Gorō Nyūdō Masamune is the greatest swordsmith of all time the process of making the sword also known as Kâtanâ is a lengthy hard process so ours as Samurais of code we need to have the finnet most cutting-edge tools that will help us in shredding software code to find the tiniest flaws to exploit .
Needless to say the following software are all my personal preference of course I provided other alternatives depending on whether you like or not my setup .
The only thing that we will all come to no matter what are our prefrences is a Unix & Windows OS are both necessary the most important one is Windows OS because most malwares we’ll analyse are targeting it and most software we’ll try to exploit are on it mainly
I personnally have built a Windows x64 & Ubuntu LTS 14.04 (Dual booted) I recommend not using your main OS as analysis setup so inside the Ubuntu I’ve installed Virtual Box an opensource virtualisation software that I highly recommend .
Once You’ve Installed Virtual Box or VMWare you should Install a fresh Windows 7 copy on it I still use Windows XP SP3 due to habits and it’s kind of easier to debug kernel level on it but considering Windows 7 is more than recommended don’t go I didn’t test Windows 8/8.1 but it remains your choice you don’t need swaggy metrosyle to debug/disassemble and write code .
-Configuring Windows :
Go to Explorer and Uncheck :Hiding extension of known files & Hide protected operating system files and Show hidden files,folders,drives . -My favorite font is Monaco -Install Chrome/Firefox and Web Devolper/Adblock Plus/Wappalyzer -Get Notepad++ it can be a plus to VIM it’s very useful to read source codes . -Get Python (Don’t worry about the IDE you can pick Wing IDE or PyCharm or just use IDLE) Python will be use for exploit writting and it’s necessary for IDA & Immunity Debbuger you also should get PIP and the run the following : “pip install pycrypto“, “pip install winappdbg“, “pip install pefile” -There will come a time where you’ll need to deal with the command line / shell as we all agree CMD sucks I suggest you get Babun Shell it packs the must from Cygwin into a small nice sexy shell that has everything in it ,almost forgot it pack VIM wich I use as my main IDE for small snippets and tests it also has the GCC suite you can get LLVM if you like it more but GCC does more than enough. -The Tâchî file :Create a folder into C:/ name it Tools and extract the following software into it :
-Get PSTools & Process Hacker they’re necessary Internals monitoring tools -Get PEStudio/PEBear and RDG Packet Detector and add it to the contextual menu -Get CFFExplorer & APIMonitor the both are very necessary in case of Hooking/DLL Analysis to understand how malware works and interact with the Win32API -Get PeID & download userdb.txt and overwrite the one in PeID folder.Then run PEieID and in Options check Hardcore Scan and check Register shell extensions.
-Debuggers & Dissassembly: -I Usually use OllyDRX but I stopped using it because it gets glitchy plus I don’t use Olly since I moved ton Windows 7 in case if you want to use Olly then follow these steps : – Get Ollydbg & then install plugins of your choice, here is list of Ollydbg plugins I use: Olly advanced, Olly breakpoint manager, OllyBonE, OllyDumpEx, OdbgScript, StrongOD, Ultra String Reference,CopyHexCode, Multiline Ultimate Assembler and ImportStudio. Then goto Options and check Just in time debugging and make Ollydbg just-in-time debugger. -I’m an avid user of Immunity Debbuger I uploaded it in my DropBox so you don’t get to register … I aslo use GDB&ObjDump (GNUDebugger) with this nice SoftICE theme -Get Moth***Fuck*** IDA ! – Install a hex editor , I suggest HxD or HIEW
-Setting a Dev Environment : -Install Windows SDK & Visual Studio 2010 & 2013 my preferred is the 2010 but you should get with the one you like -Install Orwell DevCpp in case you don’t get comfortable with VIM/GCC -Install NASM/MASM and add them to your environment path you also should ger RadASM or WinASM as Assembly IDE’s
-Packet&Network analysis:You should get Wireshark and TCPDump and also HTTPDebugger they are necessary to analyse traffic that routes between malwares and their respective C&C .
As the tâchî is ready I guess that you now have a cutting edge kâtanâ or you need to do is to jump into the woods and start shreeding things .
P.S:Always have the Manual with you also called the Documentation as you may know RTFM is the first step to success here are some docs you will necessary need RTFM! never forget the path to wisdom is a quest of knowledge and search .
-Win32API directory from microsoft website