wtsxdev/reverse-engineering

This repository is a curated list of learning materials and tools for reverse engineering, which is the practice of analyzing software (or other systems) to understand how they work, typically without access to the original source code. Security researchers, malware analysts, and participants in capture-the-flag (CTF) competitions use reverse engineering to understand programs, find vulnerabilities, or analyze suspicious files. The list is organized into categories. The Books section includes titles covering assembly language, practical malware analysis, Windows internals, iOS app reversing, and exploitation techniques. The Courses section links to training from universities, security organizations like SANS and Offensive Security, and conference workshops like Blackhat and REcon. The Tools sections cover different stages of analysis. Hex editors let you inspect the raw bytes of any file. Disassemblers like IDA Pro, GHIDRA, Radare, and Binary Ninja convert compiled machine code back into human-readable assembly. Binary analysis frameworks like angr and bap automate parts of the analysis. For dynamic analysis (running a program and watching what it does), the list includes process monitors, network simulators like iNetSim, memory acquisition tools, and the Cuckoo sandbox, which runs suspicious files in an isolated environment and records their behavior. The Practice section points to platforms where you can try reverse engineering exercises in a legal, controlled setting: sites like Crackmes.de, Flare-on challenges run by Mandiant, and CTF archives on GitHub. A note in that section warns to be careful with malware samples. Additional categories cover Android-specific tools, bytecode analysis for Java and .NET, Yara rule writing for malware classification, and document analysis tools for examining malicious PDFs or Office files.