├── README.md
└── REbooks
    ├── Art of Assembly Language, The - Hyde, Randall.pdf
    ├── Assembly Language Step-by-Step_ Programming with Linux - Duntemann, Jeff.pdf
    ├── IDA Pro Book_ The Unofficial Guide to the World's Most Popular Disassembler, The - Eagle, Chris.pdf
    ├── Linux Malware Incident Response_ A Practitioner's Guide ile Data - Cameron Malin & Eoghan Casey & James Aquilina.pdf
    ├── Malware Forensics Field Guide for Windows Syst Field Guides - Casey, Eoghan;Malin, Cameron H.;Aquilina, James M_.zip
    ├── Practical Malware Analysis_ The Hands-On Guide to Dissecting Malicious Software - Sikorski, Michael & Honig, Andrew.pdf
    ├── Practical Reverse Engineering_ x86, x64, ARM, Windows Kernel, Rev Obfuscation - Dang, Bruce & Gazet, Alexandre & Bachaalany, Elias.pdf
    ├── Reversing_ Secrets of Reverse Engineering - Eilam, Eldad.pdf
    └── WinInternals_p2.zip


/README.md:
--------------------------------------------------------------------------------
  1 | # RE-MA-Roadmap
  2 | # [Reverse Engineering and Malware Analysis Roadmap](https://x86byte.github.io/x86byte_kpwn/articles/re-ma-roadmap.html)
  3 | ![image](https://github.com/user-attachments/assets/746914e3-f4b3-46de-9ed0-e3f282ac311a)
  4 | 
  5 | Welcome to the comprehensive roadmap for mastering reverse engineering and malware analysis. This roadmap is designed to guide individuals from beginner to expert level in the field of reverse engineering and malware analysis.
  6 | 
  7 | ## Foundations
  8 | ### 0x00 Establishing a Secure Lab Environment
  9 | - [Reverse Engineering For Everyone!](https://0xinfection.github.io/reversing/)
 10 | - [Malware Analysis Virtual Machine – by OALabs](https://www.youtube.com/watch?v=ql9D5MuK_3c)
 11 | - [Creating a Simple Free Malware Analysis Environment – by MalwareTech](https://www.malwaretech.com/beginner-malware-reversing-challenges)
 12 | 
 13 | ### 0x01 Mastering Reverse Engineering Tools
 14 | - [Reversing with Lena151  – learn OllyDbg (old, but still very useful)](https://github.com/kosmokato/Lena151)
 15 | - [REVERSING WITH IDA PRO FROM SCRATCH](http://ricardonarvaja.info/WEB/IDA%20DESDE%20CERO/EN%20INGLES/INGLES/)
 16 | - [Introduction to Windbg and debugging windows](https://www.youtube.com/playlist?list=PLhx7-txsG6t6n_E2LgDGqgvJtCHPL7UFu)
 17 | 
 18 | ## Gathering Intelligence
 19 | ### 0x02 Sourcing Malware Samples
 20 | - [Malware Traffic Analysis](https://www.malware-traffic-analysis.net/)
 21 | - [VX Underground](https://vx-underground.org/samples.html)
 22 | - [Malshare](http://www.malshare.com/)
 23 | - [VirusShare](https://virusshare.com/)
 24 | - [Abuse.ch](https://bazaar.abuse.ch/)
 25 | - [TheZoo](http://thezoo.morirt.com/)
 26 | - [VirusBay](https://beta.virusbay.io/)
 27 | - [MalwareBazaar](https://bazaar.abuse.ch/browse/)
 28 | - [VirusSign](https://www.virussign.com/)
 29 | 
 30 | ### 0x03 Gathering Threat Intelligence
 31 | - [Benkow](http://benkow.cc)
 32 | - [VXVault](http://vxvault.net/)
 33 | - [Cybercrime Tracker](http://cybercrime-tracker.net/)
 34 | 
 35 | ## Analyzing Malware Families
 36 | ### 0x04 Understanding Common Malware Families
 37 | - [Malpedia](https://malpedia.caad.fkie.fraunhofer.de/)
 38 | 
 39 | ## Practical Exercises
 40 | ### 0x05 Beginner Challenges and Writeups
 41 | - first of all :
 42 |   + [Windows Stack Protection I: Assembly Code](https://www.bowneconsultingcontent.com//pub/EH/proj/cloud/ED301c_tkp/ED301c_tkp.htm) 
 43 |   + [Windows Stack Protection II: Exploit Without ASLR](https://www.bowneconsultingcontent.com//pub/EH/proj/cloud/ED302c_tkp/ED302c_tkp.htm) 
 44 |   + [Windows Stack Protection III: Limitations of ASLR](https://www.bowneconsultingcontent.com//pub/EH/proj/cloud/ED303c_tkp/ED303c_tkp.htm) 
 45 |   + [The Wild World of Windows](https://samsclass.info/127/lec/EDch6.pdf)
 46 | 
 47 | - [Beginner Malware Reversing Challenges (by Malware Tech)](https://github.com/MalwareTech/Beginner-Reversing-Challenges)
