[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-74426":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":15,"subscribersCount":15,"size":15,"stars1d":16,"stars7d":17,"stars30d":18,"stars90d":15,"forks30d":15,"starsTrendScore":19,"compositeScore":20,"rankGlobal":10,"rankLanguage":10,"license":21,"archived":22,"fork":22,"defaultBranch":23,"hasWiki":22,"hasPages":22,"topics":24,"createdAt":10,"pushedAt":10,"updatedAt":41,"readmeContent":42,"aiSummary":43,"trendingCount":15,"starSnapshotCount":15,"syncStatus":44,"lastSyncTime":45,"discoverSource":46},74426,"flare-learning-hub","mandiant\u002Fflare-learning-hub","mandiant","Free educational content on reverse engineering and malware analysis from the FLARE team","",null,"JavaScript",1238,96,18,0,17,31,75,51,96.96,"Apache License 2.0",false,"main",[25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40],"assembly","assembly-language","assembly-language-programming","binary-analysis","c","cyber-security","cybersecurity","flare","go","golang","malware","malware-analysis","reverse-engineering","threat-intelligence","x64","x86","2026-06-12 04:01:15","# FLARE Learning Hub\n![FLARE Learning Hub Logo](.\u002F.github\u002Flogo.png)\n\nThe FLARE Learning Hub freely distributes quality reverse engineering and malware analysis educational content from the [FLARE team](https:\u002F\u002Fcloud.google.com\u002Fsecurity\u002Fflare).\n\nThe FLARE Learning Hub modules are hosted as web-published Google Docs, which are linked in the respective descriptions below. This repository contains all corresponding artifacts for each module, including lab exercise and demonstration binaries, disassembler databases, and scripts.\n\nRefinements to existing modules and new modules will be published on an ongoing basis.\n\n## Available Modules\n* [Malware Analysis Crash Course](#malware-analysis-crash-course)\n* [The Go Reverse Engineering Reference](#the-go-reverse-engineering-reference)\n* [An Introduction to Time Travel Debugging](#an-introduction-to-time-travel-debugging)\n\n## Getting Started\nTo start working on a module, we **strongly recommend** setting up a safely isolated virtual machine (VM) environment using [FLARE-VM](https:\u002F\u002Fgithub.com\u002Fmandiant\u002Fflare-vm), which provides the tools necessary to complete the lab exercises and demonstrations. We also recommend using a virtualization product that supports snapshots, which allows you to record the VM in a clean state and revert to that state when starting a new analysis. All modules currently only support Intel x86-64 environments.\n\n### Working with Distributed Binaries\nWhile all distributed binaries and scripts are crafted for the sole purpose of hands-on exercise and demonstration, they may be flagged as malicious by automated systems as some exhibit malware-like behavior. **This project is not responsible for any damage or loss resulting from executing the binaries and scripts outside of a secured, isolated virtual machine environment.**\n\nThe password for any password-protected ZIPs in this repository is `flare`.\n\n## [Malware Analysis Crash Course](https:\u002F\u002Fdocs.google.com\u002Fdocument\u002Fd\u002F1I83PHeEImWacuQut02VBlkJ2-CJcuTYmt6mxa_xGqlA)\n**Authors: Jae Young Kim and Nick Harbour**\n\n**Module Link: [Malware Analysis Crash Course](https:\u002F\u002Fdocs.google.com\u002Fdocument\u002Fd\u002F1I83PHeEImWacuQut02VBlkJ2-CJcuTYmt6mxa_xGqlA)**\n\n**Module Directory**: `\u002Fmacc`\n\nAs static analysis tools and sandbox products continue to progress, they provide increasingly valuable information about malware binaries. However, when reliability and accuracy are critical, making definitive statements about a malware sample still necessitates a comprehensive understanding of the program through manual reverse engineering.\n\nThis is a crash course on reading, interpreting, and manipulating assembly code, which remains the cornerstone of a reverse engineer’s skill set. By the end of this training, you will have developed the practical skills necessary to begin analyzing typical Windows malware samples.\n\nThe course starts with the basics of x86 assembly and gradually introduces higher-level programming constructs. It also includes the essential Windows knowledge required to begin reversing Windows-based malware.