# 0xbc's Basic Malware Analysis Blog Series ## Blog content ### Think Defensive Way #### 0x00. [在開始之前](https://hackmd.io/@0xbc000/HkyfnXsQP) #### 0x01. [Windows Internal Basics & Assembly - 一些基礎](https://hackmd.io/@0xbc000/rJOSAmsmD) * Virtual Space * PE Structure * DLL vs EXE * Registers * Stack * Calling Convention * Assembly #### 0x02. [Building Analysis Environment - 打造自己的Lab](https://hackmd.io/@0xbc000/HJrkhJ37P) * Tools we need and why * Be a lazy guy * Some tools intro #### 0x03. [Static Analysis - 基礎靜態分析](https://hackmd.io/@0xbc000/Hk3ave3QD) * File type * Hashes * String * IOC * PE Analysis - PE Studio * Entropy * IDA UI * IDA Usage * Exercise * Static Analysis Tips * Windows API #### 0x04. [Dynamic Analysis - 基礎動態分析](https://hackmd.io/@0xbc000/rJrWgUnQD) * Sandbox: pros and cons * Intro to handle/thread/process * x64dbg: Debugger UI, memory, bp, step in/out, dump process * Process Hacker/Explorer * Process Monitor * RegShot * Network Simulation * dnSpy * Dynamic Analysis Tips #### 0x05. [Other types of Malware - 其他種類的惡意程式](https://hackmd.io/@0xbc000/BkGYQHp7w) * Office Doc: Macro * PDF * PowerShell --- ### Think Offensive Way #### 0x06. [Advanced topic - Decode encode/encrypt network traffic](https://hackmd.io/@0xbc000/r1b03tpXP) * Why? * XOR * Base64 * RC4 * Windows API #### 0x07. [Advanced topic - Anti-Debug / Anti-Analysis](https://hackmd.io/@0xbc000/SJ5kca6mD) * Why? * Anti-Sandbox * Anti-VM * Anti-Debugger * More Resources #### 0x08. [Advanced topic - Injection techniques](https://hackmd.io/@0xbc000/Hk5HzcR7v) * Why? * DLL Injection * PE Injection * Process Hollowing * Process Doppleganging * Hooking * More Resources --- ### Project #### 0x09. [Sample Analysis - Zero2Automated Sample](https://hackmd.io/@0xbc000/SyTVwVuBP) #### 0x0A. [Shellcode Extraction - ShadowPad shellcode inside xShell](https://hackmd.io/@0xbc000/BJ206thwP) #### 0x0B. [LooCipher APT Ransomware Campaign Analysis](https://hackmd.io/@0xbc000/rJh5MWTdD) #### 0x0C. [Defeat Indirect Call - Anti-Analysis Technique in Darkside Ransomware](https://hackmd.io/@0xbc000/HJgKm9HY_) #### 0x0D. [REvil Ransomware Analysis](https://hackmd.io/@0xbc000/HJrKaPHTO) --- #### 0xff. [後記以及一些參考資料](https://hackmd.io/@0xbc000/B13av6RXD) <br> [-0xbc](https://hackmd.io/@0xbc000) ###### tags: `Malware Analysis` `Reverse Engineering` `tutorials`