 48 | - [solve the Malwarebytes CrackMe: a step-by-step tutorial](https://www.malwarebytes.com/blog/news/2017/11/how-to-solve-the-malwarebytes-crackme-a-step-by-step-tutorial)
 49 | - [MalwareTech Windows Reversing Challenge #1 Write-Ups](https://irfanalditya.github.io/posts/malwaretech-chal1/)
 50 | - [MalwareTech Windows Reversing Challenge #2 Write-Ups](https://irfanalditya.github.io/posts/malwaretech-chal2/)
 51 | - [MalwareTech Windows Reversing Challenge #3 Write-Ups](https://irfanalditya.github.io/posts/malwaretech-chal3/)
 52 | - [Crackmes.one – various crackmes to help you exercise reversing](https://crackmes.one/)
 53 | - ["Nightmare" – a reverse engineering course created around CTF tasks](https://github.com/guyinatuxedo/nightmare)
 54 | - [FlareOn Challenge writeups](https://github.com/fareedfauzi/Flare-On-Challenges)
 55 | 
 56 | ## Understanding Low-Level Concepts
 57 | ### 0x06 Assembly Language and PE Format
 58 | - [Video 1](https://www.youtube.com/watch?v=wLXIWKUWpSs&pp=ygUaIHg2IGFzc2VtYmx5IGludHJvZHVjdGlvbg%3D%3D) and [Video 2](https://www.youtube.com/watch?v=cFGJhn97e3s) for x86 assembly introduction
 59 | - Free course on assembly for other platforms
 60 | - Intel official manual on assembly language
 61 | - [An In-Depth Look Into The Win32 Portable Executable File Format](https://www.scribd.com/document/607827843/An-In-Depth-Look-into-the-Win32-Portable-Executable-File-Format)
 62 | - [An In-Depth Look into the Win32 Portable Executable File Format](https://mcsi-library.readthedocs.io/articles/2022/05/reverse-engineering-portable-executables-pe-part-2/reverse-engineering-portable-executables-pe-part-2.html)
 63 | - [Peering Inside the PE: A Tour of the Win32 Portable Executable File Format](https://coffi.readthedocs.io/en/latest/peering_inside_pe.pdf)
 64 | - [PE101](https://github.com/corkami/pics/tree/master/binary/pe101) and [PE102](https://github.com/corkami/pics/tree/master/binary/pe102) by Ange Albertini
 65 | - [Introduction to the Portable Executable (PE) File Format](https://bytepointer.com/resources/pietrek_pe.htm)
 66 | - [Win32 Portable Executable File Format](https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/sans-for610-pe.pdf)
 67 | - [Inside Windows PE](https://www.microsoftpressstore.com/articles/article.aspx?p=2201309)
 68 | - [Windows Internals 7th Edition](https://www.microsoftpressstore.com/store/windows-internals-part-1-system-architecture-processes-9780135462409)
 69 | - [Dynamic Linking and Windows PE](https://docs.microsoft.com/en-us/windows/win32/dlls/dynamic-linking)
 70 | - [Understanding Windows PE Files](https://0xrick.github.io/win-internals/pe1/)
 71 | - [Binary Analysis Cookbooks](https://binary.ninja/cookbook/)
 72 | - [Windows PE Parsing with Python](https://www.contextis.com/en/blog/malware-analysis-windows-pe-file-parsing-python)
 73 | 
 74 | ### Additional Assembly Resources
 75 | - [Modern x64 Assembly](https://www.youtube.com/playlist?list=PLKK11Ligqitg9MOX3-0tFT1Rmh3uJp7kA)
 76 | - [Intro to x86 Assembly Language](https://www.youtube.com/playlist?list=PLmxT2pVYo5LB5EzTPZGfFN0c2GDiSXgQe)
 77 | - [x86_64 Linux Assembly](https://www.youtube.com/playlist?list=PLetF-YjXm-sCH6FrTz4AQhfH6INDQvQSn)
 78 | - [Intro x86 (32 bit)](https://www.youtube.com/playlist?list=PL038BE01D3BAEFDB0)
 79 | - [Practical x64 Assembly and C++ Tutorials](https://www.youtube.com/playlist?list=PL0C5C980A28FEE68D)
 80 | - [Introductory Intel x86: Architecture, Assembly, Applications, & Alliteration](http://opensecuritytraining.info/IntroX86.html)
 81 | - [LINUX SYSTEM CALL TABLE FOR X86 64](https://blog.rchapman.org/posts/Linux_System_Call_Table_for_x86_64/)
 82 | - [Learning assembly for linux-x64](https://github.com/0xAX/asm)
 83 | - [x86-assembly-cheat](https://github.com/cirosantilli/x86-assembly-cheat)
 84 | - [x86 Assembly Guide](https://www.cs.virginia.edu/~evans/cs216/guides/x86.html)
 85 | - [Assembly’s Perspective](https://blog.stephenmarz.com/2020/05/20/assemblys-perspective/)
