pu voir les outils pour les d\u00e9sassembleurs, les d\u00e9bogueurs et d&rsquo;autres outils d&rsquo;analyse statique et dynamique. <strong>Outils de d\u00e9bogage multiplateforme<\/strong><\/p>\n\n\n\n<ul>\n<li><strong><a href=\"https:\/\/www.gnu.org\/software\/gdb\/\" target=\"_blank\" rel=\"noreferrer noopener\">gdb<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/github.com\/vivisect\/vivisect\" target=\"_blank\" rel=\"noreferrer noopener\">vdb<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"http:\/\/lldb.llvm.org\/\" target=\"_blank\" rel=\"noreferrer noopener\">lldb<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"http:\/\/qira.me\/\" target=\"_blank\" rel=\"noreferrer noopener\">qira<\/a><\/strong><\/li>\n<\/ul>\n\n\n\n<p><strong>Outils de d\u00e9bogage pour Windows uniquement<\/strong><\/p>\n\n\n\n<ul>\n<li><strong><a href=\"https:\/\/msdn.microsoft.com\/en-us\/windows\/hardware\/hh852365.aspx\" target=\"_blank\" rel=\"noreferrer noopener\">WinDbg<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/www.immunityinc.com\/products\/debugger\/\" target=\"_blank\" rel=\"noreferrer noopener\">ImmunityDebugger<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"http:\/\/www.ollydbg.de\/\" target=\"_blank\" rel=\"noreferrer noopener\">OllyDbg v1.10<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"http:\/\/www.ollydbg.de\/version2.html\" target=\"_blank\" rel=\"noreferrer noopener\">OllyDbg v2.01<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/tuts4you.com\/download.php?view.2061\" target=\"_blank\" rel=\"noreferrer noopener\">OllySnD<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/tuts4you.com\/download.php?view.6\" target=\"_blank\" rel=\"noreferrer noopener\">Olly Shadow<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/tuts4you.com\/download.php?view.1206\" target=\"_blank\" rel=\"noreferrer noopener\">Olly CiMs<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/tuts4you.com\/download.php?view.1206\" target=\"_blank\" rel=\"noreferrer noopener\">Olly UST_2bg<\/a><\/strong><\/li>\n\n\n\n<li><a href=\"http:\/\/x64dbg.com\/#start\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>x64dbg<\/strong><\/a><\/li>\n<\/ul>\n\n\n\n<p><strong>Outils de d\u00e9bogage pour Linux uniquement<\/strong><\/p>\n\n\n\n<ul>\n<li><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/www.gnu.org\/software\/ddd\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>JDD<\/strong><\/a><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-reverse-engineering\"><strong>Ing\u00e9nierie inverse&nbsp;<\/strong><\/h2>\n\n\n\n<ul>\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/angr\/angr\" target=\"_blank\" rel=\"noreferrer noopener\">angr<\/a> &nbsp;&#8211;<\/strong> Cadre d&rsquo;analyse binaire ind\u00e9pendant de la plate-forme d\u00e9velopp\u00e9 au Seclab de l&rsquo;UCSB.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/bwall\/bamfdetect\" target=\"_blank\" rel=\"noreferrer noopener\">bamfdetect<\/a><\/strong> &nbsp;\u2013 Identifie et extrait les informations des robots et autres logiciels malveillants.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/BinaryAnalysisPlatform\/bap\" target=\"_blank\" rel=\"noreferrer noopener\">BAP<\/a>&nbsp;<\/strong> &#8211; Cadre d&rsquo;analyse binaire multiplateforme et open source (MIT) d\u00e9velopp\u00e9 au Cylab de CMU.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/programa-stic\/barf-project\" target=\"_blank\" rel=\"noreferrer noopener\">BARF<\/a>&nbsp;<\/strong> &#8211; Cadre d&rsquo;analyse binaire et d&rsquo;ing\u00e9nierie inverse multiplateforme et open source.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/google\/binnavi\" target=\"_blank\" rel=\"noreferrer noopener\">binnavi<\/a>&nbsp;<\/strong> &#8211; IDE d&rsquo;analyse binaire pour la r\u00e9tro-ing\u00e9nierie bas\u00e9e sur la visualisation de graphes.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/binary.ninja\/\" target=\"_blank\" rel=\"noreferrer noopener\">Binary ninja<\/a><\/strong> &nbsp;&#8211; Une plate-forme d&rsquo;ing\u00e9nierie inverse qui est une alternative \u00e0 IDA.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/devttys0\/binwalk\" target=\"_blank\" rel=\"noreferrer noopener\">Binwalk<\/a>&nbsp;<\/strong> &#8211; Outil d&rsquo;analyse du micrologiciel.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/www.bokken.re\/\" target=\"_blank\" rel=\"noreferrer noopener\">Bokken<\/a>&nbsp;<\/strong> &#8211; Interface graphique pour Pyew et Radare. (<a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/inguma\/bokken\"> miroir<\/a> )<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/aquynh\/capstone\" target=\"_blank\" rel=\"noreferrer noopener\">Capstone<\/a>&nbsp;<\/strong> &#8211; Framework de d\u00e9sassemblage pour l&rsquo;analyse et l&rsquo;inversion binaires, avec prise en charge de nombreuses architectures et liaisons dans plusieurs langages.<\/li>\n\n\n\n<li><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/hugsy\/codebro\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>codebro<\/strong><\/a> &nbsp;&#8211; Navigateur de code bas\u00e9 sur le Web utilisant clang pour fournir une analyse de code de base.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/sycurelab\/DECAF\" target=\"_blank\" rel=\"noreferrer noopener\">DECAF (Dynamic Executable Code Analysis Framework)<\/a><\/strong> &nbsp;&#8211; Une plate-forme d&rsquo;analyse binaire bas\u00e9e sur QEMU. DroidScope est maintenant une extension de DECAF.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/0xd4d\/dnSpy\" target=\"_blank\" rel=\"noreferrer noopener\">dnSpy<\/a>&nbsp;<\/strong> &#8211; \u00c9diteur d&rsquo;assemblage .NET, d\u00e9compilateur et d\u00e9bogueur.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/codef00.com\/projects%23debugger\" target=\"_blank\" rel=\"noreferrer noopener\">Evan&rsquo;s Debugger (EDB)<\/a>&nbsp;<\/strong> &#8211; Un d\u00e9bogueur modulaire avec une interface graphique Qt.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/rabbitstack\/fibratus\" target=\"_blank\" rel=\"noreferrer noopener\">Fibratus<\/a>&nbsp;<\/strong> &#8211; Outil d&rsquo;exploration et de tra\u00e7age du noyau Windows.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/www.mcafee.com\/us\/downloads\/free-tools\/fport.aspx\" target=\"_blank\" rel=\"noreferrer noopener\">FPort<\/a> &nbsp;&#8211;<\/strong> Signale les ports TCP \/ IP et UDP ouverts dans un syst\u00e8me en direct et les mappe \u00e0 l&rsquo;application propri\u00e9taire.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/www.sourceware.org\/gdb\/\" target=\"_blank\" rel=\"noreferrer noopener\">GDB<\/a>&nbsp;<\/strong> \u2013 Le d\u00e9bogueur GNU.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/hugsy\/gef\" target=\"_blank\" rel=\"noreferrer noopener\">GEF<\/a> &nbsp;&#8211;<\/strong> GDB Enhanced Features, pour les exploiteurs et l&rsquo;ing\u00e9nierie inverse.<\/li>\n\n\n\n<li><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/codypierce\/hackers-grep\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>hackers-grep<\/strong><\/a> &nbsp;&#8211; Un utilitaire pour rechercher des cha\u00eenes dans les ex\u00e9cutables PE, y compris les importations, les exportations et les symboles de d\u00e9bogage.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/www.hopperapp.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">Hopper<\/a> &nbsp;&#8211;<\/strong> Le d\u00e9sassembleur macOS et Linux.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/www.hex-rays.com\/products\/ida\/index.shtml\" target=\"_blank\" rel=\"noreferrer noopener\">IDA Pro<\/a>&nbsp;<\/strong> &#8211; D\u00e9sassembleur et d\u00e9bogueur Windows, avec une version d&rsquo;\u00e9valuation gratuite.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/debugger.immunityinc.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">D\u00e9bogueur d&rsquo;immunit\u00e9<\/a>&nbsp;<\/strong> &#8211; D\u00e9bogueur pour l&rsquo;analyse des logiciels malveillants et plus encore, avec une API Python.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/ilspy.net\/\" target=\"_blank\" rel=\"noreferrer noopener\">ILSpy<\/a> &nbsp;&#8211;<\/strong> ILSpy est le navigateur et le d\u00e9compilateur d&rsquo;assemblage .NET open source.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/kaitai.io\/\">Kai <\/a><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/kaitai.io\/\" target=\"_blank\" rel=\"noreferrer noopener\">t <\/a><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/kaitai.io\/\">ai Struct<\/a>&nbsp;<\/strong> \u2013 DSL pour les formats de fichiers\/protocoles r\u00e9seau\/structures de donn\u00e9es r\u00e9tro-ing\u00e9nierie et dissection, avec g\u00e9n\u00e9ration de code pour C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/lief.quarkslab.