Windows Host
Windows Integrated
Environment
Disassembers and Debuggers
Hex Editor
Static Analysis - Basic
Dynamic Analysis - Advanced
PE Analysis
PE Dumping/Unpacking
Office Tools
PDF Tools
Flash Tools
Java Tools
Javascript Tools
.NET Reversing
Python Tools
Visual Basic Tools

• VMware Workstation Pro - Create and manage virtual machines.

• Windows EMET - Windows Enhanced Mitigation Toolkit (Enable and disable ASLR)

• Sysinternals Suite - The Sysinternals Troubleshooting Utilities have been rolled up into a single Suite of tools. This file contains the individual troubleshooting tools and help files.

• Visual Studio Runtime Installers

  • 2005 - 32bit // 64bit
  • 2008 - 32bit // 64bit
  • 2010 - 32bit // 64bit
  • 2012 - 32bit // 64bit
  • 2013 - 32bit // 64bit
  • 2015 - 32bit // 64bit
  • 2017 - 32bit // 64bit

• .NET Runtime Installers

  • 2.0 - 32bit // 64bit
  • 3.0 SP1 - 32bit // 64bit
  • 3.5 - 32bit // 64bit
  • 3.5 SP1 - 32bit // 64bit
  • 4.0 - 32bit // 64bit
  • 4.5 - 32bit // 64bit
  • 4.5.2 - 32bit // 64bit
  • 4.6 - 32bit // 64bit
  • 4.6.1 - 32bit // 64bit
  • 4.6.2 - 32bit // 64bit
  • 4.7 - 32bit // 64bit

• 7zip - 7-Zip is a file archiver with a high compression ratio.
• cmder - Cmder is a software package created out of pure frustration over the absence of nice console emulators on Windows.
• Fences - Automatically organize your desktop shortcuts and icons.
• Python 2.7.14 x64 - Python 2.7 64-bit
• Python 2.7.14 x86 - Python 2.7 32-bit
• Python 3.6.5 x64 - Python 3 64-bit
• Python 3.6.5 x86 - Python 3 32-bit

• Binary Ninja - BINARY NINJA: A NEW KIND OF REVERSING PLATFORM.

• IDA - IDA is a Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger.

  • FLARE IDA plugin - A collection of IDA Pro scripts and plugins used by the FireEye Labs Advanced Reverse Engineering (FLARE) team. MSDN Data for plugin
  • Standalone MSDN Annotations - Perform MSDN annotations to all standard Win API calls within IDA.
  • Interactive Functions List – A small plugin with a goal to provide user-friendly way to navigate between functions and their references.

• x64dbg - An open-source x64/x32 debugger for windows.

  • ScyllaHide plugin - ScyllaHide is an advanced open-source x64/x86 usermode Anti-Anti-Debug library.
  • TitanHide plugin - TitanHide is a kernelmode driver intended to hide debuggers from certain processes.
    Archived here
  • xAnalyzer – xAnalyzer is a plugin for the x86/x64 x64dbg debugger by @mrexodia. This plugin is based on APIInfo Plugin by @mrfearless, although some improvements and additions have been made. xAnalyzer is capable of doing various types of analysis over the static code of the debugged application to give more extra information to the user.

• WinDbg - The Windows Debugger (WinDbg) can be used to debug kernel and user mode code, analyze crash dumps and to examine the CPU registers as code executes.

• Windows Symbols - To set your environment to store symbols locally and use the microsoft symbols server set the following environment variable:
  _NT_SYMBOL_PATH = srv*c:\symbols*https://msdl.microsoft.com/download/symbols

• 010 Hex Editor - Professional Text Editor + Hex Editor.

• Detect-It-Easy (DIE) - Detect It Easy, or abbreviated "DIE" is a program for determining types of files.
• xorsearch - XORSearch is a program to search for a given string in an XOR, ROL, ROT or SHIFT encoded binary file.
• xorstrings - XORStrings will search for strings in the (binary) file you provide it, using the same encodings as XORSearch (XOR, ROL, ROT and SHIFT).

• Spy Studio - SpyStudio shows and interprets calls, displaying the results in a structured way which is easy for any IT professional to understand. SpyStudio can show registry keys and files that an application uses, COM objects and Windows the application has created, and errors and exceptions.

• PE-Bear – PE-bear is a freeware reversing tool for PE files. Its objective was to deliver fast and flexible “first view” tool for malware analysts, stable and capable to handle malformed PE files.

• Flypaper – Very useful tool used to prevent processes from exiting.
• ImpREC – ImpRec can be used to repair the import table for packed programs.
• PE-Seive – PE-sieve scans a given process, searching for the modules containing in-memory code modifications. When found, it dumps the modified PE.
• pe_unmapper – Small tool to convert a PE from a virtual format into a raw format (useful in recovering executables dumped from the memory).
• find_forwarders – Small tool for finding import's name (and the forwarders) by it's Virtual Address.
• imports_unerase – Small tool for recovering erased imports of a dumped PE file.
• va_to_import – Small tool for finding import name by it's Virtual Address.
• hollows_hunter – A process scanner detecting and dumping hollowed PE modules.

• Offvis – The Microsoft Office Visualization Tool (OffVis) is a tool from Microsoft that helps understanding the Microsoft Office binary file format in order to deconstruct .doc-, .xls- and .ppt-based targeted attacks.

• pdfid – This tool is not a PDF parser, but it will scan a file to look for certain PDF keywords, allowing you to identify PDF documents that contain (for example) JavaScript or execute an action when opened.
• pdf-parser – This tool will parse a PDF document to identify the fundamental elements used in the analyzed file.
• PdfStreamDumper – This is a free tool for the analysis of malicious PDF documents.

• FFDec – Opensource flash SWF decompiler and editor. Extract resources, convert SWF to FLA, edit ActionScript, replace images, sounds, texts or fonts. Various output formats available. Works with Java on Windows, Linux or MacOS.

• JD-GUI – JD-GUI is a standalone graphical utility that displays Java source codes of “.class” files. You can browse the reconstructed source code with the JD-GUI for instant access to methods and fields.
• dex2jar – Tools to work with android .dex and java .class files

• Spider Monkey – SpiderMonkey is a modified version of Mozilla’s C implementation of JavaScript, with some extra functions to help with malware analysis.

• ILSpy – ILSpy is the open-source .NET assembly browser and decompiler.
• DNSpy – dnSpy is a debugger and .NET assembly editor. You can use it to edit and debug assemblies even if you don't have any source code available.
• DotPeek – Free .NET Decompiler and Assembly Browser
• De4dot – .NET deobfuscator and unpacker.

• PyInstallerExtractor – allows to unwrap an EXE created by PyIntaller
• Easy Python Decompiler – decompiles Python modules (pyc)

• VBDecompiler – Best code recovery solution for Visual Basic 5.0/6.0 applications and fast disassembler for Visual Studio .NET compiled apps.

• Title – Information