 86 | - [A Crash Course in x86 Assembly for Reverse Engineers](https://sensepost.com/blogstatic/2014/01/SensePost_crash_course_in_x86_assembly-.pdf)
 87 | - [Understanding C by learning assembly](https://www.recurse.com/blog/7-understanding-c-by-learning-assembly)
 88 | - [x86 Assembly Crash Course → YouTube](https://www.youtube.com/watch?v=75gBFiFtAb8)
 89 | - [x86 and amd64 instruction reference](https://www.felixcloutier.com/x86/index.html)
 90 | - [Learn x86_64 Assembly](https://gpfault.net/posts/asm-tut-0.txt.html)
 91 |   - [Part 1](https://gpfault.net/posts/asm-tut-1.txt.html)
 92 |   - [Part 2](https://gpfault.net/posts/asm-tut-2.txt.html)
 93 | - [x86-64 Assembly Programming with Ubuntu](http://www.egr.unlv.edu/~ed/assembly64.pdf)
 94 | - [Assembly for beginners](https://pacman128.github.io/pcasm/)
 95 | - [Assembly Language Succinctly](https://www.syncfusion.com/ebooks/assemblylanguage)
 96 | - [Everything you want to know about x86 microcode, but might have been afraid to ask](https://media.ccc.de/v/34c3-9058-everything_you_want_to_know_about_x86_microcode_but_might_have_been_afraid_to_ask)
 97 | - [Beginner Write your first Assembly Language program – Hello World!! [explained]](http://cssimplified.com/computer-organisation-and-assembly-language-programming/beginner-write-your-first-assembly-language-program-hello-world-explained)
 98 | - [Quick Guide to Assembly in 161 - Berkeley](https://inst.eecs.berkeley.edu/~cs161/sp15/discussions/dis06-assembly.pdf)
 99 | - [godbolt.org - Code ↔️ Assembly](https://godbolt.org/)
100 | - [Introduction to ARM](http://opensecuritytraining.info/IntroARM.html)
101 | - [INTRODUCTION TO ARM ASSEMBLY BASICS](https://azeria-labs.com/writing-arm-assembly-part-1/)
102 | - [Art of Assembly Language, The - Hyde, Randall](./REbooks/Art%20of%20Assembly%20Language%2C%20The%20-%20Hyde%2C%20Randall.pdf)
103 | - [Assembly Language Step-by-Step: Programming with Linux - Duntemann, Jeff](./REbooks/Assembly%20Language%20Step-by-Step_%20Programming%20with%20Linux%20-%20Duntemann%2C%20Jeff.pdf)
104 | 
105 | ### 0x07 Programming for Reverse Engineering
106 | - C/C++, Python, and Assembly
107 | - [MalwareTech's article on programming for malware analysis](https://www.malwaretech.com/2018/03/best-programming-languages-to-learn-for-malware-analysis.html)
108 | - Recommended learning resources:
109 |   - x86 Assembly: [Iczelion's tutorial](https://github.com/VishalRashmika/Iczelions-Assembly-Tutorials/blob/main/README.md), [Win32 Assembler for Crackers by Goppit](https://www.scribd.com/document/659839309/Win32-Assembler-Coding-for-Crackers-PL-Kody-zrodlowe)
110 |   - C/C++: [The C Programming language - by Kernighan & Ritchie](https://www.amazon.com/Programming-Language-2nd-Brian-Kernighan/dp/0131103628), [The C++ Programming language](https://www.amazon.com/C-Programming-Language-4th/dp/0321563840), [Linux Programming by example - by Kurt Wall](https://www.amazon.com/Linux-System-Programming-Embedded-Developers/dp/1593272200)
111 | - [Windows System Programming](https://www.amazon.com/Windows-System-Programming-4th-Addison-Wesley/dp/0321657748) book
112 | - [CPP / C++ Notes - Windows API Programming Win32](https://web.archive.org/web/20220407010232mp_/https://caiorss.github.io/C-Cpp-Notes/WindowsAPI-cpp.html)
113 | 
114 | ### Start Now with These Books!
115 | After all this learning, you can now start with these essential books on **Reverse Engineering & Exploitation**:
116 | 
117 | #### Reverse Engineering & Exploitation
118 | - [Reversing: Secrets of Reverse Engineering - Eilam, Eldad](./REbooks/Reversing_%20Secrets%20of%20Reverse%20Engineering%20-%20Eilam%2C%20Eldad.pdf)
119 | - [Practical Reverse Engineering: x86, x64, ARM, Windows Kernel - Dang, Bruce & Gazet, Alexandre & Bachaalany, Elias](./REbooks/Practical%20Reverse%20Engineering_%20x86%2C%20x64%2C%20ARM%2C%20Windows%20Kernel%2C%20Rev%20Obfuscation%20-%20Dang%2C%20Bruce%20%26%20Gazet%2C%20Alexandre%20%26%20Bacha%E2%80%A6.pdf)
120 | 
121 | 
122 | ## Malware Unpacking
123 | ### 0x08 Manual Unpacking Techniques
124 | - some ways...