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">LIEF<\/a>&nbsp;<\/strong> &#8211; LIEF fournit une biblioth\u00e8que multiplateforme pour analyser, modifier et r\u00e9sumer les formats ELF, PE et MachO.<\/li>\n\n\n\n<li><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/ltrace.org\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>ltrace<\/strong><\/a> &nbsp;&#8211; Analyse dynamique des ex\u00e9cutables Linux.<\/li>\n\n\n\n<li><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/en.wikipedia.org\/wiki\/Objdump\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>objdump<\/strong><\/a> &nbsp;&#8211; Partie de GNU binutils, pour l&rsquo;analyse statique des binaires Linux.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/www.ollydbg.de\/\" target=\"_blank\" rel=\"noreferrer noopener\">OllyDbg<\/a>&nbsp;<\/strong> &#8211; Un d\u00e9bogueur au niveau de l&rsquo;assemblage pour les ex\u00e9cutables Windows.<\/li>\n\n\n\n<li><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/moyix\/panda\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>PANDA<\/strong><\/a> &nbsp;&#8211; Plate-forme d&rsquo;analyse dynamique neutre en architecture.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/longld\/peda\" target=\"_blank\" rel=\"noreferrer noopener\">PEDA<\/a> &nbsp;&#8211;<\/strong> Python Exploit Development Assistance for GDB, un affichage am\u00e9lior\u00e9 avec des commandes suppl\u00e9mentaires.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/winitor.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">pestudio<\/a><\/strong> &nbsp;&#8211; Effectue une analyse statique des ex\u00e9cutables Windows.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/cmu-sei\/pharos\" target=\"_blank\" rel=\"noreferrer noopener\">Pharos<\/a>&nbsp;<\/strong> &#8211; Le cadre d&rsquo;analyse binaire Pharos peut \u00eatre utilis\u00e9 pour effectuer une analyse statique automatis\u00e9e des binaires.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/plasma-disassembler\/plasma\" target=\"_blank\" rel=\"noreferrer noopener\">plasma<\/a><\/strong> &nbsp;&#8211; D\u00e9sassembleur interactif pour x86\/ARM\/MIPS.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/www.mzrst.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">PPEE (chiot)<\/a><\/strong> &nbsp;&#8211; Un explorateur de fichiers PE professionnel pour les inverseurs, les chercheurs de logiciels malveillants et ceux qui souhaitent inspecter statiquement les fichiers PE plus en d\u00e9tail.<\/li>\n\n\n\n<li><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/docs.microsoft.com\/en-us\/sysinternals\/downloads\/process-explorer\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Process Explorer<\/strong><\/a> &nbsp;&#8211; Gestionnaire de t\u00e2ches avanc\u00e9 pour Windows.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/processhacker.sourceforge.net\/\" target=\"_blank\" rel=\"noreferrer noopener\">Process Hacker<\/a>&nbsp;<\/strong> \u2013 Outil qui surveille les ressources syst\u00e8me.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/docs.microsoft.com\/en-us\/sysinternals\/downloads\/procmon\" target=\"_blank\" rel=\"noreferrer noopener\">Process Monitor<\/a><\/strong> &nbsp;\u2013 Outil de surveillance avanc\u00e9 pour les programmes Windows.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/docs.microsoft.com\/en-us\/sysinternals\/downloads\/pstools\" target=\"_blank\" rel=\"noreferrer noopener\">PSTools<\/a>&nbsp;<\/strong> &#8211; Outils de ligne de commande Windows qui aident \u00e0 g\u00e9rer et \u00e0 enqu\u00eater sur les syst\u00e8mes en direct.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/joxeankoret\/pyew\" target=\"_blank\" rel=\"noreferrer noopener\">Pyew<\/a><\/strong> &nbsp;&#8211; Outil Python pour l&rsquo;analyse des logiciels malveillants.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/Cisco-Talos\/pyrebox\" target=\"_blank\" rel=\"noreferrer noopener\">PyREBox<\/a>&nbsp;<\/strong> &#8211; Bac \u00e0 sable d&rsquo;ing\u00e9nierie inverse scriptable Python par l&rsquo;\u00e9quipe Talos de Cisco.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/ispras\/qemu\/releases\/\" target=\"_blank\" rel=\"noreferrer noopener\">QKD<\/a> &nbsp;&#8211;<\/strong> QEMU avec serveur WinDbg int\u00e9gr\u00e9 pour le d\u00e9bogage furtif.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/www.radare.org\/r\/\" target=\"_blank\" rel=\"noreferrer noopener\">Radare2<\/a> &nbsp;&#8211;<\/strong> Framework d&rsquo;ing\u00e9nierie inverse, avec prise en charge du d\u00e9bogueur.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/sourceforge.net\/projects\/regshot\/\" target=\"_blank\" rel=\"noreferrer noopener\">RegShot<\/a><\/strong> &nbsp;&#8211; Utilitaire de comparaison de registre qui compare les instantan\u00e9s.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/retdec.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">RetDec<\/a> &nbsp;\u2013<\/strong> D\u00e9compilateur de code machine retargetable avec un service de d\u00e9compilation en ligne et une&nbsp;<strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/retdec.com\/api\/\"> API<\/a><\/strong> &nbsp;que vous pouvez utiliser dans vos outils.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/Cisco-Talos\/ROPMEMU\" target=\"_blank\" rel=\"noreferrer noopener\">ROPMEMU<\/a>&nbsp;<\/strong> &#8211; Un cadre pour analyser, diss\u00e9quer et d\u00e9compiler les attaques complexes de r\u00e9utilisation de code.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/pidydx\/SMRT\" target=\"_blank\" rel=\"noreferrer noopener\">SMRT<\/a> &nbsp;&#8211;<\/strong> Sublime Malware Research Tool, un plugin pour Sublime 3 pour aider \u00e0 l&rsquo;analyse des logiciels malveillants.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/sourceforge.net\/projects\/strace\/\" target=\"_blank\" rel=\"noreferrer noopener\">strace<\/a>&nbsp;<\/strong> &#8211; Analyse dynamique des ex\u00e9cutables Linux.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/triton.quarkslab.com\/\">Triton<\/a>&nbsp;<\/strong> &#8211; Un cadre d&rsquo;analyse binaire dynamique (DBA).<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/vmt\/udis86\" target=\"_blank\" rel=\"noreferrer noopener\">Udis86<\/a>&nbsp;<\/strong> &#8211; Biblioth\u00e8que et outil de d\u00e9sassemblage pour x86 et x86_64.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/vivisect\/vivisect\" target=\"_blank\" rel=\"noreferrer noopener\">Vivisect<\/a><\/strong> &nbsp;&#8211; Outil Python pour l&rsquo;analyse des logiciels malveillants.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/developer.microsoft.com\/en-us\/windows\/hardware\/download-windbg\" target=\"_blank\" rel=\"noreferrer noopener\">WinDbg<\/a>&nbsp;<\/strong> &#8211; d\u00e9bogueur polyvalent pour le syst\u00e8me d&rsquo;exploitation informatique Microsoft Windows, utilis\u00e9 pour d\u00e9boguer les applications en mode utilisateur, les pilotes de p\u00e9riph\u00e9rique et les vidages de m\u00e9moire en mode noyau.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/x64dbg\/\" target=\"_blank\" rel=\"noreferrer noopener\">X64dbg<\/a>&nbsp;<\/strong> \u2013 Un d\u00e9bogueur open source x64\/x32 pour Windows.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-binary-format-and-binary-analysis\"><strong>Format binaire et <\/strong><strong>analyse binaire<\/strong><\/h2>\n\n\n\n<p>Le format binaire de fichier compos\u00e9 est le conteneur de base utilis\u00e9 par plusieurs formats de fichiers Microsoft diff\u00e9rents, tels que les documents Microsoft Office et les packages Microsoft Installer.<\/p>\n\n\n\n<ul>\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/www.ntcore.com\/exsuite.php\" target=\"_blank\" rel=\"noreferrer noopener\">Explorateur CFF<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/cerbero.io\/profiler\/\" target=\"_blank\" rel=\"noreferrer noopener\">Cerbero Profiler<\/a> \/\/ <a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/cerbero.io\/peinsider\/\" target=\"_blank\" rel=\"noreferrer noopener\">Lite PE Insider<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/ntinfo.biz\/\" target=\"_blank\" rel=\"noreferrer noopener\">D\u00e9tectez-le facilement<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/www.winitor.