Tools

This page will eventually contain subpages explaining how to use the tools I currently rely on. For now, it serves as a reference list of the tools I mainly use when analyzing standard executables.

My lab setup is largely based on the one shown in this video: https://www.youtube.com/watch?v=luTt0_NxoG0, using Windows 10.

For static analysis, I use:

• floss: http://github.com/mandiant/flare-floss/tree/master
• capa: https://github.com/mandiant/capa
• pestudio: https://www.winitor.com/
• Ghidra: https://github.com/NationalSecurityAgency/ghidra

For dynamic analysis, I use:

• Procmon: https://learn.microsoft.com/en-us/sysinternals/downloads/procmon
• System Informer: https://systeminformer.sourceforge.io/
• Regshot: https://github.com/Seabreg/Regshot
• Wireshark: https://www.wireshark.org/
• INetSim: https://www.inetsim.org/
• x32dbg and x64dbg: https://x64dbg.com/