125 |   - way one : https://medium.com/@dbragetti/unpacking-malware-685de7093e5
126 |   - way two : https://www.travismathison.com/posts/Manually-unpacking-malware/
127 | - [manual unpacking](https://www.youtube.com/playlist?list=PLt9cUwGw6CYGfoSL9PUlpKi23z0_R2gz-)
128 | 
129 | ## Advanced Techniques
130 | ### 0x09 Virtualization-based Protectors
131 | - [Workshop: VM-based Obfuscation Analysis](https://synthesis.to/2021/10/21/vm_based_obfuscation.html)
132 | - [Discussion on reverse engineering virtualization](https://www.youtube.com/watch?v=PAG3M7mWT2c&t=13229s)
133 | - [VMProtect 2 – Detailed Analysis of the Virtual Machine Architecture](https://www.tetraph.com/security/vulnerability-scanning/vmprotect-2-detailed-analysis-virtual-machine-architecture/)
134 | - [VMProtect 2 – Part Two, Complete Static Analysis](https://www.tetraph.com/security/vulnerability-scanning/vmprotect-2-part-two-complete-static-analysis/)
135 | - [SpeakEasy: a writeup solving a challenge from UIUCTF 2021](https://medium.com/@acheron2302/speakeasy-writeup-3af3375ab63)
136 | - [Tickling VMProtect with LLVM](https://www.synthesis.to/2021/10/21/vm_based_obfuscation.html)
137 | - [Cracking programs with custom virtualization-based protectors](https://www.malwaretech.com/challenges/windows-reversing/vm1)
138 | 
139 | ### 0x0a Malware Injection and Hooking
140 | - [A walk-through various techniques (by Endgame)](https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process)
141 | - [Ready-made demos of various code injection techniques (source code)](https://github.com/odzhan/injection)
142 | - [Review of various injection techniques (BlackHat 2019) Video - PDF](https://www.blackhat.com/us-19/briefings/schedule/index.html#practical-approach-to-process-injection-14279)
143 | - [Author's PE injection demos (source code)](https://github.com/hasherezade/demos)
144 | - ["Inline Hooking for programmers" (by MalwareTech) - Part 1 and Part 2](https://malwaretech.com/how-to-write-a-rootkit)
145 | - [Windows API Hooking (article in Red Teaming Experiments)](https://redteaming.io/)
146 | - [Simple userland rootkit - a case study](https://blog.malwarebytes.com/threat-analysis/2016/12/simple-userland-rootkit-a-case-study/)
147 | 
148 | ### 0x0b Kernel-mode Malware
149 | 
150 | Before we dive into kernel-mode malware and rootkit techniques, it's important to understand the fundamentals of driver development and kernel programming. Below are some great starting points that will guide you through these concepts and provide a solid foundation.
151 | 
152 | #### Basic Driver Development Resources
153 | - [Catalog of key Windows kernel data structures](https://web.archive.org/web/20211106153221mp_/https://codemachine.com/articles/kernel_structures.html)
154 | 1. **Driver Development Part 1: Introduction to Drivers**  
155 |    [CodeProject: Introduction to Drivers](https://www.codeproject.com/articles/9504/driver-development-part-1-introduction-to-drivers)
156 | 
157 | 2. **Driver Development Part 2: Introduction to Implementing IOCTLs**  
158 |    [CodeProject: Introduction to Implementing IOCTLs](https://www.codeproject.com/articles/9575/driver-development-part-2-introduction-to-implemen)
159 | 
160 | 3. **Driver Development Part 3: Introduction to Driver Contexts**  
161 |    [CodeProject: Introduction to Driver Contexts](https://www.codeproject.com/articles/9636/driver-development-part-3-introduction-to-driver-c)
162 | 
163 | 4. **Driver Development Part 5: Introduction to the Transport Device Interface**  
164 |    [CodeProject: Introduction to Transport Device Interface](https://www.codeproject.com/articles/9974/driver-development-part-5-introduction-to-the-tran)
165 | 
166 | 5. **Driver Development Part 6: Introduction to Display Drivers**  
167 |    [CodeProject: Introduction to Display Drivers](https://www.codeproject.com/articles/12878/driver-development-part-6-introduction-to-display)
168 | 
169 | #### Additional Resources
170 | 
171 | - **Memory Management in Kernel Mode**  
172 |   The best starting point for these aspects is tutorials written by Four-F:  