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">P\u00e9Studio<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/tuts4you.com\/download.php?view.398\">PEiD<\/a><\/strong><\/li>\n\n\n\n<li><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/gdbinit\/MachOView\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>MachoView<\/strong><\/a><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/developer.apple.com\/library\/mac\/documentation\/Darwin\/Reference\/ManPages\/man1\/nm.1.html\" target=\"_blank\" rel=\"noreferrer noopener\">nm<\/a><\/strong> \u2013 Afficher les symboles<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/developer.apple.com\/library\/mac\/documentation\/Darwin\/Reference\/ManPages\/man1\/file.1.html\" target=\"_blank\" rel=\"noreferrer noopener\">fichier<\/a> \u2013<\/strong> Informations sur le fichier<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/developer.apple.com\/library\/mac\/documentation\/Darwin\/Reference\/ManPages\/man1\/codesign.1.html\" target=\"_blank\" rel=\"noreferrer noopener\">codesign<\/a><\/strong> \u2013 Utilisation des informations de signature de code : codesign -dvvv filename<\/li>\n<\/ul>\n\n\n\n<p><strong>Ressources d&rsquo;analyse binaire<\/strong><\/p>\n\n\n\n<ul>\n<li><strong><a href=\"http:\/\/www.msreverseengineering.com\/research\/\">Mobius Resources<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/z3.codeplex.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">z3<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/github.com\/BinaryAnalysisPlatform\/bap\" target=\"_blank\" rel=\"noreferrer noopener\">bap<\/a><\/strong><\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/angr\/angr\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>angr<\/strong><\/a><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-decompiler\"><strong>D\u00e9compilateur&nbsp;<\/strong><\/h2>\n\n\n\n<p>Un d\u00e9compilateur est un programme informatique qui prend un fichier ex\u00e9cutable en entr\u00e9e et tente de cr\u00e9er un fichier source de haut niveau qui peut \u00eatre recompil\u00e9 avec succ\u00e8s. C&rsquo;est donc l&rsquo;inverse d&rsquo;un compilateur, qui prend un fichier source et en fait un ex\u00e9cutable. <\/p>\n\n\n\n<p><strong>D\u00e9compilateur g\u00e9n\u00e9rique<\/strong><\/p>\n\n\n\n<ul>\n<li><strong><a href=\"https:\/\/www.hex-rays.com\/products\/decompiler\/\" target=\"_blank\" rel=\"noreferrer noopener\">HexRay<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/retdec.com\/decompilation\/\" target=\"_blank\" rel=\"noreferrer noopener\">RetDec<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"http:\/\/boomerang.sourceforge.net\/\" target=\"_blank\" rel=\"noreferrer noopener\">Boomerang<\/a><\/strong><\/li>\n<\/ul>\n\n\n\n<p><strong>D\u00e9compilateur Java<\/strong><\/p>\n\n\n\n<ul>\n<li><strong><a href=\"https:\/\/bitbucket.org\/mstrobel\/procyon\/wiki\/Java%20Decompiler\" target=\"_blank\" rel=\"noreferrer noopener\">Procyon<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"http:\/\/jd.benow.ca\/\" target=\"_blank\" rel=\"noreferrer noopener\">JD-GUI<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/varaneckas.com\/jad\/\" target=\"_blank\" rel=\"noreferrer noopener\">JAD<\/a><\/strong><\/li>\n<\/ul>\n\n\n\n<p><strong>D\u00e9compilateur .NET<\/strong><\/p>\n\n\n\n<ul>\n<li><strong><a href=\"http:\/\/www.telerik.com\/products\/decompiler.aspx\" target=\"_blank\" rel=\"noreferrer noopener\">JustDecompile<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/www.jetbrains.com\/decompiler\/\" target=\"_blank\" rel=\"noreferrer noopener\">dotPeek<\/a><\/strong><\/li>\n<\/ul>\n\n\n\n<p><strong>D\u00e9compilateur Delphi<\/strong><\/p>\n\n\n\n<ul>\n<li><strong><a href=\"http:\/\/kpnc.org\/idr32\/en\/\" target=\"_blank\" rel=\"noreferrer noopener\">IDR<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"http:\/\/www.ggoossen.net\/revendepro\/\" target=\"_blank\" rel=\"noreferrer noopener\">Revendepro<\/a><\/strong><\/li>\n<\/ul>\n\n\n\n<p><strong>D\u00e9compilateur Python<\/strong><\/p>\n\n\n\n<ul>\n<li><strong><a href=\"https:\/\/github.com\/rocky\/python-uncompyle6\/\" target=\"_blank\" rel=\"noreferrer noopener\">Uncompyle6<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/github.com\/zrax\/pycdc\" target=\"_blank\" rel=\"noreferrer noopener\">Decompyle++<\/a><\/strong><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-bytecode-analysis\"><strong>Analyse de bytecode<\/strong><\/h2>\n\n\n\n<p>Outils d&rsquo;analyse de bytecode<\/p>\n\n\n\n<ul>\n<li><strong><a href=\"https:\/\/github.com\/0xd4d\/dnSpy\" target=\"_blank\" rel=\"noreferrer noopener\">dnSpy<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/bytecodeviewer.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">Bytecode Viewer<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"http:\/\/www.drgarbage.com\/bytecode-visualizer\/\" target=\"_blank\" rel=\"noreferrer noopener\">Bytecode Visualizer<\/a><\/strong><\/li>\n\n\n\n<li><a href=\"https:\/\/www.free-decompiler.com\/flash\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>JPEXS Flash Decompiler<\/strong><\/a><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-malware-analysis-tools-for-reconstruction\"><strong>Outils d&rsquo;analyse des logiciels malveillants pour la reconstruction<\/strong><\/h2>\n\n\n\n<p>Outils de reconstruction d&rsquo;importation<\/p>\n\n\n\n<ul>\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/www.aldeid.com\/wiki\/ImpREC%3C\/a%3E%3C\/strong%3E%3C\/li%3E+%3Cli%3E%3Cstrong%3E%3Ca+href%3D\" target=\"_blank\" rel=\"noreferrer noopener\">Scylla<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/www.aldeid.com\/wiki\/ImpREC%3C\/a%3E%3C\/strong%3E%3C\/li%3E+%3C\/ul%3E+%3C\/article%3E+%3C\/div%3E+%3C\/div%3E+%3C\/div%3E+%3C\/div%3E+%3C\/div%3E+%3C\/div%3E+%3C\/div%3E+%3Ch2%3E%3Cstrong%3EOnline+Scanners+and+Sandboxes%3C\/strong%3E%3C\/h2%3E+%3Cp%3EFollowing+Tools+are+using+for+Web-based+multi-AV+scanners,+and+malware+sandboxes+for+automated+analysis.%3C\/p%3E+%3Cul%3E+%3Cli%3E%3Ca+href%3D\" target=\"_blank\" rel=\"noreferrer noopener\">anlyz.io<\/a> &nbsp;\u2013 Bac \u00e0 sable en ligne.<\/strong><\/li>\n<\/ul>\n\n\n\n<ul>\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/andrototal.org\/\" target=\"_blank\" rel=\"noreferrer noopener\">AndroTotal<\/a><\/strong> &nbsp;&#8211; Analyse en ligne gratuite des APK par rapport \u00e0 plusieurs applications antivirus mobiles.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/avcaesar.malware.lu\/\" target=\"_blank\" rel=\"noreferrer noopener\">AVCaesar<\/a><\/strong> &nbsp;\u2013 Scanner en ligne Malware.lu et r\u00e9f\u00e9rentiel de logiciels malveillants.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/www.cryptam.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">Cryptam<\/a><\/strong> &nbsp;\u2013 Analysez les documents de bureau suspects.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/cuckoosandbox.org\/\" target=\"_blank\" rel=\"noreferrer noopener\">Cuckoo Sandbox<\/a><\/strong> &nbsp;&#8211; Open source, bac \u00e0 sable auto-h\u00e9berg\u00e9 et syst\u00e8me d&rsquo;analyse automatis\u00e9.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/brad-accuvant\/cuckoo-modified\" target=\"_blank\" rel=\"noreferrer noopener\">cuckoo-modified<\/a>&nbsp;<\/strong> &#8211; Version modifi\u00e9e de Cuckoo Sandbox publi\u00e9e sous licence GPL. Non fusionn\u00e9 en amont en raison de probl\u00e8mes juridiques de l&rsquo;auteur.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/keithjjones\/cuckoo-modified-api\" target=\"_blank\" rel=\"noreferrer noopener\">coucou-modifi\u00e9-api<\/a>&nbsp;<\/strong> &#8211; Une API Python utilis\u00e9e pour contr\u00f4ler un bac \u00e0 sable modifi\u00e9 par coucou.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/www.deepviz.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">DeepViz<\/a> &nbsp;&#8211;<\/strong> Analyseur de fichiers multiformat avec classification d&rsquo;apprentissage automatique.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/detuxsandbox\/detux\/\" target=\"_blank\" rel=\"noreferrer noopener\">detux<\/a>&nbsp;<\/strong> &#8211; Un bac \u00e0 sable d\u00e9velopp\u00e9 pour effectuer une analyse du trafic des logiciels malveillants Linux et capturer les IOC.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/tklengyel\/drakvuf\" target=\"_blank\" rel=\"noreferrer noopener\">DRAKVUF<\/a>&nbsp;<\/strong> \u2013 Syst\u00e8me d&rsquo;analyse dynamique des logiciels malveillants.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/firmware.re\/\" target=\"_blank\" rel=\"noreferrer noopener\">firmware.re<\/a>&nbsp;<\/strong> &#8211; D\u00e9balle, scanne et analyse presque tous les packages de firmware.