\n\nEmphasizing a learn-by-doing approach, the course progression weaves in numerous assembly hacking exercises. We believe the repetition of writing assembly and debugging the results is the most effective way to quickly master the fundamentals needed to reverse larger, complex programs. The course also features flash quizzes as well as multiple labs with detailed solutions.\n\n## [The Go Reverse Engineering Reference](https:\u002F\u002Fdocs.google.com\u002Fdocument\u002Fd\u002F1AG76FBur7aagm36o-hNbny1X1Q3_IGHEjbP-JDsrJH4)\n**Authors: Jae Young Kim**\n\n**Module Link: [The Go Reverse Engineering Reference](https:\u002F\u002Fdocs.google.com\u002Fdocument\u002Fd\u002F1AG76FBur7aagm36o-hNbny1X1Q3_IGHEjbP-JDsrJH4)**\n\nThe Go Reverse Engineering Reference is a comprehensive reference for reverse engineering Go executables. The reference consists of three sections:\n\n* **Language Reference**: The Language Reference section breaks down each Go language feature and examines how the compiler implements it at the assembly level.  \n* **Runtime Reference**: The Runtime Reference section covers key Go runtime topics (including program initialization, runtime type descriptors, and write barriers) and provides an exhaustive list of compiler-emitted runtime functions with contextual explanations.  \n* **Executable Reference**: The Executable Reference section covers the structure and layout of a Windows Go executable with the goal of identifying and contextualizing every type of data and metadata in a binary.\n\nAll material in this reference is currently restricted to Windows AMD64 executables compiled with [Go version 1.24.0](https:\u002F\u002Fgithub.com\u002Fgolang\u002Fgo\u002Ftree\u002Fgo1.24.0).\n\n## [An Introduction to Time Travel Debugging](https:\u002F\u002Fdocs.google.com\u002Fdocument\u002Fd\u002F15gbXsTtWyxlUr5bxWO0wvWNHDZqxqh_LEqLanyZpdyw)\n**Authors: Josh Stroschein and Jae Young Kim**\n\n**Module Link: [An Introduction to Time Travel Debugging](https:\u002F\u002Fdocs.google.com\u002Fdocument\u002Fd\u002F15gbXsTtWyxlUr5bxWO0wvWNHDZqxqh_LEqLanyZpdyw)**\n\n**Module Directory**: `\u002Fttd`\n\nTime Travel Debugging (TTD), a technology offered by Microsoft as part of WinDbg, records a process’s execution to create a trace file that can be replayed forwards and backwards. Unlike conventional debugging, which only allows for forward execution tracing, TTD's \"rewind\" capability is particularly powerful for malware analysis and reverse engineering. This feature allows an analyst to inspect program behavior over time, significantly speeding up triage by quickly pinpointing malicious events. The ability to step forwards and backwards through execution is also instrumental in understanding and bypassing anti-analysis and obfuscation techniques.\n\nTTD captures a program's execution path and state, creating a trace output through a transparent layer that allows full interaction with the operating system. A trace file preserves an execution record that can be shared with colleagues to facilitate collaboration, circumventing environmental differences that can affect the results of live debugging. Specific points in execution can also be bookmarked and shared to direct a coworker’s analysis. Furthermore, it includes debugger data model objects, enabling users to query the trace with LINQ to find specific events like module loads, shellcode execution, or process injection events.\n\nThis module is an introduction to TTD and its application to Windows malware analysis. The module incorporates a detailed demo and a lab to provide guided, hands-on practice. It also includes a reference for using JavaScript to automate TTD tasks along with several example scripts. By the end of the module, you should be ready to start incorporating this powerful tool into your malware triage workflow and speed up your analysis under complex debugging scenarios.\n\n## Contributions\nWe are not currently accepting contributions to this repository, but any errata, suggestions, and feedback are welcome at flare-learning-hub@google.com.\n\n## Mailing List\nSubscribe to the FLARE mailing list for community announcements by sending an email with the subject \"subscribe\" to [flare-external@google.com](mailto:flare-external@google.com?subject=subscribe&body=subscribe).","FLARE Learning Hub是一个由FLARE团队提供的免费教育内容平台，专注于逆向工程和恶意软件分析。该项目通过一系列模块化的在线文档和相关资源，如实验二进制文件、反汇编数据库及脚本，为学习者提供从基础到高级的全面指导。核心功能包括针对x86-64架构的恶意软件分析速成课程、Go语言逆向工程参考指南以及时间旅行调试介绍等。技术特点在于其内容的专业性和实用性，适合网络安全领域的初学者到专业人士在安全隔离的虚拟机环境中进行实践学习。",2,"2026-06-11 03:50:08","high_star"]