173 |   - [How The Kernel Manages Your Memory](https://manybutfinite.com/post/how-the-kernel-manages-your-memory/)
174 |   - [Driver Basics - DMA Concepts](https://www.osronline.com/article.cfm%5Earticle=539.htm)
175 |   - [X-DMA - Extreme DMA for Performance](https://www.osronline.com/article.cfm%5Earticle=19.htm)
176 |   - [MmMapLockedPages(SpecifyCache) with AccessMode == UserMode](https://www.osronline.com/article.cfm%5earticle=26.htm)
177 |   - [A Common Topic Explained - Sharing Memory Between Drivers and Applications](https://www.osronline.com/article.cfm%5earticle=39.htm)
178 |   - [Windows NT Virtual Memory (Part I)](https://www.osronline.com/article.cfm%5earticle=71.htm)
179 |   - [Windows NT Virtual Memory (Part II)](https://www.osronline.com/article.cfm%5earticle=60.htm)
180 |   - [Finding File Contents in Memory](https://www.osronline.com/article.cfm%5earticle=280.htm)
181 |  
182 | - **Handling IRPs (I/O Request Packets)**
183 |   - [Properly Pending IRPs - IRP Handling for the Rest of Us](https://www.osronline.com/article.cfm%5earticle=21.htm)
184 |   - [Proper Completion -- Resubmitting IRPs from within a Completion Routine](https://www.osronline.com/article.cfm%5earticle=391.htm)
185 |   - [Rules for Irp Dispatching and Completion Routines](https://www.osronline.com/article.cfm%5earticle=214.htm)
186 |   - [Beyond IRPs: Driver to Driver Communications](https://www.osronline.com/article.cfm%5earticle=177.htm)
187 |   - [IrpTracker](https://www.osronline.com/article.cfm%5earticle=199.htm)
188 |   - [Rolling Your Own - Building IRPs to Perform I/O](https://www.osronline.com/article.cfm%5Earticle=87.htm)
189 |   - [The Truth About Cancel - IRP Cancel Operations (Part I)](https://www.osronline.com/article.cfm%5Earticle=78.htm)
190 |   - [The Truth About Cancel - IRP Cancel Operations (Part II)](https://www.osronline.com/article.cfm%5earticle=72.htm)
191 |     
192 |   ~ A must-read for driver writers:  
193 |     - [Microsoft: Handling IRPs](https://learn.microsoft.com/en-us/windows-hardware/drivers/kernel/handling-irps)
194 |   
195 | - **The Basics:Bugchecks Explained**
196 |   + [https://www.osronline.com/article.cfm%5earticle=334.htm](PFN_LIST_CORRUPT)
197 |   + [https://www.osronline.com/article.cfm%5Earticle=335.htm](PAGE_FAULT_IN_NONPAGED_AREA)
198 |   + [https://www.osronline.com/article.cfm%5earticle=336.htm](KERNEL_DATA_INPAGE_ERROR)
199 |   + [https://www.osronline.com/article.cfm%5Earticle=337.htm](NO_MORE_IRP_STACK_LOCATIONS)
200 |     
201 | #### Important Books for Kernel and Driver Development
202 | 
203 |   - [Windows Kernel Programming (First Edition)](REbooks/Windows_Kernel_Programming_Pavel_Yosifovich.pdf) *(Available in the REbooks folder)*
204 |   - [Windows Kernel Programming, 2nd Edition](REbooks/Windows_Kernel_Programming_2nd_Edition_Pavel_Yosifovich.pdf) *(Available in the REbooks folder)*
205 |   - [Windows NT Device Driver Development](REbooks/Windows_NT_Device_Driver_Development.pdf) *(Available in the REbooks folder)*
206 |   - [Windows Internals, Part 1, 7th Edition - 2017](https://dn790000.ca.archive.org/0/items/windows-internals-part1-7th/windows-internals-part1-7th.pdf)
207 |   - [Windows Internals, 7th Edition, Part 2 - 2021](REbooks/WinInternals_p2.zip) *(Available in the REbooks folder just extrat the zip)*
208 | 
209 | 
210 | #### Web Resources
211 | 
212 | - **OSR Online**: The first and most important resource about Windows Driver Development  
213 |   [OSR Online](http://www.osronline.com/)
214 | 
215 | - **Other Useful Blogs and Resources**  
216 |   - [J00ru Blog - Reverse Engineering & Kernel Research](http://j00ru.vexillium.org/)  
217 |   - [Rootkit Analysis Tutorial PDF](https://www.sekoia.fr/blog/wp-content/uploads/2016/10/Rootkit-analysis-Use-case-on-HIDEDRV-v1.6.pdf) *(available in the current repo under the REbooks folder)*
218 | 
219 | #### Transition to Kernel-mode Malware
220 | 
221 | Once you’ve gone through these foundational resources, you’ll have a better understanding of driver development, IRPs, memory management, and more. Now we can proceed to advanced topics like kernel-mode malware, rootkit analysis, and related techniques.