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/Tencent\/HaboMalHunter\" target=\"_blank\" rel=\"noreferrer noopener\">HaboMalHunter<\/a>&nbsp;<\/strong> &#8211; Un outil d&rsquo;analyse automatis\u00e9e des logiciels malveillants pour les fichiers Linux ELF.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/www.hybrid-analysis.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">Analyse hybride<\/a>&nbsp;<\/strong> &#8211; Outil d&rsquo;analyse de logiciels malveillants en ligne, optimis\u00e9 par VxSandbox.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/irma.quarkslab.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">IRMA<\/a>&nbsp;<\/strong> \u2013 Une plateforme d&rsquo;analyse asynchrone et personnalisable des fichiers suspects.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/www.joesecurity.org\/\" target=\"_blank\" rel=\"noreferrer noopener\">Joe Sandbox<\/a> &nbsp;&#8211;<\/strong> Analyse approfondie des logiciels malveillants avec Joe Sandbox.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/virusscan.jotti.org\/en\" target=\"_blank\" rel=\"noreferrer noopener\">Jotti<\/a> &nbsp;\u2013<\/strong> Scanner multi-AV en ligne gratuit.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/monnappa22\/Limon\" target=\"_blank\" rel=\"noreferrer noopener\">Limon<\/a> &nbsp;&#8211;<\/strong> Sandbox pour l&rsquo;analyse des logiciels malveillants Linux.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/rieck\/malheur\" target=\"_blank\" rel=\"noreferrer noopener\">Malheur<\/a> &nbsp;\u2013<\/strong> Analyse automatique en bac \u00e0 sable du comportement des logiciels malveillants.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/diogo-fernan\/malsub\" target=\"_blank\" rel=\"noreferrer noopener\">malsub<\/a> &nbsp;&#8211;<\/strong> Un framework d&rsquo;API Python RESTful pour les services d&rsquo;analyse de logiciels malveillants et d&rsquo;URL en ligne.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/malwareconfig.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">Configuration des logiciels malveillants<\/a> &nbsp;&#8211;<\/strong> Extrayez, d\u00e9codez et affichez en ligne les param\u00e8tres de configuration des logiciels malveillants courants.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/malwr.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">Malwr<\/a>&nbsp;<\/strong> &#8211; Analyse gratuite avec une instance Cuckoo Sandbox en ligne.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/mastiff-online.korelogic.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">MASTIFF Online<\/a>&nbsp;<\/strong> \u2013 Analyse statique en ligne des logiciels malveillants.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/www.metadefender.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">Metadefender.com<\/a><\/strong> &nbsp;&#8211; Analysez un fichier, un hachage ou une adresse IP \u00e0 la recherche de logiciels malveillants (gratuit).<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/www.networktotal.com\/index.html\" target=\"_blank\" rel=\"noreferrer noopener\">NetworkTotal<\/a> &nbsp;&#8211;<\/strong> Un service qui analyse les fichiers pcap et facilite la d\u00e9tection rapide des virus, vers, chevaux de Troie et toutes sortes de logiciels malveillants \u00e0 l&rsquo;aide de Suricata configur\u00e9 avec EmergingThreats Pro.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/Rurik\/Noriben\" target=\"_blank\" rel=\"noreferrer noopener\">Noriben<\/a> &nbsp;\u2013<\/strong> Utilise Sysinternals Procmon pour collecter des informations sur les logiciels malveillants dans un environnement en bac \u00e0 sable.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/www.pdfexaminer.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">PDF Examiner<\/a> &nbsp;&#8211;<\/strong> Analysez les fichiers PDF suspects.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/www.procdot.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">ProcDot<\/a>&nbsp;<\/strong> &#8211; Un kit d&rsquo;outils d&rsquo;analyse graphique des logiciels malveillants.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/secretsquirrel\/recomposer\" target=\"_blank\" rel=\"noreferrer noopener\">Recomposer<\/a> &nbsp;&#8211;<\/strong> Un script d&rsquo;assistance pour t\u00e9l\u00e9charger en toute s\u00e9curit\u00e9 des fichiers binaires sur des sites sandbox.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/sanddroid.xjtu.edu.cn\/\" target=\"_blank\" rel=\"noreferrer noopener\">Sand droid<\/a>&nbsp;<\/strong> &#8211; Syst\u00e8me d&rsquo;analyse d&rsquo;applications Android automatique et complet.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/F-Secure\/see\" target=\"_blank\" rel=\"noreferrer noopener\">SEE<\/a><\/strong> &nbsp;&#8211; Sandboxed Execution Environment (SEE) est un cadre pour l&rsquo;automatisation des tests de construction dans des environnements s\u00e9curis\u00e9s.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/www.virustotal.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">VirusTotal<\/a> &nbsp;&#8211;<\/strong> Analyse en ligne gratuite d&rsquo;\u00e9chantillons de logiciels malveillants et d&rsquo;URL<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/keithjjones\/visualize_logs\" target=\"_blank\" rel=\"noreferrer noopener\">Visualize_Logs<\/a>&nbsp;<\/strong> \u2013 Biblioth\u00e8que de visualisation open source et outils de ligne de commande pour les journaux. (Coucou, Procmon, d&rsquo;autres \u00e0 venir&#8230;)<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/zeltser.com\/automated-malware-analysis\/\" target=\"_blank\" rel=\"noreferrer noopener\">Liste de Zeltser<\/a> &nbsp;&#8211;<\/strong> Bacs \u00e0 sable et services automatis\u00e9s gratuits, compil\u00e9s par Lenny Zeltser.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-document-analysis-1\"><strong>Analyse de documents<\/strong><\/h2>\n\n\n\n<p>Outils d&rsquo;analyse de documents<\/p>\n\n\n\n<ul>\n<li><strong><a href=\"http:\/\/www.decalage.info\/python\/oletools\" target=\"_blank\" rel=\"noreferrer noopener\">Ole Tools<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"http:\/\/blog.didierstevens.com\/programs\/pdf-tools\/\" target=\"_blank\" rel=\"noreferrer noopener\">Didier\u2019s PDF Tools<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/github.com\/cogent\/origami-pdf\" target=\"_blank\" rel=\"noreferrer noopener\">Origami<\/a><\/strong><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-scripting\"><strong>Scripting<\/strong><\/h2>\n\n\n\n<ul>\n<li><strong><a href=\"https:\/\/github.com\/idapython\/src\" target=\"_blank\" rel=\"noreferrer noopener\">IDA Python Src<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/www.hex-rays.com\/products\/ida\/support\/idadoc\/162.shtml\" target=\"_blank\" rel=\"noreferrer noopener\">IDC Functions Doc<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"http:\/\/researchcenter.paloaltonetworks.com\/tag\/idapython\/\" target=\"_blank\" rel=\"noreferrer noopener\">Using IDAPython to Make your Life Easier<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/tuts4you.com\/download.php?view.3229\" target=\"_blank\" rel=\"noreferrer noopener\">Introduction to IDA Python<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/leanpub.com\/IDAPython-Book\">The Beginner\u2019s Guide to IDA Python<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/www.hex-rays.com\/contests\/\" target=\"_blank\" rel=\"noreferrer noopener\">IDA Plugin Contest<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/github.com\/onethawt\/idaplugins-list\" target=\"_blank\" rel=\"noreferrer noopener\">onehawt IDA Plugin List<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/github.com\/erocarrera\/pefile\" target=\"_blank\" rel=\"noreferrer noopener\">pefile Python Libray<\/a><\/strong><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-android\"><strong>Android<\/strong><\/h2>\n\n\n\n<p>Outils Android<\/p>\n\n\n\n<ul>\n<li><strong><a href=\"http:\/\/developer.android.com\/sdk\/index.html\" target=\"_blank\" rel=\"noreferrer noopener\">Android Developer Studio<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/github.com\/androguard\/androguard\/\" target=\"_blank\" rel=\"noreferrer noopener\">AndroGuard<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"http:\/\/ibotpeaches.github.io\/Apktool\/\" target=\"_blank\" rel=\"noreferrer noopener\">APKtool<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/github.com\/pxb1988\/dex2jar\">dex2jar<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/bytecodeviewer.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">Bytecode Viewer<\/a><\/strong><\/li>\n\n\n\n<li><a href=\"https:\/\/www.hex-rays.com\/products\/ida\/index.shtml\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>IDA Pro<\/strong><\/a><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-yara\"><strong>Yara<\/strong><\/h2>\n\n\n\n<p>Ressources Yara<\/p>\n\n\n\n<ul>\n<li><strong><a href=\"http:\/\/yara.readthedocs.org\/en\/v3.4.0\/writingrules.html\" target=\"_blank\" rel=\"noreferrer noopener\">Yara docs<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/gist.github.com\/0xtyh\/eeabc765e9befad9b80a\" target=\"_blank\" rel=\"noreferrer noopener\">Cheatsheet<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/github.com\/Neo23x0\/yarGen\" target=\"_blank\" rel=\"noreferrer noopener\">yarGen<\/a><\/strong><\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/xathrya\/awesome-list\/blob\/master\/Users\/thalfpop\/Downloads\/first_2014_-_schuster-_andreas_-_yara_basic_and_advanced_20140619.pdf\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Yara First Presentation<\/strong><\/a><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-memory-forensics-malware-analysis-tools\"><strong>Outils d&rsquo;analyse des logiciels malveillants Memory Forensics&nbsp;<\/strong><\/h2>\n\n\n\n<p><em>Outils pour diss\u00e9quer les logiciels malveillants dans les images m\u00e9moire ou les syst\u00e8mes en cours d&rsquo;ex\u00e9cution.<\/em><\/p>\n\n\n\n<ul>\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/www.blackbagtech.com\/blacklight.html\" target=\"_blank\" rel=\"noreferrer noopener\">BlackLight<\/a><\/strong> &#8211; Client d&rsquo;investigation Windows \/ MacOS prenant en charge hiberfil, pagefile, analyse de la m\u00e9moire brute.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/504ensicsLabs\/DAMM\" target=\"_blank\" rel=\"noreferrer noopener\">DAMM<\/a><\/strong> &#8211; Analyse diff\u00e9rentielle des logiciels malveillants en m\u00e9moire, bas\u00e9e sur la volatilit\u00e9.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/JamesHabben\/evolve\" target=\"_blank\" rel=\"noreferrer noopener\">\u00e9voluer<\/a> &#8211;<\/strong> Interface Web pour le cadre d&rsquo;investigation de la m\u00e9moire volatile.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/jessekornblum.livejournal.com\/269749.html\" target=\"_blank\" rel=\"noreferrer noopener\">FindAES<\/a><\/strong> \u2013 Trouve les cl\u00e9s de cryptage AES en m\u00e9moire.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/ShaneK2\/inVtero.net\" target=\"_blank\" rel=\"noreferrer noopener\">inVtero.net<\/a><\/strong> &#8211; Le framework d&rsquo;analyse de m\u00e9moire haute vitesse d\u00e9velopp\u00e9 en .NET prend en charge tous les Windows x64, inclut l&rsquo;int\u00e9grit\u00e9 du code et la prise en charge de l&rsquo;\u00e9criture.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/ytisf\/muninn\" target=\"_blank\" rel=\"noreferrer noopener\">Muninn<\/a><\/strong> &#8211; Un script pour automatiser des parties d&rsquo;analyse \u00e0 l&rsquo;aide de Volatility et cr\u00e9er un rapport lisible.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/www.rekall-forensic.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">Rekall<\/a><\/strong> &#8211; Cadre d&rsquo;analyse de la m\u00e9moire, d\u00e9riv\u00e9 de Volatility en 2013.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/sketchymoose\/TotalRecall\" target=\"_blank\" rel=\"noreferrer noopener\">TotalRecall<\/a><\/strong> &#8211; Script bas\u00e9 sur la volatilit\u00e9 pour automatiser diverses t\u00e2ches d&rsquo;analyse de logiciels malveillants.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/aim4r\/VolDiff\" target=\"_blank\" rel=\"noreferrer noopener\">VolDiff<\/a><\/strong> &#8211; Ex\u00e9cutez Volatility sur les images m\u00e9moire avant et apr\u00e8s l&rsquo;ex\u00e9cution des logiciels malveillants et signalez les modifications.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/volatilityfoundation\/volatility\" target=\"_blank\" rel=\"noreferrer noopener\">Volatilit\u00e9<\/a><\/strong> &#8211; Cadre avanc\u00e9 d&rsquo;investigation de la m\u00e9moire.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/kevthehermit\/VolUtility\" target=\"_blank\" rel=\"noreferrer noopener\">VolUtility<\/a> &#8211;<\/strong> Interface Web pour le cadre d&rsquo;analyse de la m\u00e9moire de volatilit\u00e9.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/swwwolf\/wdbgark\" target=\"_blank\" rel=\"noreferrer noopener\">WDBGARK<\/a><\/strong> \u2013 Extension anti-rootkit WinDBG.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/developer.microsoft.com\/en-us\/windows\/hardware\/windows-driver-kit\" target=\"_blank\" rel=\"noreferrer noopener\">WinDbg<\/a><\/strong> &#8211; Inspection de la m\u00e9moire en direct et d\u00e9bogage du noyau pour les syst\u00e8mes Windows.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-windows-artifacts\"><strong>Artefacts Windows<\/strong><\/h2>\n\n\n\n<ul>\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/OMENScan\/AChoir\" target=\"_blank\" rel=\"noreferrer noopener\">ACoir<\/a> &#8211;<\/strong> Un script de r\u00e9ponse aux incidents en direct pour rassembler les artefacts Windows.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/williballenthin\/python-evt\" target=\"_blank\" rel=\"noreferrer noopener\">python-evt<\/a><\/strong> &#8211; Biblioth\u00e8que Python pour l&rsquo;analyse des journaux d&rsquo;\u00e9v\u00e9nements Windows.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/www.williballenthin.com\/registry\/\" target=\"_blank\" rel=\"noreferrer noopener\">python-registry<\/a><\/strong> &#8211; Biblioth\u00e8que Python pour l&rsquo;analyse des fichiers de registre.<\/li>\n\n\n\n<li><strong>RegRipper ( <a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/keydet89\/RegRipper2.8\" target=\"_blank\" rel=\"noreferrer noopener\">GitHub<\/a> )<\/strong> &#8211; Outil d&rsquo;analyse de registre bas\u00e9 sur un plugin.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-storage-and-workflow\"><strong>Stockage et flux de travail<\/strong><\/h2>\n\n\n\n<ul>\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/merces\/aleph\" target=\"_blank\" rel=\"noreferrer noopener\">Aleph<\/a><\/strong> &#8211; Syst\u00e8me de pipeline d&rsquo;analyse de logiciels malveillants open source.<\/li>\n\n\n\n<li><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/crits.github.io\/\" target=\"_blank\" rel=\"noreferrer noopener\">CRIT <strong>s<\/strong><\/a> &#8211; Collaborative Research Into Threats, un r\u00e9f\u00e9rentiel de logiciels malveillants et de menaces.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/certsocietegenerale.github.io\/fame\/\" target=\"_blank\" rel=\"noreferrer noopener\">FAME<\/a><\/strong> &#8211; Un cadre d&rsquo;analyse des logiciels malveillants comprenant un pipeline qui peut \u00eatre \u00e9tendu avec des modules personnalis\u00e9s, qui peuvent \u00eatre cha\u00een\u00e9s et interagir les uns avec les autres pour effectuer une analyse de bout en bout.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/sroberts\/malwarehouse\" target=\"_blank\" rel=\"noreferrer noopener\">Malwarehouse<\/a><\/strong> \u2013 Stockez, \u00e9tiquetez et recherchez les logiciels malveillants.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/ANSSI-FR\/polichombr\" target=\"_blank\" rel=\"noreferrer noopener\">Polichombr<\/a><\/strong> &#8211; Une plate-forme d&rsquo;analyse de logiciels malveillants con\u00e7ue pour aider les analystes \u00e0 inverser les logiciels malveillants de mani\u00e8re collaborative.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/stoq.punchcyber.com\" target=\"_blank\" rel=\"noreferrer noopener\">stoQ<\/a><\/strong> &#8211; Cadre d&rsquo;analyse de contenu distribu\u00e9 avec prise en charge \u00e9tendue des plugins, de l&rsquo;entr\u00e9e \u00e0 la sortie, et tout le reste.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/viper.li\/\" target=\"_blank\" rel=\"noreferrer noopener\">Viper<\/a><\/strong> &#8211; Un cadre de gestion et d&rsquo;analyse binaire pour les analystes et les chercheurs.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-malware-samples\"><strong>\u00c9chantillons de logiciels malveillants<\/strong><\/h2>\n\n\n\n<p>\u00c9chantillons de logiciels malveillants collect\u00e9s pour analyse.<\/p>\n\n\n\n<ul>\n<li><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/support.clean-mx.de\/clean-mx\/viruses.php\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Clean MX<\/strong><\/a> &nbsp;\u2013 Base de donn\u00e9es en temps r\u00e9el des logiciels malveillants et des domaines malveillants.