222 | 
223 | ---
224 | 
225 | #### Key Resources for Kernel-mode Malware and Rootkit Techniques
226 | 
227 | - [Starting with Windows Kernel Exploitation - setting up the lab](https://hshrzd.wordpress.com/2017/05/28/starting-with-windows-kernel-exploitation-part-1-setting-up-the-lab/)
228 | - [Brief introduction to driver analysis methods by Matt Hand](https://hshrzd.wordpress.com/2017/05/28/starting-with-windows-kernel-exploitation-part-1-setting-up-the-lab/)
229 | - [Rootkit analysis tutorial](http://www.sekoia.fr/blog/wp-content/uploads/2016/10/Rootkit-analysis-Use-case-on-HIDEDRV-v1.6.pdf)
230 | 
231 | #### Kernel-mode Rootkit Techniques:
232 | 
233 | - [Hooking IDT](https://resources.infosecinstitute.com/hooking-idt/)
234 | - [SSDT hooks](https://www.adlice.com/kernelmode-rootkits-part-1-ssdt-hooks/)
235 | - [IRP hooks](https://www.adlice.com/kernelmode-rootkits-part-2-irp-hooks/)
236 | - [Kernel filters](https://www.adlice.com/kernelmode-rootkits-part-3-kernel-filters/)
237 | 
238 | 
239 | 
240 | ### 0x0c Going Deeper
241 | - [Malware infecting MBR, bootkits, and UEFI firmware](https://securelist.com/bootkits-the-ultimate-in-persistent-malware/58221/)
242 | 
243 | ## Learning Resources
244 | ### 0x0d Courses and Tutorials
245 | - [Mytechnotalent's Reverse Engineering Repository](https://github.com/mytechnotalent/Reverse-Engineering)
246 | - [Octopus Labs](http://legend.octopuslabs.io/sample-page.html)
247 | - [Open Security Training](http://opensecuritytraining.info/Training.html)
248 | - [Practical Malware Analysis learning materials](https://samsclass.info/126/126_S17.shtml)
249 | - [Malware Analysis course (University of Cincinnati)](https://www.uc.edu/ce/cyber/courses/malware-analysis.html)
250 | - [Red/purple teaming: a malware development course by 0xPat](https://twitter.com/0xPat)
251 | - [Building C2 implants in C++](https://malwareunicorn.org/workshops.html)
252 | - [Hasherezade's malware training repository](https://github.com/hasherezade/malware_training_vol1)
253 | 
254 | ### 0x0e YouTube Channels and Videos
255 | - [Malware Analysis For Hedgehogs](https://www.youtube.com/channel/UCVFXrUwuWZ3Uk6ZuIzP5RvQ)
256 | - [OALabs](https://www.youtube.com/c/OALabs/videos)
257 | - [Colin's channel about malware](https://www.youtube.com/channel/UCQN2DsjnYH60SFBIA6IkNwg)
258 | - [DuMp-GuY TrIcKsTeR](https://www.youtube.com/user/hexacorn)
259 | 
260 | ### 0x0f Recommended Books
261 | - [Practical Malware Analysis: A Hands-On Guide to Dissecting Malicious Software](./REbooks/Practical%20Malware%20Analysis_%20The%20Hands-On%20Guide%20to%20Dissecting%20Malicious%20Software%20-%20Sikorski%2C%20Michael%20%26%20Honig%2C%20Andrew.pdf)
262 | - [The Art of Computer Virus Research and Defense – Peter Szor](https://www.amazon.com/Art-Computer-Virus-Research-Defense/dp/0321304543)
263 | - ["The "Ultimate"Anti-Debugging Reference" – by Peter Ferrie](https://www.amazon.com/Ultimate-Anti-Debugging-Reference-Peter-Ferrie/dp/1500494501)
264 | - [Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code](https://www.amazon.com/Malware-Analysts-Cookbook-DVD-Techniques/dp/0470613033)
265 | - [Hacker Disassembling Uncovered – by Kris Kaspersky](https://www.amazon.com/Hacker-Disassembling-Uncovered-Kaspersky/dp/193176946X)
266 | - [The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System](https://www.amazon.com/Rootkit-Arsenal-Escape-Evasion-Corners/dp/144962636X)
267 | - [Rootkits and Bootkits – by Alex Matrosov, Eugene Rodionov, and Sergey Bratus](https://www.amazon.com/Rootkits-Bootkits-Alex-Matrosov/dp/1593277164)
268 | - [Windows System Programming (4th edition) – by Johnson M. Hart](https://www.amazon.com/Windows-System-Programming-4th-Addison-Wesley/dp/0321657748)
269 | 
270 | ## Tips and Advice
271 | ### 0x10 Staying Motivated and Advancing Your Career
272 | - Stay curious and eager to learn
273 | - Practice, practice, practice
274 | - Engage with the community
275 | - Contribute and share your knowledge
276 | - Stay up-to-date with the latest trends and techniques
277 | - Develop strong programming skills in languages like C/C++, Python, and Assembly
278 | - Embrace failure as a learning opportunity
279 | - Maintain a safe and controlled environment for your analysis
280 | - Respect intellectual property and adhere to ethical guidelines
281 | 
282 | ### 0x11 Getting a Malware Analyst Job
283 | - Contribute to the community through research, blog posts, or open source projects
284 | - Stay active and engaged in the field by attending conferences and participating in CTFs
285 | - Build a solid online presence by sharing your work and insights on platforms like GitHub and Twitter
286 | - Network with industry professionals and join relevant communities and forums
287 | - Continuously update your skills and knowledge through self-study and formal training programs
288 | 
289 | ## Conclusion
290 | This comprehensive roadmap provides a step-by-step guide for mastering reverse engineering and malware analysis. By following the suggested resources and engaging in practical exercises, you can build a strong foundation, develop advanced skills, and position yourself for a successful career in this field. Remember to stay motivated, curious, and always eager to learn. Good luck on your reverse engineering and malware analysis journey!