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/contagiodump.blogspot.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">Contagio<\/a><\/strong> &nbsp;&#8211; Une collection d&rsquo;\u00e9chantillons et d&rsquo;analyses de logiciels malveillants r\u00e9cents.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/www.exploit-db.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">Base de donn\u00e9es d&rsquo;exploit<\/a><\/strong> &nbsp;&#8211; \u00c9chantillons d&rsquo;exploit et de shellcode.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/malshare.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">Malshare<\/a> &nbsp;\u2013<\/strong> Vaste r\u00e9f\u00e9rentiel de logiciels malveillants activement \u00e9limin\u00e9 des sites malveillants.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/malwaredb.malekal.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">MalwareDB<\/a>&nbsp;<\/strong> &#8211; R\u00e9f\u00e9rentiel d&rsquo;\u00e9chantillons de logiciels malveillants.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/openmalware.org\/\" target=\"_blank\" rel=\"noreferrer noopener\">Open Malware Project<\/a><\/strong> &nbsp;\u2013 Exemples d&rsquo;informations et de t\u00e9l\u00e9chargements. Anciennement informatique offensive.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/robbyFux\/Ragpicker\" target=\"_blank\" rel=\"noreferrer noopener\">Ragpicker<\/a>&nbsp;<\/strong> &#8211; Crawler de logiciels malveillants bas\u00e9 sur un plug-in avec des fonctionnalit\u00e9s de pr\u00e9-analyse et de rapport<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/ytisf\/theZoo\" target=\"_blank\" rel=\"noreferrer noopener\">theZoo<\/a>&nbsp;<\/strong> \u2013 \u00c9chantillons de logiciels malveillants en direct pour les analystes.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/tracker.h3x.eu\/\" target=\"_blank\" rel=\"noreferrer noopener\">Tracker h3x<\/a><\/strong> &nbsp;&#8211; Agr\u00e9gateur pour traqueur de corpus de logiciels malveillants et sites de t\u00e9l\u00e9chargement malveillants.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/www.virussign.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">ViruSign<\/a>&nbsp;<\/strong> &#8211; Base de donn\u00e9es de logiciels malveillants d\u00e9tect\u00e9e par de nombreux programmes anti-malware, \u00e0 l&rsquo;exception de ClamAV.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/virusshare.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">VirusShare<\/a><\/strong> &nbsp;\u2013 R\u00e9f\u00e9rentiel de logiciels malveillants, inscription requise.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/vxvault.net\/\">VX Vault<\/a>&nbsp;<\/strong> &#8211; Collection active d&rsquo;\u00e9chantillons de logiciels malveillants.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/zeltser.com\/malware-sample-sources\/\" target=\"_blank\" rel=\"noreferrer noopener\">Sources de Zeltser<\/a> &nbsp;&#8211;<\/strong> Une liste de sources d&rsquo;\u00e9chantillons de logiciels malveillants rassembl\u00e9e par Lenny Zeltser.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/Visgean\/Zeus\" target=\"_blank\" rel=\"noreferrer noopener\">Code source Zeus<\/a>&nbsp;<\/strong> &#8211; La source du cheval de Troie Zeus a fui en 2011.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-domain-malware-analysis-tools\"><strong>Outils d&rsquo;analyse des logiciels malveillants de domaine<\/strong><\/h2>\n\n\n\n<p>Inspectez les domaines et les adresses IP.<\/p>\n\n\n\n<ul>\n<li><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/www.badips.com\/\"><strong>badips.com<\/strong><\/a> &nbsp;&#8211; Service de liste noire IP bas\u00e9 sur la communaut\u00e9.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/EmersonElectricCo\/boomerang\">boomerang<\/a>&nbsp;<\/strong> &#8211; Un outil con\u00e7u pour une capture coh\u00e9rente et s\u00fbre des ressources Web hors r\u00e9seau.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/cymon.io\/\">Cymon<\/a><\/strong> &nbsp;\u2013 Traqueur de renseignements sur les menaces, avec recherche IP\/domaine\/hachage.<\/li>\n\n\n\n<li><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/desenmascara.me\/\"><strong>Desenmascara.me<\/strong><\/a> &#8211; Outil en un clic pour r\u00e9cup\u00e9rer autant de m\u00e9tadonn\u00e9es que possible pour un site Web et \u00e9valuer sa bonne r\u00e9putation.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/networking.ringofsaturn.com\/\">Dig<\/a>&nbsp;<\/strong> &#8211; Recherche en ligne gratuite et autres outils de r\u00e9seau.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/elceef\/dnstwist\">dnstwist<\/a>&nbsp;<\/strong> &#8211; Moteur de permutation de noms de domaine pour d\u00e9tecter les fautes de frappe, le phishing et l&rsquo;espionnage d&rsquo;entreprise.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/hiddenillusion\/IPinfo\">IPinfo<\/a>&nbsp;<\/strong> \u2013 Rassemblez des informations sur une adresse IP ou un domaine en recherchant des ressources en ligne.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/hurricanelabs\/machinae\">Machinae<\/a><\/strong> &nbsp;&#8211; Outil OSINT pour collecter des informations sur les URL, les adresses IP ou les hachages. Similaire \u00e0 Automator.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/FGRibreau\/mailchecker\">mailchecker<\/a>&nbsp;<\/strong> &#8211; Biblioth\u00e8que de d\u00e9tection de courrier \u00e9lectronique temporaire multilingue.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/michael-yip\/MaltegoVT\">MaltegoVT<\/a>&nbsp;<\/strong> \u2013 Transformation Maltego pour l&rsquo;API VirusTotal. Permet la recherche de domaine\/IP et la recherche de hachages de fichiers et de rapports d&rsquo;analyse.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/multirbl.valli.org\/\">Multi rbl<\/a><\/strong> &nbsp;&#8211; Liste noire DNS multiple et recherche DNS invers\u00e9e confirm\u00e9e sur plus de 300 RBL.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/services.normshield.com\/\">Services NormShield<\/a><\/strong> &nbsp;&#8211; Services API gratuits pour d\u00e9tecter d&rsquo;\u00e9ventuels domaines de phishing, des adresses IP sur liste noire et des comptes pirat\u00e9s.<\/li>\n\n\n\n<li><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/www.spamcop.net\/bl.shtml\"><strong>SpamCop<\/strong><\/a> &nbsp;&#8211; Liste de blocage des spams bas\u00e9e sur IP.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/www.spamhaus.org\/lookup\/\" target=\"_blank\" rel=\"noreferrer noopener\">SpamHaus<\/a><\/strong> &nbsp;&#8211; Liste de blocage bas\u00e9e sur les domaines et les adresses IP.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/sitecheck.sucuri.net\/\" target=\"_blank\" rel=\"noreferrer noopener\">Sucuri SiteCheck<\/a>&nbsp;<\/strong> &#8211; Scanner gratuit de logiciels malveillants et de s\u00e9curit\u00e9 pour sites Web.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/talosintelligence.com\/\">Talos Intelligence<\/a>&nbsp;<\/strong> \u2013 Recherchez le propri\u00e9taire de l&rsquo;adresse IP, du domaine ou du r\u00e9seau. (Auparavant SenderBase.)<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/www.tekdefense.com\/automater\/\">TekDefense Automater<\/a><\/strong> &nbsp;&#8211; Outil OSINT pour collecter des informations sur les URL, les adresses IP ou les hachages.<\/li>\n\n\n\n<li><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/urlquery.net\/\"><strong>URLQuery<\/strong><\/a> &nbsp;&#8211; Scanner d&rsquo;URL gratuit.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/whois.domaintools.com\/\">Whois<\/a> &nbsp;\u2013<\/strong> Recherche whois en ligne gratuite de DomainTools.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/zeltser.com\/lookup-malicious-websites\/\">Liste de Zeltser<\/a>&nbsp;<\/strong> &#8211; Outils en ligne gratuits pour rechercher des sites Web malveillants, compil\u00e9s par Lenny Zeltser.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/zulu.zscaler.com\/%23\">ZScalar Zulu<\/a><\/strong> \u00a0&#8211; Analyseur de risque d&rsquo;URL Zulu.<\/li>\n<\/ul>\n\n\n\n<p><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/www.gnu.org\/software\/ddd\/\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-documents-and-shellcode\"><strong>Documents et Shellcode<\/strong><\/h2>\n\n\n\n<p>Analysez les JS et shellcodes malveillants \u00e0 partir de PDF et de documents Office. Voir \u00e9galement la section sur les logiciels malveillants du navigateur.<\/p>\n\n\n\n<ul>\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/hiddenillusion\/AnalyzePDF\">AnalyzePDF<\/a><\/strong> &#8211; Un outil pour analyser les fichiers PDF et tenter de d\u00e9terminer s&rsquo;ils sont malveillants.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/CapacitorSet\/box-js\">box-js<\/a><\/strong> &#8211; Un outil pour \u00e9tudier les logiciels malveillants JavaScript, avec prise en charge JScript\/WScript et \u00e9mulation ActiveX.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/www.ragestorm.net\/distorm\/\">diStorm<\/a><\/strong> &#8211; D\u00e9sassembleur pour analyser le shellcode malveillant.<\/li>\n\n\n\n<li><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/jsbeautifier.org\/\"><strong>JS Beautifier<\/strong><\/a> &#8211; D\u00e9ballage et d\u00e9sobscurcissement de JavaScript.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/www.kahusecurity.com\/2015\/new-javascript-deobfuscator-tool\/\">JS Deobfuscator<\/a><\/strong> &#8211; D\u00e9sobscurcissez le Javascript simple qui utilise eval ou document.write pour dissimuler son code.<\/li>\n\n\n\n<li><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/libemu.carnivore.it\/\"><strong>libemu<\/strong><\/a> &#8211; Biblioth\u00e8que et outils pour l&rsquo;\u00e9mulation de shellcode x86.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/9b\/malpdfobj\">malpdfobj<\/a><\/strong> \u2013 D\u00e9construit les fichiers PDF malveillants en une repr\u00e9sentation JSON.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/www.reconstructer.org\/code.html\">OfficeMalScanner<\/a><\/strong> &#8211; Analysez les traces malveillantes dans les documents MS Office.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/www.decalage.info\/python\/olevba\">olevba<\/a> &#8211;<\/strong> Un script pour analyser les documents OLE et OpenXML et extraire des informations utiles.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/code.google.com\/archive\/p\/origami-pdf\">Origami PDF<\/a><\/strong> &#8211; Un outil pour analyser les PDF malveillants, et plus encore.<\/li>\n\n\n\n<li><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/blog.didierstevens.com\/programs\/pdf-tools\/\"><strong>Outils PDF<\/strong><\/a> &#8211; pdfid, pdf-parser, et plus de Didier Stevens.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/9b\/pdfxray_lite\">PDF X-Ray Lite<\/a><\/strong> &#8211; Un outil d&rsquo;analyse PDF, la version sans backend de PDF X-RAY.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/eternal-todo.com\/tools\/peepdf-pdf-analysis-tool\">peepdf<\/a> &#8211;<\/strong> Outil Python pour explorer des fichiers PDF potentiellement malveillants.<\/li>\n\n\n\n<li><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/www.quicksand.io\/\"><strong>QuickSand<\/strong><\/a> &#8211; QuickSand est un framework C compact pour analyser les documents suspects de logiciels malveillants afin d&rsquo;identifier les exploits dans les flux de diff\u00e9rents encodages et pour localiser et extraire les ex\u00e9cutables int\u00e9gr\u00e9s.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/developer.mozilla.org\/en-US\/docs\/Mozilla\/Projects\/SpiderMonkey\">Spidermonkey<\/a><\/strong> &#8211; Le moteur JavaScript de Mozilla, pour le d\u00e9bogage de JS malveillants.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-practice-malware-analysis-tools\"><strong>Outils d&rsquo;analyse des logiciels malveillants&nbsp;<\/strong><\/h2>\n\n\n\n<p>Pratiquer l&rsquo;ing\u00e9nierie inverse. Soyez prudent avec les logiciels malveillants.<\/p>\n\n\n\n<ul>\n<li><strong><a href=\"http:\/\/www.crackmes.de\/\" target=\"_blank\" rel=\"noreferrer noopener\">Crackmes.de<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/reverse.put.as\/crackmes\/\" target=\"_blank\" rel=\"noreferrer noopener\">OSX Crackmes<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"http:\/\/www.joineset.com\/jobs-analyst.html\" target=\"_blank\" rel=\"noreferrer noopener\">ESET Challenges<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"http:\/\/flare-on.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">Flare-on Challenges<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"http:\/\/github.com\/ctfs\/\">Github CTF Archives<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"http:\/\/challenges.re\/\">Reverse Engineering Challenges<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"http:\/\/www.xorpd.net\/pages\/xchg_rax\/snip_00.html\" target=\"_blank\" rel=\"noreferrer noopener\">xorpd Advanced Assembly Exercises<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"http:\/\/virusshare.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">Virusshare.com<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"http:\/\/contagiodump.blogspot.com\/\">Contagio<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/malware-traffic-analysis.com\/\">Malware-Traffic-Analysis<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"http:\/\/malshare.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">Malshare<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"http:\/\/www.malwareblacklist.com\/showMDL.php\" target=\"_blank\" rel=\"noreferrer noopener\">Malware Blacklist<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/malwr.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">malwr.com<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"http:\/\/vxvault.net\/\" target=\"_blank\" rel=\"noreferrer noopener\">vxvault<\/a><\/strong><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-open-source-threat-intelligence-tool\"><strong>Outil de renseignement sur les menaces open source<\/strong><\/h2>\n\n\n\n<p>R\u00e9coltez et analysez les IOC.<\/p>\n\n\n\n<ul>\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/abusesa\/abusehelper\" target=\"_blank\" rel=\"noreferrer noopener\">AbuseHelper<\/a>&nbsp;<\/strong> &#8211; Un cadre open source pour recevoir et redistribuer des flux d&rsquo;abus et des informations sur les menaces.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/otx.alienvault.com\/\">AlienVault Open Threat Exchange<\/a>&nbsp;<\/strong> \u2013 Partagez et collaborez au d\u00e9veloppement de Threat Intelligence.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/mlsecproject\/combine\" target=\"_blank\" rel=\"noreferrer noopener\">Combiner<\/a> &nbsp;\u2013<\/strong> Outil pour rassembler des indicateurs Threat Intelligence \u00e0 partir de sources accessibles au public.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/keithjjones\/fileintel\" target=\"_blank\" rel=\"noreferrer noopener\">Fileintel<\/a> &nbsp;&#8211;<\/strong> Tirez l&rsquo;intelligence par hachage de fichier.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/keithjjones\/hostintel\" target=\"_blank\" rel=\"noreferrer noopener\">Hostintel<\/a> &nbsp;&#8211;<\/strong> Tirez l&rsquo;intelligence par h\u00f4te.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/www.enisa.europa.eu\/topics\/csirt-cert-services\/community-projects\/incident-handling-automation\">IntelMQ<\/a> &nbsp;&#8211;<\/strong> Un outil pour les CERT pour le traitement des donn\u00e9es d&rsquo;incident \u00e0 l&rsquo;aide d&rsquo;une file d&rsquo;attente de messages.<\/li>\n\n\n\n<li><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/www.fireeye.com\/services\/freeware\/ioc-editor.html\" target=\"_blank\" rel=\"noreferrer noopener\">I <strong>OC Editor<\/strong><\/a> \u2013 Un \u00e9diteur gratuit pour les fichiers XML IOC.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/mandiant\/ioc_writer\" target=\"_blank\" rel=\"noreferrer noopener\">ioc_writer<\/a>&nbsp;<\/strong> &#8211; Biblioth\u00e8que Python pour travailler avec des objets OpenIOC, de Mandiant.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/csirtgadgets\/massive-octo-spice\" target=\"_blank\" rel=\"noreferrer noopener\">Massive Octo Spice<\/a> &nbsp;\u2013<\/strong> Anciennement connu sous le nom de CIF (Collective Intelligence Framework). Regroupe les IOC de diverses listes. Organis\u00e9 par la&nbsp;<a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/csirtgadgets.org\/collective-intelligence-framework\"> Fondation CSIRT Gadgets<\/a> .<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/MISP\/MISP\" target=\"_blank\" rel=\"noreferrer noopener\">MISP<\/a>&nbsp;<\/strong> &#8211; Plate-forme de partage d&rsquo;informations sur les logiciels malveillants organis\u00e9e par&nbsp;<a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/www.misp-project.org\/\"> le projet MISP<\/a> .<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/pulsedive.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">Pulsedive<\/a>&nbsp;<\/strong> \u2013 Plate-forme de renseignements sur les menaces gratuite et communautaire qui collecte les IOC \u00e0 partir de flux open source.