291 | 
292 | ## Additional Resources
293 | ### Blogs and Websites
294 | - [MalwareTech](https://www.malwaretech.com/)
295 | - [Hasherezade's Blog](https://hshrzd.wordpress.com/)
296 | - [Malwarebytes Labs](https://blog.malwarebytes.com/)
297 | - [FireEye Threat Research Blog](https://www.fireeye.com/blog/threat-research.html)
298 | - [Talos Intelligence Blog](https://blog.talosintelligence.com/)
299 | - [Securelist by Kaspersky](https://securelist.com/)
300 | - [The Malware Analyst's Cookbook](https://www.malwarecookbook.com/)
301 | - [0xec](https://0xec.blogspot.com/)
302 | - [Malwarebytes Unpacked](https://blog.malwarebytes.com/category/unpacked/)
303 | - [SANS Internet Storm Center](https://isc.sans.edu/)
304 | - [MalwareMustDie](http://malwaremustdie.blogspot.com/)
305 | - [ReversingLabs](https://www.reversinglabs.com/blog)
306 | 
307 | ### Forums and Communities
308 | - [MalwareTips](https://malwaretips.com/)
309 | - [Reverse Engineering Stack Exchange](https://reverseengineering.stackexchange.com/)
310 | - [KernelMode.info](https://www.kernelmode.info/forum/)
311 | - [Wilders Security Forums](https://www.wilderssecurity.com/)
312 | - [Malware Analysis Forums on Reddit](https://www.reddit.com/r/Malware/)
313 | - [VirusTotal Community](https://www.virustotal.com/gui/community)
314 | - [OSR Developer Community](https://community.osr.com)
315 | - [UnKnoWnCheaTs](https://www.unknowncheats.me/forum/index.php)
316 | - [Reverse Engineering - Stack exchange](https://reverseengineering.stackexchange.com/)
317 | - [ru-board](http://forum.ru-board.com)
318 | - [R0](https://forum.reverse4you.org/categories)
319 | - [CrackLab](https://cracklab.team/index.php)
320 | 
321 | ### Tools and Software
322 | - [IDA Pro](https://www.hex-rays.com/products/ida/)
323 | - [Ghidra](https://ghidra-sre.org/)
324 | - [x64dbg](https://x64dbg.com/)
325 | - [OllyDbg](http://www.ollydbg.de/)
326 | - [Immunity Debugger](https://www.immunityinc.com/products/debugger/)
327 | - [Wireshark](https://www.wireshark.org/)
328 | - [Cuckoo Sandbox](https://cuckoosandbox.org/)
329 | - [PEStudio](https://www.winitor.com/)
330 | - [Volatility](https://www.volatilityfoundation.org/)
331 | - [Sysinternals Suite](https://docs.microsoft.com/en-us/sysinternals/)
332 | - [YARA](https://virustotal.github.io/yara/)
333 | - [Capstone](https://www.capstone-engine.org/)
334 | - [Radare2](https://www.radare.org/)
335 | - [Binary Ninja](https://binary.ninja/)
336 | 
337 | ### Online Platforms and Challenges
338 | - [MalwareBazaar](https://bazaar.abuse.ch/)
339 | - [VirusTotal](https://www.virustotal.com/gui/home)
340 | - [Hybrid Analysis](https://www.hybrid-analysis.com/)
341 | - [Flare-On Challenge](https://www.fireeye.com/blog/threat-research/2019/08/announcing-the-sixth-annual-flare-on-challenge.html)
342 | - [CTFTime](https://ctftime.org/)
343 | - [Hack The Box](https://www.hackthebox.eu/)
344 | 
345 | 
346 | 
347 | 
348 | ## Upcoming Resources
349 | 
350 | I will be adding some random books to the **REbooks** folder soon. Stay tuned for more resources!
351 | 
352 | 
353 | 
354 | ## Acknowledgments
355 | A big thank you to all the researchers, authors, and contributors who have shared their knowledge and resources in the field of reverse engineering and malware analysis. This roadmap wouldn't have been possible without their valuable contributions.
356 | 
357 | ## Contributing
358 | Contributions are welcome! If you have any suggestions, resources, or improvements to this roadmap, please feel free to open an issue or submit a pull request.
359 | 
360 | 
361 | ## channel 
362 | ## Join OrcaCyberWeapons on Telegram!
363 | 
364 | Are you ready to dive into the depths of cybersecurity, reverse engineering, and advanced threat analysis? Look no further than OrcaCyberWeapons, your gateway to the world of cutting-edge security research and exploration.
365 | 
366 | **What We Offer:**
367 | - **Advanced Cybersecurity Insights:** Delve into the latest trends, techniques, and strategies employed by cyber adversaries, shedding light on the vast world of malware, exploits, APTs, and cybercrime across all platforms.
368 | - **Reverse Engineering Expertise:** Uncover the inner workings of sophisticated malware, dissect exploit techniques, and explore the art of reverse engineering with our community of seasoned professionals and enthusiasts.
369 | - **Malware Development and Analysis:** Gain valuable insights into the creation, analysis, and mitigation of malware, understanding its behavior, impact, and countermeasures.
370 | - **APT Techniques and Defense Strategies:** Explore the realm of advanced persistent threats (APTs), dissect their tactics, and fortify your defenses against sophisticated cyber adversaries.
371 | 
372 | Whether you're a seasoned cybersecurity professional, an aspiring ethical hacker, or a curious enthusiast, OrcaCyberWeapons provides a platform for in-depth discussions, practical insights, and collaborative exploration of the ever-evolving cybersecurity landscape.
373 | 
374 | Join us on Telegram and embark on a journey of discovery, knowledge sharing, and continuous learning in the realm of cybersecurity and beyond.
375 | 
376 | [Join OrcaCyberWeapons on Telegram](https://t.me/OrcaCyberWeapons)
377 | 


--------------------------------------------------------------------------------
/REbooks/Art of Assembly Language, The - Hyde, Randall.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/x86byte/RE-MA-Roadmap/529f4852db41255b9e6818e27c60836f5eaf3687/REbooks/Art of Assembly Language, The - Hyde, Randall.pdf


--------------------------------------------------------------------------------
/REbooks/Assembly Language Step-by-Step_ Programming with Linux - Duntemann, Jeff.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/x86byte/RE-MA-Roadmap/529f4852db41255b9e6818e27c60836f5eaf3687/REbooks/Assembly Language Step-by-Step_ Programming with Linux - Duntemann, Jeff.pdf


--------------------------------------------------------------------------------
/REbooks/IDA Pro Book_ The Unofficial Guide to the World's Most Popular Disassembler, The - Eagle, Chris.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/x86byte/RE-MA-Roadmap/529f4852db41255b9e6818e27c60836f5eaf3687/REbooks/IDA Pro Book_ The Unofficial Guide to the World's Most Popular Disassembler, The - Eagle, Chris.pdf


--------------------------------------------------------------------------------
/REbooks/Linux Malware Incident Response_ A Practitioner's Guide ile Data - Cameron Malin & Eoghan Casey & James Aquilina.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/x86byte/RE-MA-Roadmap/529f4852db41255b9e6818e27c60836f5eaf3687/REbooks/Linux Malware Incident Response_ A Practitioner's Guide ile Data - Cameron Malin & Eoghan Casey & James Aquilina.pdf


--------------------------------------------------------------------------------
/REbooks/Malware Forensics Field Guide for Windows Syst Field Guides - Casey, Eoghan;Malin, Cameron H.;Aquilina, James M_.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/x86byte/RE-MA-Roadmap/529f4852db41255b9e6818e27c60836f5eaf3687/REbooks/Malware Forensics Field Guide for Windows Syst Field Guides - Casey, Eoghan;Malin, Cameron H.;Aquilina, James M_.zip


--------------------------------------------------------------------------------
/REbooks/Practical Malware Analysis_ The Hands-On Guide to Dissecting Malicious Software - Sikorski, Michael & Honig, Andrew.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/x86byte/RE-MA-Roadmap/529f4852db41255b9e6818e27c60836f5eaf3687/REbooks/Practical Malware Analysis_ The Hands-On Guide to Dissecting Malicious Software - Sikorski, Michael & Honig, Andrew.pdf


--------------------------------------------------------------------------------
/REbooks/Practical Reverse Engineering_ x86, x64, ARM, Windows Kernel, Rev Obfuscation - Dang, Bruce & Gazet, Alexandre & Bachaalany, Elias.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/x86byte/RE-MA-Roadmap/529f4852db41255b9e6818e27c60836f5eaf3687/REbooks/Practical Reverse Engineering_ x86, x64, ARM, Windows Kernel, Rev Obfuscation - Dang, Bruce & Gazet, Alexandre & Bachaalany, Elias.pdf


--------------------------------------------------------------------------------
/REbooks/Reversing_ Secrets of Reverse Engineering - Eilam, Eldad.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/x86byte/RE-MA-Roadmap/529f4852db41255b9e6818e27c60836f5eaf3687/REbooks/Reversing_ Secrets of Reverse Engineering - Eilam, Eldad.pdf


--------------------------------------------------------------------------------
/REbooks/WinInternals_p2.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/x86byte/RE-MA-Roadmap/529f4852db41255b9e6818e27c60836f5eaf3687/REbooks/WinInternals_p2.zip


--------------------------------------------------------------------------------