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/pidydx\/PyIOCe\" target=\"_blank\" rel=\"noreferrer noopener\">PyIOCe<\/a>&nbsp;<\/strong> &#8211; Un \u00e9diteur Python OpenIOC.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/community.riskiq.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">RiskIQ<\/a> &nbsp;\u2013<\/strong> Recherchez, connectez, marquez et partagez des adresses IP et des domaines. (\u00c9tait PassiveTotal.)<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/jpsenior\/threataggregator\" target=\"_blank\" rel=\"noreferrer noopener\">agr\u00e9gateur de menaces<\/a>&nbsp;<\/strong> \u2013 Regroupe les menaces de s\u00e9curit\u00e9 provenant d&rsquo;un certain nombre de sources, y compris certaines de celles r\u00e9pertori\u00e9es ci-dessous dans&nbsp;<a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/rshipp\/awesome-malware-analysis%23other-resources\"> d&rsquo;autres ressources<\/a> .<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/www.threatcrowd.org\/\" target=\"_blank\" rel=\"noreferrer noopener\">ThreatCrowd<\/a>&nbsp;<\/strong> \u2013 Un moteur de recherche de menaces, avec visualisation graphique.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/michael-yip\/ThreatTracker\" target=\"_blank\" rel=\"noreferrer noopener\">ThreatTracker<\/a>&nbsp;<\/strong> \u2013 Un script Python pour surveiller et g\u00e9n\u00e9rer des alertes bas\u00e9es sur les IOC index\u00e9s par un ensemble de moteurs de recherche personnalis\u00e9s Google.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/mlsecproject\/tiq-test\" target=\"_blank\" rel=\"noreferrer noopener\">TIQ-test<\/a> &nbsp;\u2013<\/strong> Visualisation des donn\u00e9es et analyse statistique des flux Threat Intelligence.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-other-resources\"><strong>Autres ressources<\/strong><\/h2>\n\n\n\n<ul>\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/aptnotes\/data\" target=\"_blank\" rel=\"noreferrer noopener\">Notes APT<\/a> &nbsp;&#8211;<\/strong> Une collection d&rsquo;articles et de notes li\u00e9s aux<a href=\"https:\/\/gbhackers-com.translate.goog\/cyber-threat-intelligence-tools\/?_x_tr_sl=auto&amp;_x_tr_tl=fr&amp;_x_tr_hl=fr\" target=\"_blank\" rel=\"noreferrer noopener\"> menaces persistantes avanc\u00e9es<\/a> .<\/li>\n\n\n\n<li><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/corkami\/pics\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Affiches sur les formats de fichiers<\/strong><\/a> &nbsp;&#8211; Belle visualisation des formats de fichiers couramment utilis\u00e9s (y compris PE et ELF).<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/honeynet.org\/\" target=\"_blank\" rel=\"noreferrer noopener\">Projet Honeynet<\/a> &nbsp;&#8211;<\/strong> Outils, documents et autres ressources Honeypot.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/www.kernelmode.info\/forum\/\" target=\"_blank\" rel=\"noreferrer noopener\">Mode noyau<\/a> &nbsp;&#8211;<\/strong> Une communaut\u00e9 active consacr\u00e9e \u00e0 l&rsquo;analyse des logiciels malveillants et au d\u00e9veloppement du noyau.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/zeltser.com\/malicious-software\/\" target=\"_blank\" rel=\"noreferrer noopener\">Logiciels malveillants<\/a>&nbsp;<\/strong> \u2013 Blog et ressources sur les logiciels malveillants par Lenny Zeltser.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/cse.google.com\/cse\/home?cx%3D011750002002865445766%253Apc60zx1rliu\" target=\"_blank\" rel=\"noreferrer noopener\">Malware Analysis Search<\/a><\/strong> &nbsp;\u2013 Moteur de recherche Google personnalis\u00e9 de&nbsp;<a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/rshipp\/awesome-malware-analysis\/blob\/master\/journeyintoir.blogspot.com\"> Corey Harrell<\/a> .<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/fumalwareanalysis.blogspot.nl\/p\/malware-analysis-tutorials-reverse.html\">Tutoriels d&rsquo;analyse des logiciels malveillants<\/a>&nbsp;<\/strong> &#8211; Les didacticiels d&rsquo;analyse des logiciels malveillants par le Dr Xiang Fu, une excellente ressource pour apprendre l&rsquo;analyse pratique des logiciels malveillants.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/malware-traffic-analysis.net\/\" target=\"_blank\" rel=\"noreferrer noopener\">Malware Samples and Traffic<\/a>&nbsp;<\/strong> \u2013 Ce blog se concentre sur le trafic r\u00e9seau li\u00e9 aux infections par des logiciels malveillants.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/bluesoul.me\/practical-malware-analysis-starter-kit\/\" target=\"_blank\" rel=\"noreferrer noopener\">Kit de d\u00e9marrage d&rsquo;analyse pratique des logiciels malveillants<\/a>&nbsp;<\/strong> &#8211; Ce package contient la plupart des logiciels r\u00e9f\u00e9renc\u00e9s dans le livre Pratique d&rsquo;analyse des logiciels malveillants.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/RPISEC\/Malware\" target=\"_blank\" rel=\"noreferrer noopener\">Analyse des logiciels malveillants RPICEC<\/a> &nbsp;&#8211;<\/strong> Ce sont les supports de cours utilis\u00e9s dans le cours d&rsquo;analyse des logiciels malveillants au Rensselaer Polytechnic Institute \u00e0 l&rsquo;automne 2015.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=http:\/\/windowsir.blogspot.com\/p\/malware.html\" target=\"_blank\" rel=\"noreferrer noopener\">WindowsIR : Malware<\/a>&nbsp;<\/strong> \u2013 Page de Harlan Carvey sur les Malware.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/github.com\/msuhanov\/regf\/blob\/master\/Windows%2520registry%2520file%2520format%2520specification.md\" target=\"_blank\" rel=\"noreferrer noopener\">Sp\u00e9cification du registre Windows<\/a>&nbsp;<\/strong> &#8211; Sp\u00e9cification du format de fichier du registre Windows.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/www.reddit.com\/r\/csirt_tools\/\" target=\"_blank\" rel=\"noreferrer noopener\">\/r\/csirt_tools<\/a>&nbsp;<\/strong> \u2013 Subreddit pour les outils et ressources CSIRT, avec un&nbsp;<strong><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/www.reddit.com\/r\/csirt_tools\/search?q%3Dflair%253A%2522Malware%2520analysis%2522%26sort%3Dnew%26restrict_sr%3Don\"> flair d&rsquo;analyse des logiciels malveillants<\/a><\/strong> &nbsp;.<\/li>\n\n\n\n<li><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/www.reddit.com\/r\/Malware\" target=\"_blank\" rel=\"noreferrer noopener\">\/r\/Mal <strong>ware<\/strong><\/a><strong> &nbsp;\u2013<\/strong> Le sous-reddit des logiciels malveillants.<\/li>\n\n\n\n<li><a href=\"https:\/\/translate.google.com\/website?sl=auto&amp;tl=fr&amp;hl=fr&amp;u=https:\/\/www.reddit.com\/r\/ReverseEngineering\" target=\"_blank\" rel=\"noreferrer noopener\">\/ <strong>r\/ReverseEngineering<\/strong><\/a> \u2013 Subreddit d&rsquo;ing\u00e9nierie inverse, non limit\u00e9 aux logiciels malveillants.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Les outils d&rsquo;analyse des logiciels malveillants sont essentiels pour les professionnels de la s\u00e9curit\u00e9 qui ont toujours besoin d&rsquo;apprendre de nombreux outils, techniques et concepts pour analyser les menaces sophistiqu\u00e9es et les cyberattaques actuelles. L&rsquo;analyse de code malveillant et de logiciels malveillants sophistiqu\u00e9s sans outils d&rsquo;analyse de logiciels malveillants est presque impossible car il existe [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1542,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[55,36],"tags":[82,37],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cycuri.com\/wp-json\/wp\/v2\/posts\/1541"}],"collection":[{"href":"https:\/\/cycuri.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cycuri.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cycuri.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cycuri.com\/wp-json\/wp\/v2\/comments?post=1541"}],"version-history":[{"count":5,"href":"https:\/\/cycuri.com\/wp-json\/wp\/v2\/posts\/1541\/revisions"}],"predecessor-version":[{"id":1549,"href":"https:\/\/cycuri.com\/wp-json\/wp\/v2\/posts\/1541\/revisions\/1549"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cycuri.com\/wp-json\/wp\/v2\/media\/1542"}],"wp:attachment":[{"href":"https:\/\/cycuri.com\/wp-json\/wp\/v2\/media?parent=1541"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cycuri.com\/wp-json\/wp\/v2\/categories?post=1541"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cycuri.com\/wp-json\/wp\/v2\/tags?post=1541"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}